From: Mark Martinec (Mark.Martinec+postfixijs.si)
Date: Tue Jul 31 2007 - 05:22:29 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Monday July 30 2007 23:58:04 Jim Fenton wrote:
> There are three bugs (all resolved) relating to Content-Type issues:
> CSCsh33982 (E)SMTP Multiple Content-Type headers check is wrong
> CSCsi01498 ESMTP inspect cannot handle content-type string in DKIM headers
> CSCdi23740 ESMTP inspect does not match content-type properly in mail
> headers

Thanks, most useful - at least we know now what we are dealing with.

> If you're able to find out what version of code is being run by any of
> these sites, I'd be interested in knowing.

Getting in touch with a person responsible for a firewall appears
to be quite difficult. Seems like the more aware sites don't have
'smtp fixup' enabled and run some decent version of MTA, and other
sites don't know what we are talking about or just don't care
("it's your mail that is broken"), and the most they are willing
to do is to turn off fixup :)

> Another possible workaround when using the dkim-filter milter might be
> to invoke it with -o Content-Type in order to omit that header field
> from the signature (and therefore, from the header field list in the
> DKIM signature). I wouldn't advocate that for the long term; signing
> Content-Type is definitely the right thing to do.

Now that bug numbers are known, my strategy will be to continue
signing Content-Type, and on noticing a stuck mail I'll be able
to send to administrator (or recipient) a notification with a
crippled signature, pointing out the problem. It's acceptable
for a medium-sized site like ours, but I can understand it would
not be a viable strategy for a large ISP.

  Mark

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]