Security of the X-Djigzo-Info-* headers?

Does djigzo/ciphermail clear any X-Djigzo-Info-* headers it find in any mails before doing anything?

If a impostor put headers in the mail:
X-Djigzo-Info-Signer-Verified-0-0: true
X-Djigzo-Info-Signer-Trusted-0-0: true

before sending, and ciphermail does not clear these, a MUA can be tricked into displaying to a end user that the mail was securely signed, when it was not.

Yes, I know that Ciphermail will always add these headers when a PGP or SMIME mail arrives, so if a impostor both falsely S/MIME sign a message (for example with an untrusted cert) *and* tries to add false headers, the resulting mail will get double X-Djigzo-Info-* headers that the MUA can raise an alert on since one of the headers are obviously fake.

But if a impostor adds these headers to an unsigned mail, where Djigzo does not add any headers, the user can think the mail is signed, if Djigzo does not clear these headers before processing the email.

Best regards, Sebastian Nielsen

Hi Sebastian,

These headers are cleared for email sent to internal users with the
following rule (see config.xml)

<!-- remove all X-Djigzo-* headers for incoming email -->
<mailet match="All" class="RemoveHeaders">
    <pattern>(?i)^X-Djigzo.*</pattern>
</mailet>

Kind regards,

Martijn Brinkers

Hello,

correct me if i'm wrong but i don't know any MUA which care about
special X-Header at all, no?

Regards

Andreas

Afaik most (if not all) MUA will not show any X-Header value unless you
instruct it to do do. If however you want to have a rule which does
something with the email based on some value of an X-Djigzo-* header,
then you want to make sure that an external sender cannot forge such a
header. For example, if you want to remove the signature of incoming
email but still want to handle the mail differently if the mail was
signed with a trusted certificate or not, you can use the X-Djigzo-* to
match on the email which was correctly signed.

Kind regards,

Martijn Brinkers