|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Wietse Venema (wietse
porcupine.org)
Date: Thu Sep 20 2007 - 11:26:46 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bill Landry:
> Wietse Venema wrote:
> > Bill Landry:
> >> Mark Martinec wrote:
> >>>>> amavisd unix - - n - 5 smtp
> >>>>> -o disable_mime_output_conversion=yes
> >>>>> ...
> >>>> After adding "smtpd_discard_ehlo_keywords = ('8BITMIME');" to
> >>>> amavisd-new, I realized that I needed to change the last line above to
> >>>> "disable_mime_output_conversion=no" and that seems to have resolved the
> >>>> signing issue I was having with 8bit mail sent from SquirrelMail.
> >>> Right. This option was never suggested for a signing path
> >>> in amavisd-new documentation, quite the opposite.
> >> When I set up the DK and DKIM milters, I followed the advise shown in the
> >> Postfix MILTER_README, which states:
> >>
> >> "Content filters may break domain key etc. signatures. If you use an SMTP-based
> >> content filter, then you should add a line to master.cf with "-
> >> o disable_mime_output_conversion=yes" (note: no spaces around the "="), as
> >> described in the advanced content filter example."
> >
> > This manual is about 8->7 conversion AFTER signing.
> >
> > disable_mime_output_conversion=yes will prevent Postfix from breaking
> > a EXISTING signatures when it sends mail into a filter that is
> > 8-bit clean, but that doesn't announce 8BITMIME support.
> >
> > Mark is concerned with 8->7 conversion BEFORE signing.
> >
> > In that case, converting 8bit to 7bit may be preferable, because
> > mail is less likely do be beoken due to mime conversion elsewhere.
> > This is safe if you are absolutely sure that you're not handling
> > mail that already has some digial signature (PGP clear sign, etc.).
>
> It could be that I am the only one that misunderstood this, but maybe it could
> be more clearly stated in a future update, specifically stating that this
> applies to AFTER signing content filters.
All content filters are "after signing" filters.
Mark is talking about signing filters.
Wietse
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]