Ian Eiloart wrote:
Hector Santos <hsantos(_at_)isdg(_dot_)net> wrote:
DKIM signed Double From ----> Accepted, Resigned by mipassoc.org
Yes, we saw that.
No Signature, Double From ---> Trapped/rejected by mipassoc.org
Really? You tested this? I assumed the message was accepted because it
contained a From: header belonging to a list member. Not because it was
signed.
The list checks the 5321.Mail From address (return path), not the
5322.From.
Yes, tested twice. I got a bounce back from the list saying it was
waiting moderator approval and it gave me the opportunity to click a
URL to cancel the submission.
GMAIL imports it the spam box as a "NO SUBJECT" message because it
stripped all headers and recreates its own.
You will find this common with many MTA that use a "Valid 822 or
2822/5322" detector.
Let me try it again... Yup. I created a 5322 message with two
5322.From and no signature:
------------------------------
ENV-FROM: <hsantos(_at_)isdg(_dot_)net>
ENV-TO: <ietf-dkim(_at_)mipassoc(_dot_)org>
ENV-DATA:
From: President Obama <obama(_at_)whitehouse(_dot_)gov>
Message-ID: <4CAA540B(_dot_)5050605xxxaxdsada(_at_)isdg(_dot_)net>
Date: Mon, 12 Oct 2010 12:24:11 -0400
From: Hector Santos <hsantos(_at_)isdg(_dot_)net>
Subject: Non-signed, double from
User-Agent: Thunderbird 2.0.0.24 (Windows/20100228)
MIME-Version: 1.0
To: ietf-dkim(_at_)mipassoc(_dot_)org
Non-signed, double from
--
HLS
------------------------------
When I put that message in the router outbound spool, the MTA routed
it to mipassoc.org and this is the list approval message I just received:
------------------------------
Received: by winserver.com (Wildcat! SMTP Router v6.3.453.5)
for hsantos(_at_)isdg(_dot_)net; Tue, 12 Oct 2010 12:45:33 -0400
Authentication-Results: dkim.winserver.com;
dkim=pass header.i=mipassoc.org header.d=mipassoc.org header.s=k00001;
adsp=none author.d=mipassoc.org signer.d=mipassoc.org;
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17])
by winserver.com (Wildcat! SMTP v6.3.453.5) with ESMTP
id 1159772343; Tue, 12 Oct 2010 12:45:29 -0400
Received: from sbh17.songbird.com (sbh17.songbird.com [127.0.0.1])
by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id o9CGk3pR011186
for <hsantos(_at_)isdg(_dot_)net>; Tue, 12 Oct 2010 09:46:08 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=mipassoc.org;
s=k00001; t=1286901968; bh=GkF+Zni/AmU95QUngEpyvADEq+U=;
h=MIME-Version:Content-Type:Content-Transfer-Encoding:Subject:
From:To:Message-ID:Date:List-Id:Sender;
b=TF05IDrPNZZkxMxywTFfz8O/w3Hmr/cE42u5jEXBHMX
EYrWHRYjdfdVipu0RZ4kvY8vYtkbsZLHvtqtXdi2cgu16xWxuwltYn/+MmPmEufyu47
GtNzERKTf0Tbp+4Hm8EmjayZI3pP0tlkDrZ+cSkfxwwKOm7EBvF+9xrPlmB1k=
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: Your message to ietf-dkim awaits moderator approval
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
To: hsantos(_at_)isdg(_dot_)net
Message-ID:
<mailman(_dot_)2971(_dot_)1286901961(_dot_)2420(_dot_)ietf-dkim(_at_)mipassoc(_dot_)org>
Date: Tue, 12 Oct 2010 09:46:01 -0700
Precedence: bulk
X-BeenThere: ietf-dkim(_at_)mipassoc(_dot_)org
X-Mailman-Version: 2.1.9
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
X-List-Administrivia: yes
Sender: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
Errors-To: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0
(sbh17.songbird.com [127.0.0.1]); Tue, 12 Oct 2010 09:46:08 -0700 (PDT)
Your mail to 'ietf-dkim' with the subject
(no subject)
Is being held until the list moderator can review it for approval.
The reason it is being held:
Message has implicit destination
Either the message will get posted to the list, or you will receive
notification of the moderator's decision. If you would like to cancel
this posting, please visit the following URL:
http://mipassoc.org/mailman/confirm/ietf-dkim/c3ab82450dcdff2c7e15dcfc1748c57f69c4e956
------------------------------
So this is to show you that it isn't about a receiving MTA not being
compliant with RFC 5322, it is about a DKIM loophole. Thats not to
say any component in the integrated mail network is not responsible
for RFC5322 checking, but DKIM can not expect everyone to do it right,
thus it needs to check for itself.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html