Re: Disclaimer added post signing

From: Lucius Rizzo <>
Date: Mon, 10 Feb 2014 19:36:50 +0000

Murray S. Kucherawy wrote:
> On Mon, 10 Feb 2014, Lucius Rizzo wrote:
> >We are currently using Barracuda and Mailborder in a complex environment
> >as our mail filtering incoming and outgoing servers. The admin interface
> >at Barracuda allows for a disclaimer to be added to all outgoing mail.
> >
> >This however breaks DKIM as the signed email is modified post
> >delivery/signage and the verification fails. If it turn it off, it works
> >well. My current plan is to add it via milter in sendmail so that the DKIM
> >results pass.
> >
> >Is there anyone else who has come across this or know a way to avoid
> >adding it in the milter and leaving it at the outgoing MX?
> You can use the DKIM feature that limits the signature to cover only the
> content it saw, meaning added text won't break the signature. There's an
> obvious attack though in that someone could take a message signed as you and
> append anything they want to it, and the signature (yours) will still pass.
> If you really want to do this with OpenDKIM, the BodyLengthDB setting is
> what you're after. See opendkim.conf(5) for details.

Oh awesome. ATM it is undefined but the options are:

BodyLengthDB dataset

What should I set this variable to in order for disclaimer to be added
post signage?

Thank you again -- this reduces another milter I would have needed to
add to sendmail..

|     _o    _ |_)o_ _  _  
|_|_|(_||_|_> | \|/_/_(_) - Lucius.Tel
++ Perhaps no person can be a poet, or even enjoy poetry without a certain ++
++ unsoundness of mind. ++
++                                 		-- Thomas Macaulay ++
Received on Mon Feb 10 2014 - 19:37:12 PST

This archive was generated by hypermail 2.3.0 : Mon Feb 10 2014 - 19:45:01 PST