From: Bill Landry (billinetmsg.com)
Date: Thu Sep 20 2007 - 10:54:53 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Wietse Venema wrote:
> Bill Landry:
>> Mark Martinec wrote:
>>>>> amavisd unix - - n - 5 smtp
>>>>> -o disable_mime_output_conversion=yes
>>>>> ...
>>>> After adding "smtpd_discard_ehlo_keywords = ('8BITMIME');" to
>>>> amavisd-new, I realized that I needed to change the last line above to
>>>> "disable_mime_output_conversion=no" and that seems to have resolved the
>>>> signing issue I was having with 8bit mail sent from SquirrelMail.
>>> Right. This option was never suggested for a signing path
>>> in amavisd-new documentation, quite the opposite.
>> When I set up the DK and DKIM milters, I followed the advise shown in the
>> Postfix MILTER_README, which states:
>>
>> "Content filters may break domain key etc. signatures. If you use an SMTP-based
>> content filter, then you should add a line to master.cf with "-
>> o disable_mime_output_conversion=yes" (note: no spaces around the "="), as
>> described in the advanced content filter example."
>
> This manual is about 8->7 conversion AFTER signing.
>
> disable_mime_output_conversion=yes will prevent Postfix from breaking
> a EXISTING signatures when it sends mail into a filter that is
> 8-bit clean, but that doesn't announce 8BITMIME support.
>
> Mark is concerned with 8->7 conversion BEFORE signing.
>
> In that case, converting 8bit to 7bit may be preferable, because
> mail is less likely do be beoken due to mime conversion elsewhere.
> This is safe if you are absolutely sure that you're not handling
> mail that already has some digial signature (PGP clear sign, etc.).

It could be that I am the only one that misunderstood this, but maybe it could
be more clearly stated in a future update, specifically stating that this
applies to AFTER signing content filters.

Bill

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]