Re: Proof of concept: Mailing list "software" without MTA
- Date: Fri, 26 Oct 2018 17:56:15 -0400
- From: rhkramer@xxxxxxxxx
- Subject: Re: Proof of concept: Mailing list "software" without MTA
On Friday, October 26, 2018 01:50:22 AM Reco wrote:
> On Thu, Oct 25, 2018 at 05:57:04PM -0400, rhkramer@xxxxxxxxx wrote:
< darn, I lost one of the "citations" -- can't think of the right word -- I
think it was Reco who wrote:>
> > > It says here what you've used Google's MTA.
> > > It even has correct DKIM signature, and that's something that means you
> > > haven't forged the headers.
> > That's interesting, because I have at least somewhat modified the
> > headers.
> Whatever you did with e-mail locally - i.e. before giving it to Google
> to deliver - does not break DKIM. DKIM is computed by MTA.
Ahh, ok, thanks.
> > >
> > > SpamAssassin, anyone?
> > I don't know if I could invoke SpamAssassin on yahoo's mail lists (but,
> > of course, I could invoke it on any thing I run or build locally).
> The trick here is to have full e-mail (RFC822 headers and body) locally.
> It's my understanding that you have that.
Yes, of course. ;-)
> > > formail from procmail or reformail from maildrop.
> > > And changing existing Message-ID header is a really bad idea.
> > Well, I wasn't sure how mail lists normally handle that -- clearly the
> > message has a MessageId when sent from the subscriber -- I would have
> > guessed the mail list would use a different MessageID when forwarding it
> > (sending it) to other subscribers, especially recognizing that the text
> > and such do get some changes.
> Your e-mail contains this, along the other things:
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
> d=gmail.com; s=20161025;
> That means that Google vouched that all e-mail headers listed in "h=",
> including Message-ID are legit.
> Any e-mail receiver including debian-user's MTA (bendel.debian.org) can
> verify that header (bendel does).
> Changing any DKIM-protected header will break DKIM signature, and that
> means such e-mail can be rightfully rejected by receiver.
> But wait, there's more. Message-ID has special meaning - replying
> e-mails can reference it. You change Message-ID - you break threading.
Ahh, yes, I don't want to break threading.
Thanks for all the clarifications!