LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 01-08-2010, 01:31 PM   #1
mnauta
Member
 
Registered: Apr 2003
Posts: 152

Rep: Reputation: Disabled
Email Dkim-signature


I have an issue with a state agency that emails our organization on a regular basis but there is a typo in the Dkim signature. The word Class has a space in it "Cl ass". This gets picked up by our spam/virus scan server and the emails get rejected because of the word ass.

The sender agency does not seem to know how to fix it, they claim that when it leaves their mail server it does not contain the typo. I don't want to white list their domain.

I don't know enough about email and Dkim signatures how they get generated and if they get changed on each hop to tell them how to fix it?

Here is the email header:

Code:
From: 	tease@tea.state.tx.us
	Subject: 	You have pending TEA SE  requests
	Date: 	November 6, 2009 5:26:18 AM CST
	To: 	userX@cisaustin.org
	Return-Path: 	<prvs=1554bc2ad8=tease@tea.state.tx.us>
	Received: 	from scmgateway.cisaustin.org ( [192.168.1.254]) by sxmail.cisaustin.org (Scalix SMTP Relay 11.4.0.11669) via ESMTP; Fri, 20 Nov 2009 11:01:02 -0600 (CST)
	Received: 	from hopkins.tea.state.tx.us(198.214.98.149) by scmgateway.cisaustin.org via smtp id 691c_3557ce82_cac7_11de_9916_00142279d3ae; Fri, 06 Nov 2009 05:26:38 -0600
	Received: 	from ([198.214.99.237]) by hopkins.tea.state.tx.us with ESMTP  id 5503449.235501094; Fri, 06 Nov 2009 05:26:18 -0600
	Received: 	from seguin ([127.0.0.1]) by seguin.tea.state.tx.us with Microsoft SMTPSVC(6.0.3790.3959); Fri, 6 Nov 2009 05:26:18 -0600
	Message-Id: 	<34FC77AE8C1E4A14A622DBE8891518C2@tea.state.tx.us>
	Importance: 	normal
	Priority: 	normal
	Dkim-Signature: 	a=rsa-sha1; d=tea.state.tx.us; s=TEA; c=simple/simple; q=dns; t=1257506779; x=1257593179; h=From:Date:Subject:Message-ID:Content-Type:Content-Transfer-Encoding:Content-Cl ass; b=bYLAMu8xhoTcKWkvKMCBeou0C0wvaUn3NAqhHLBCdZS2lTYIAqMGD1ttEOSFD0ikFb1JdQPOnc4tHp Gjc3uWyA==
	Thread-Index: 	Acpe0/V0lwrIGxWRQw6JNt46NobUFg==
	Thread-Topic: 	You have pending TEA SE  requests
	X-Mailer: 	SCM
	X-Nai-X-Mailer: 	Microsoft CDO for Windows 2000
	X-Mimeole: 	Produced By Microsoft MimeOLE V6.00.3790.4325
	X-Originalarrivaltime: 	06 Nov 2009 11:26:18.0265 (UTC) FILETIME=[F5749890:01CA5ED3]
	Mime-Version: 	1.0
	Content-Class: 	urn:content-classes:message
	Content-Type: 	text/plain; charset="US-ASCII"
Any suggestions on how to fix a problem like this?

Thanks
 
Old 01-17-2010, 05:33 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598Reputation: 3598
Looking at RFC 5585 a DKIM signature is added by the senders MUA and further processed sender-side by their MSA or MTA. Since the DKIM-sig validates the sender domain it should not be modified in transit. The length of the DKIM header is 283 chars. The gap occurs at 170 chars which is well within the limit RFC 2822 suggests for line length (998 chars) so apart from questioning if the DKIM header was composed only of printable US-ASCII characters (use of c=simple/simple suggests header names and values are left untouched) and their implementation (it is suggested to treat the DKIM-sig as a trace header field meaning it being added before any "Received" header fields) the only other thing I notice is their use of mcrsft prdcts which are known for violating RFC's.

Quote:
Originally Posted by mnauta View Post
Any suggestions on how to fix a problem like this?
Since the DKIM-sig is added by the sender, they are responsible for it being RFC-compliant. Easy for me to say but I say let them fix it. (Mind you, strictly speaking anything you do to "correct" their the message could be considered tampering, right?)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Evolution Email Client - Signature Question Wheat_Thins Linux - Software 6 05-20-2019 03:28 AM
LXer: Set Up DKIM For Multiple Domains On Postfix With dkim-milter 2.8.x (CentOS 5.3) LXer Syndicated Linux News 0 09-07-2009 06:20 PM
Sendmail - dkim-filter problem. Test : fail (signature doesn' verify) ethic Linux - Server 0 05-15-2009 01:16 PM
LXer: Set Up DKIM On Postfix With dkim-milter (CentOS 5.2) LXer Syndicated Linux News 0 04-06-2009 12:30 PM
Understanding digital signature and email calande General 3 11-10-2007 07:43 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 04:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration