You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Paul Chown (Jira)" <se...@james.apache.org> on 2022/04/05 21:40:00 UTC
[jira] [Created] (JAMES-3742) MIME-Version header is changed, breaking DKIM signatures
Paul Chown created JAMES-3742:
---------------------------------
Summary: MIME-Version header is changed, breaking DKIM signatures
Key: JAMES-3742
URL: https://issues.apache.org/jira/browse/JAMES-3742
Project: James Server
Issue Type: Bug
Components: James Core
Affects Versions: 2.3.2
Reporter: Paul Chown
We are using James to forward mails from external email servers to customer accounts.
Some email clients create emails with the following headers:
{noformat}
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.60.0.1.1\))
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=xxxx.gappssmtp.com; s=20210112;
h=from:content-transfer-encoding:mime-version:subject:message-id:date:to;
bh=...;
b=...{noformat}
So the message is signed by the originator including the {{Mime-Version}} header. The problem is that if we set an additional header with {{SetMimeHeaderHandler}} or invoke the SpamAssassin service then the method {{MimeMessage.updateHeaders()}} is invoked which sets a new mime version header:
{noformat}
MIME-Version: 1.0{noformat}
thereby breaking the DKIM signature from the original sender. We can add our own signature using the new header, but this isn't aligned with the sender domain so it doesn't help. It's probably debatable whether the original Mac mail client mime version header is valid, but it is what it is.
This seems to be completely broken, but the behaviour is baked into the {{MimeMessage}} class and we can't see any way around it. How can we preserve the original mime-version header and the DKIM signature?
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org