Loading ...
Sorry, an error occurred while loading the content.

is 7bit conversion logged?

Expand Messages
  • A. Schulze
    Hello, it may happen that postfix announce 8BITMIME SMTP extension and clients use that by submitting messages it may happen postfix has to relay such messages
    Message 1 of 6 , Jul 12 7:22 AM
    • 0 Attachment
      Hello,

      it may happen that postfix announce 8BITMIME SMTP extension and
      clients use that by submitting messages
      it may happen postfix has to relay such messages to a legacy server
      not supporting that extension.
      in this case postfix will recode the message.

      it that situation visible in the logfile?

      I like to do some statistical analyses how often my MTAs will destroy
      DKIM signatures for example.

      Are there other situations postfix has to recode a message?

      Thanks & nice weekend
      Andreas
    • Viktor Dukhovni
      ... The transformation is lossless. ... No. ... Sing after 7-bit downgrade, and DKIM signatures will never be broken. ... No. -- Viktor.
      Message 2 of 6 , Jul 12 4:40 PM
      • 0 Attachment
        On Sat, Jul 12, 2014 at 04:22:57PM +0200, A. Schulze wrote:

        > it may happen that postfix announce 8BITMIME SMTP extension and clients use
        > that by submitting messages
        > it may happen postfix has to relay such messages to a legacy server not
        > supporting that extension.
        > in this case postfix will recode the message.

        The transformation is lossless.

        > it that situation visible in the logfile?

        No.

        > I like to do some statistical analyses how often my MTAs will destroy DKIM
        > signatures for example.

        Sing after 7-bit downgrade, and DKIM signatures will never be broken.

        > Are there other situations postfix has to recode a message?

        No.

        --
        Viktor.
      • Richard Damon
        ... Victor has indicated that you can t tell from the logs that this has happened, but here are some ideas of how to get around the problem. IF you can tell by
        Message 3 of 6 , Jul 12 5:16 PM
        • 0 Attachment
          On 7/12/14, 10:22 AM, A. Schulze wrote:
          > Hello,
          >
          > it may happen that postfix announce 8BITMIME SMTP extension and
          > clients use that by submitting messages
          > it may happen postfix has to relay such messages to a legacy server
          > not supporting that extension.
          > in this case postfix will recode the message.
          >
          > it that situation visible in the logfile?
          >
          > I like to do some statistical analyses how often my MTAs will destroy
          > DKIM signatures for example.
          >
          > Are there other situations postfix has to recode a message?
          >
          > Thanks & nice weekend
          > Andreas
          Victor has indicated that you can't tell from the logs that this has
          happened, but here are some ideas of how to get around the problem.

          IF you can tell by the recipient domain that it might need to go to the
          legacy server, point those domains to a different MTA that doesn't
          promise 8BIT compatibility so the send will do the conversion to 7BIT,
          and hopefully sign after they do the conversion.

          Verify the signature before conversion, and then add a header that you
          sign to indicate that you have verified the sender. Hopefully you can
          tell the legacy server that it can trust you on this.

          Add a header to the message to indicate that postfix recoded the message
          and have the legacy server (or whatever) undo the encoding before
          checking the signature.

          --
          Richard Damon
        • Andreas Schulze
          ... impossible because I m not the originator but provide only a relay service. ... good Thanks, Andreas
          Message 4 of 6 , Jul 13 3:22 AM
          • 0 Attachment
            Viktor Dukhovni:
            > > I like to do some statistical analyses how often my MTAs will destroy DKIM
            > > signatures for example.
            >
            > Sing after 7-bit downgrade, and DKIM signatures will never be broken.
            impossible because I'm not the originator but provide only a relay service.

            > > Are there other situations postfix has to recode a message?
            > No.
            good


            Thanks,
            Andreas
          • Viktor Dukhovni
            ... On an inbound relay you might add Authentication-Result headers that might be trusted by downstream systems. On an outbound relay, the responsibility to
            Message 5 of 6 , Jul 13 5:21 AM
            • 0 Attachment
              On Sun, Jul 13, 2014 at 12:22:02PM +0200, Andreas Schulze wrote:

              > > Sign after 7-bit downgrade, and DKIM signatures will never be broken.
              >
              > Impossible because I'm not the originator but provide only a relay service.

              On an inbound relay you might add Authentication-Result headers
              that might be trusted by downstream systems.

              On an outbound relay, the responsibility to sign after 7bit conversion
              falls on the upstream system. The relay has no choice but to downgrade.
              Presumbly systems that don't advertise 8bit support are less likely to
              perform DKIM signature checks.

              --
              Viktor.
            • Benny Pedersen
              ... use this here before signing with opendkim https://groups.google.com/forum/#!topic/mailing.unix.amavis-user/8QmUH9fkpNQ just not on incomming on port 25
              Message 6 of 6 , Jul 13 6:25 AM
              • 0 Attachment
                Andreas Schulze skrev den 2014-07-13 12:22:
                > Viktor Dukhovni:
                >>> I like to do some statistical analyses how often my MTAs will destroy
                >>> DKIM
                >>> signatures for example.
                >> Sing after 7-bit downgrade, and DKIM signatures will never be broken.
                > impossible because I'm not the originator but provide only a relay
                > service.

                use this here before signing with opendkim

                https://groups.google.com/forum/#!topic/mailing.unix.amavis-user/8QmUH9fkpNQ

                just not on incomming on port 25

                >>> Are there other situations postfix has to recode a message?
                >> No.
                > good

                +1
              Your message has been successfully submitted and would be delivered to recipients shortly.