You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@spamassassin.apache.org on 2020/06/16 21:20:58 UTC
[Bug 7827] New: SpamAssassin reports DKIM invalid when email
contains attachment
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7827
Bug ID: 7827
Summary: SpamAssassin reports DKIM invalid when email contains
attachment
Product: Spamassassin
Version: 3.4.2
Hardware: PC
OS: Windows NT
Status: NEW
Severity: normal
Priority: P2
Component: Plugins
Assignee: dev@spamassassin.apache.org
Reporter: data.protection.gdpr@gmail.com
Target Milestone: Undefined
Hello,
I've been noticing that pretty much every email that contains an attachment,
even if coming from @outlook.com or @gmail.com, for example, is marked with
DKIM invalid.
The emails are 100% legit, because I reply to them and receive a reply. And,
the emails without attachment are marked as DKIM valid.
I use the Mail::SpamAssassin::Plugin::DKIM extension of SpamAssassin, which
adds DKIM_INVALID & DKIM_SIGNED to the X-Spam-Status header.
header __DKIM_EXISTS exists:DKIM-Signature
meta DKIM_INVALID !__DKIM_EXISTS || !DKIM_VALID
describe DKIM_INVALID DKIM-Signature header does not exist or is not valid
score DKIM_INVALID 5.0
And the emails do have DKIM header, but SpamAssassin sees them as invalid:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
...
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20161025;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
...
Thanks!
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7827] SpamAssassin reports DKIM invalid when email contains
attachment
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7827
Bill Cole <bi...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |billcole@apache.org
Resolution|--- |INVALID
Status|NEW |RESOLVED
--- Comment #1 from Bill Cole <bi...@apache.org> ---
1. This cannot be considered a SpamAssassin bug unless you have some other
trustworthy DKIM signature verifier which validates a signed message that SA
deems invalid.
2. Mail systems routinely make harmless changes to email which break DKIM
signatures. This can include an encoding change that may be necessary to
transport a binary attachment over Internet email.
3. It is literally impossible to diagnose your problem without a specific
UNMODIFIED complete example.
4. This is the sort of probable non-bug problem which should be better
addressed on the SpamAssassin Users mailing list.
5. Redefining & rescoring DKIM_INVALID as you have done is deeply unwise. The
definition in the default ruleset only hits on signed messages whose signature
does not validate and it is scored at 0.1 because of the common problem of DKIM
signatures breaking in transit. Marking every unsigned email and every signed
email with a broken signature as spam (i.e. with a 5.0 score as your rule does)
is a choice to intentionally mislabel mail.
--
You are receiving this mail because:
You are the assignee for the bug.