|Regular Expression||Nov 28, 2000 12:26 am|
|Sam Varshavchik||Nov 28, 2000 2:45 pm|
|Simon Josefsson||Nov 29, 2000 7:41 am|
|xeg...@xeger.net||Nov 29, 2000 5:51 pm|
|xeg...@xeger.net||Nov 29, 2000 6:10 pm|
|Sam Varshavchik||Nov 29, 2000 7:46 pm|
|xeg...@xeger.net||Nov 29, 2000 8:44 pm|
|Sam Varshavchik||Nov 30, 2000 2:46 pm|
|Subject:||RE: [courier-users] Re: Problems with S/MIME and Courier ESMTP daemon|
|Date:||Nov 29, 2000 5:51:42 pm|
I've done some more digging on this one--setting MIME=none in the esmtpd
configuration file doesn't help. Looking at the message as it's put in a user's
Maildir, the MIME object itself is extremely simple, consisting of a boundary
string on either side, a single line of header, a blank line, and the content. I
haven't checked that against an original yet to see how it's been rewritten, but
it occurs to me that there's not much for Courier to rewrite here...and yes,
it's true that Courier can rewrite the rest of the message to its heart's
content, as long as it doesn't touch anything inside the actual signed MIME
object. (It could even rewrite headers on the signature and it would still
verify just dandy.)
-----Original Message----- From: cour...@lists.sourceforge.net [mailto:cour...@lists.sourceforge.net]On Behalf Of Simon Josefsson Sent: Wednesday, November 29, 2000 7:42 AM To: cour...@lists.sourceforge.net Subject: Re: [courier-users] Re: Problems with S/MIME and Courier ESMTP daemon
Sam Varshavchik <mrs...@courier-mta.com> writes:
Unfortunately, mail relays rewrite or modify headers all the time. Most just prepend an extra Received header. Some will append a Message-ID: header or a Date: header if one is missing. Some will automatically wrap long header lines into a smaller physical line size. Additionally, MIME does not impose any actual relative position of multiple MIME headers, so they can be freely reordered.
Courier chooses to rewrite mail headers more often than other MTAs, and its rewriting tends to be more aggressive, hence you'll see this problem more often with Courier, but, given enough time, you'll eventually get S/MIME corruption with other mail servers too.
I am not sure if S/MIME allows only the message content to be signed, or if mail headers must be included in the crypto signature. If they must, S/MIME will then appear to be a fundamentally broken standard that should not be used.
They don't. Only the MIME object is used to calculate the signature. The MIME object is then wrapped in a multipart/signed MIME object with exactly two members -- the original MIME object and the signature part.
This is natural since S/MIME is not particular to RFC822 or mail, but could be used with any MIME transport.
Since the signature is calculated on the MIME object, the MIME headers must not be modified or the signature would need to be recalculated.
IMHO it would be good if the default for Courier was to not modify MIME-headers within the non-signature MIME object of a multipart/signed part. Doing so will almost always corrupt the signature. (Of course, I wouldn't want a MTA to rewrite mail _at all_, but this is subject to personal preferences.)
PGP/GPG-signed messages are recommended instead.
PGP/MIME has the same problem, and I've never seen cleartext PGP/GPG interopate with MIME well. So this recommendation is only good if you don't use MIME at all.
_______________________________________________ courier-users mailing list cour...@lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/courier-users