Web lists-archives.com

Re: Proof of concept: Mailing list "software" without MTA




On Friday, October 26, 2018 01:50:22 AM Reco wrote:
> On Thu, Oct 25, 2018 at 05:57:04PM -0400, rhkramer@xxxxxxxxx wrote:
< darn, I lost one of the "citations" -- can't think of the right word -- I 
think it was Reco who wrote:>

> > > It says here what you've used Google's MTA.
> > > It even has correct DKIM signature, and that's something that means you
> > > haven't forged the headers.
> > 
> > That's interesting, because I have at least somewhat modified the
> > headers.
> 
> Whatever you did with e-mail locally - i.e. before giving it to Google
> to deliver - does not break DKIM. DKIM is computed by MTA.
> 

Ahh, ok, thanks.


> > > 
> > > SpamAssassin, anyone?
> > 
> > I don't know if I could invoke SpamAssassin on yahoo's mail lists (but,
> > of course, I could invoke it on any thing I run or build locally).
> 
> The trick here is to have full e-mail (RFC822 headers and body) locally.
> It's my understanding that you have that.

Yes, of course. ;-)

> > > formail from procmail or reformail from maildrop.
> > > And changing existing Message-ID header is a really bad idea.
> > 
> > Well, I wasn't sure how mail lists normally handle that -- clearly the
> > message has a MessageId when sent from the subscriber -- I would have
> > guessed the mail list would use a different MessageID when forwarding it
> > (sending it) to other subscribers, especially recognizing that the text
> > and such do get some changes.
> 
> Your e-mail contains this, along the other things:
> 
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
>         d=gmail.com; s=20161025;
>        
> h=from:to:subject:date:user-agent:references:in-reply-to:mime-version
> 
>         :content-transfer-encoding:message-id;
> 
>         ...
> 
> That means that Google vouched that all e-mail headers listed in "h=",
> including Message-ID are legit.
> Any e-mail receiver including debian-user's MTA (bendel.debian.org) can
> verify that header (bendel does).
> Changing any DKIM-protected header will break DKIM signature, and that
> means such e-mail can be rightfully rejected by receiver.
> 
> But wait, there's more. Message-ID has special meaning - replying
> e-mails can reference it. You change Message-ID - you break threading.

Ahh, yes, I don't want to break threading.

Thanks for all the clarifications!