Bug#567876: DKIM-related failures should not end up in the panic log
Andreas Metzler
ametzler at downhill.at.eu.org
Mon Feb 1 19:11:04 UTC 2010
On 2010-02-01 Florian Weimer <fw at deneb.enyo.de> wrote:
> * Andreas Metzler:
>> This was also discussed upstream, ending with:
>> ----------------------------------------------------------
>> On 2009-12-18 Kerstin Espey wrote
>>> Am Donnerstag, 17. Dezember 2009 schrieb Tom Kistner:
>> [...]
>>>> Looking through the code, these are the most likely causes for the
>>>> failures:
>>>> 1) The message has more than 512 headers.
>>>> 2) The message contains a single line longer than 16k bytes.
>> ----------------------------------------------------------
>> Looks like restricting the error to main_log is the right thing to do.
> Thanks for tracking this down.
> Can this be used to bypass DKIM-based filters? This would be a bit
> problematic.
Hello,
I do not think so, for exim the message should look as if it did not
have any DKIM signature, which can be accomplished a lot more easily
by inserting a message without signature. Sure, it would not detect a
invalid DKIM signature for the message, but exim would not mark it as
checked and valid either.
cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-exim4-maintainers
mailing list