HomePhorge
Diffusion kolab 3232d4a1d0a2

Disable signing of received headers

Description

Disable signing of received headers

This fixes dkim signatures on kubernetes (where we run postfix and
amavis in a single pod).

I don't fully understand where or why it all goes wrong,
but what happens is that amavis signs a message like this:

Received: from postfix.kolab.klab.cc ([127.0.0.1])
by localhost (kolab.klab.cc [127.0.0.1]) (amavisd-new, port 13026)
with ESMTP id 0z3BJNRfoFNe for <admin@kolab.klab.cc>;
Thu, 21 Mar 2024 20:57:19 +0000 (UTC)
Received: from kolab.klab.cc (unknown [172.16.6.215])
by postfix.kolab.klab.cc (Postfix) with ESMTPA id DFA861000032CCC4
for <admin@kolab.klab.cc>; Thu, 21 Mar 2024 20:57:16 +0000 (UTC)
MIME-Version: 1.0
Date: Thu, 21 Mar 2024 21:57:16 +0100
From: admin@kolab.klab.cc
To: Admin <admin@kolab.klab.cc>
Subject: test2
Message-ID: <a50268190905bd011e7ad373643f8756@kolab.klab.cc>
Content-Type: text/plain; charset=US-ASCII;
format=flowed
Content-Transfer-Encoding: 7bit

test2

But we receive a message like this:

Received: from kolab.klab.cc (unknown [172.16.6.215])
by postfix.kolab.klab.cc (Postfix) with ESMTPA id DFA861000032CCC4
for <admin@kolab.klab.cc>; Thu, 21 Mar 2024 20:57:16 +0000 (UTC)
MIME-Version: 1.0
Date: Thu, 21 Mar 2024 21:57:16 +0100
From: admin@kolab.klab.cc
To: Admin <admin@kolab.klab.cc>
Subject: test2
Message-ID: <a50268190905bd011e7ad373643f8756@kolab.klab.cc>
Content-Type: text/plain; charset=US-ASCII;
format=flowed
Content-Transfer-Encoding: 7bit

test2

...note the extra Received header from localhost in the first instance.
I'm not entirely sure where the extra Received header gets lost (seems
to me it technically should be there), but disabling signing received
headers (which seems ok), circumvents the entire issue.
The header must be removed during the send path because signatures
failed with external test systems as well, and I suspect amavis never
adds it due to some rule that I don't understand.

Details

Provenance
mollekopfAuthored on Fri, Mar 22, 12:36 AM
mollekopfPushed on Mon, Mar 25, 11:29 PM
Parents
rK3fca7606788b: dkimverify utility to validate dkim signatures
Branches
Unknown
Tags
Unknown
Build Status
Buildable 46869