Hello
today i got a mail fro a well known German Trustcenter with a invalid
signature warning (content altered). A former mail to an other account
from the same Trustcenter was valid. On inspection it looks like
someone altered the encoding because the valid mail has
"Content-Transfer-Encoding: 8bit" and the broken one
"Content-Transfer-Encoding: quoted-printable". As far as i know a SMTP
server should only pass 8bit if the remote site announces 8BITMIME, so
i suspect this is the trouble maker because neither Djigzo nor our
Virus scan announces 8BITMIME 
Any comments on this?
Regards
Andreas
today i got a mail fro a well known German Trustcenter with a invalid
signature warning (content altered). A former mail to an other account
from the same Trustcenter was valid. On inspection it looks like someone
altered the encoding because the valid mail has
"Content-Transfer-Encoding: 8bit" and the broken one
"Content-Transfer-Encoding: quoted-printable". As far as i know a SMTP
server should only pass 8bit if the remote site announces 8BITMIME, so i
suspect this is the trouble maker because neither Djigzo nor our Virus
scan announces 8BITMIME 
Any comments on this?
The application that added the signature is not RFC 3851 compliant.
before signing a message the mail agent should convert 8bit mime bodies
to 7bit. This is important because if SMTP sees that a server does not
support 8bit, it should convert the message to 7bit. Because of this
conversion the message has been changed and therefore the signature is
no longer valid. So the trouble maker is the application that signed the
message :). The problem is that there is not much you can do. In
principle you can disable the conversion from 8bit to 7bit in your own
gateway (not that I recommend that 
but you cannot control other
intermediate gateways.
Kind regards,
Martijn
···
--
Djigzo open source email encryption
Zitat von Martijn Brinkers <martijn(a)djigzo.com>:
today i got a mail fro a well known German Trustcenter with a invalid
signature warning (content altered). A former mail to an other account
from the same Trustcenter was valid. On inspection it looks like someone
altered the encoding because the valid mail has
"Content-Transfer-Encoding: 8bit" and the broken one
"Content-Transfer-Encoding: quoted-printable". As far as i know a SMTP
server should only pass 8bit if the remote site announces 8BITMIME, so i
suspect this is the trouble maker because neither Djigzo nor our Virus
scan announces 8BITMIME
Any comments on this?
The application that added the signature is not RFC 3851 compliant.
before signing a message the mail agent should convert 8bit mime bodies
to 7bit. This is important because if SMTP sees that a server does not
support 8bit, it should convert the message to 7bit. Because of this
conversion the message has been changed and therefore the signature is
no longer valid. So the trouble maker is the application that signed the
message :). The problem is that there is not much you can do. In
principle you can disable the conversion from 8bit to 7bit in your own
gateway (not that I recommend that but you cannot control other
intermediate gateways.
Lead me straight to another question: What does Djigzo do if it is
feed with 8bit content to sign? Oh, wait... It does not announce
8BITMIME so this should not happen at all, no?
Regards
Andreas
Yes you are right. The caller should convert it to 7bit so the
signing/encryption engine only sees 7bit messages :). However lets
suppose that the caller does not convert the message to 7bit. Postfix
will receive the message and the message will then be send to the
internal SMTP (the after queue filter). Because the internal SMTP server
does not announce 8bit, Postfix will convert it to 7bit and therefore
all email will be converted to 7bit before signing.
Kind regards,
Martijn
···
On 01/-10/-28163 08:59 PM, lst_hoe02(a)kwsoft.de wrote:
Zitat von Martijn Brinkers <martijn(a)djigzo.com>:
today i got a mail fro a well known German Trustcenter with a invalid
signature warning (content altered). A former mail to an other account
from the same Trustcenter was valid. On inspection it looks like someone
altered the encoding because the valid mail has
"Content-Transfer-Encoding: 8bit" and the broken one
"Content-Transfer-Encoding: quoted-printable". As far as i know a SMTP
server should only pass 8bit if the remote site announces 8BITMIME, so i
suspect this is the trouble maker because neither Djigzo nor our Virus
scan announces 8BITMIME
Any comments on this?
The application that added the signature is not RFC 3851 compliant.
before signing a message the mail agent should convert 8bit mime bodies
to 7bit. This is important because if SMTP sees that a server does not
support 8bit, it should convert the message to 7bit. Because of this
conversion the message has been changed and therefore the signature is
no longer valid. So the trouble maker is the application that signed the
message :). The problem is that there is not much you can do. In
principle you can disable the conversion from 8bit to 7bit in your own
gateway (not that I recommend that but you cannot control other
intermediate gateways.
Lead me straight to another question: What does Djigzo do if it is feed
with 8bit content to sign? Oh, wait... It does not announce 8BITMIME so
this should not happen at all, no?
--
Djigzo open source email encryption
If you really really do not want the conversion from 8bit to 7bit
(because the sender won't fix their app) you might try disabling the
conversion to 7bit by adding "disable_mime_output_conversion" to your
postfix configuration.
Kind regards,
Martijn
···
On 01/-10/-28163 08:59 PM, Martijn Brinkers wrote:
On 01/-10/-28163 08:59 PM, lst_hoe02(a)kwsoft.de wrote:
Zitat von Martijn Brinkers <martijn(a)djigzo.com>:
today i got a mail fro a well known German Trustcenter with a invalid
signature warning (content altered). A former mail to an other account
from the same Trustcenter was valid. On inspection it looks like someone
altered the encoding because the valid mail has
"Content-Transfer-Encoding: 8bit" and the broken one
"Content-Transfer-Encoding: quoted-printable". As far as i know a SMTP
server should only pass 8bit if the remote site announces 8BITMIME, so i
suspect this is the trouble maker because neither Djigzo nor our Virus
scan announces 8BITMIME
Any comments on this?
The application that added the signature is not RFC 3851 compliant.
before signing a message the mail agent should convert 8bit mime bodies
to 7bit. This is important because if SMTP sees that a server does not
support 8bit, it should convert the message to 7bit. Because of this
conversion the message has been changed and therefore the signature is
no longer valid. So the trouble maker is the application that signed the
message :). The problem is that there is not much you can do. In
principle you can disable the conversion from 8bit to 7bit in your own
gateway (not that I recommend that but you cannot control other
intermediate gateways.
Lead me straight to another question: What does Djigzo do if it is feed
with 8bit content to sign? Oh, wait... It does not announce 8BITMIME so
this should not happen at all, no?
Yes you are right. The caller should convert it to 7bit so the
signing/encryption engine only sees 7bit messages :). However lets
suppose that the caller does not convert the message to 7bit. Postfix
will receive the message and the message will then be send to the
internal SMTP (the after queue filter). Because the internal SMTP server
does not announce 8bit, Postfix will convert it to 7bit and therefore
all email will be converted to 7bit before signing.
--
Djigzo open source email encryption