DKIM Deployment

[Jose-Marcio Martins da Cruz <>]

Dave CROCKER wrote:
> a receiving sendmail "replaces" the contents of message header fields?  
> It should not do that.

Yes !

A real example (a list server running sympa...) :

listes.com.univmed.fr.  63243   IN      CNAME   listes.univmed.fr.
listes.univmed.fr.      63243   IN      A       139.124.132.115

This is a valid mail server as it meets the above statement of RFC 1912 
(listes.com.univmed.fr. CNAME is the only DNS record).

Messages from this mail server passing through a sendmail server 
(default configuration) will have headers with listes.com.univmed.fr 
replaced by listes.univmed.fr

> or are you saying that a sending sendmail will replace the contents?  
> Presumably you are saying that this happens after DKIM signing, when it 
> should happen before.
>
> d/
>
> On 4/23/2010 7:04 AM, Jose-Marcio Martins da Cruz wrote:
> > Hello,
> >
> > I've just felt on a problem with CNAMES, not related to DKIM, but which
> > can have some implications.
> >
> > Well, the *default* sendmail configuration has confDONT_EXPAND_CNAMES.
> > Brian Costales Bat Book recommends to change the default configuration
> > to True, which most people don't, as this isn't the default value.
> >
> > So, consider a hostname defined as (hopefully, there aren't too many) :
> >
> > lists-one.domain.com. CNAME lists.domain.com.
> > lists.domain.com. A 1.2.3.4
> >
> > When sendmail receives this, with the default configuration option it
> > will replace the contents of headers (To:, CC: and probably others too)
> > referencing list-one.domain.com to lists.domain.com.
> >
> > And this can break DKIM signature.
> >
> > Did someone other than me already found this ?
> >
> > Regards
> >
> > José-Marcio


--
 ---------------------------------------------------------------
 Jose Marcio MARTINS DA CRUZ           http://j-chkmail.ensmp.fr
 Ecole des Mines de Paris
 60, bd Saint Michel                      75272 - PARIS CEDEX 06
 
mailto: