[ale] testing firegpg with mailman
Michael H. Warfield
mhw at WittsEnd.com
Sun Nov 29 00:13:22 EST 2009
Jim,
On Sat, 2009-11-28 at 23:00 -0500, Jim Kinney wrote:
> Fun!! your message came through just fine with good signature. I've
> also signed the reply (using FireGPG).
> I do have MailScanner on the ALE list incoming side. It is my
> understanding that the original message is supposed to be pristine
> unless there is a rule causing a disinfection to occur. Otherwise the
> mime is unpacked, scanned and discarded.
Wow... I had to dig through archives going back to January of 2006 to
dig this one out. There is a gotcha and it is a bloody weird one.
Granted that others have pointed out the header wrap problem (which
should NOT be a problem because these things are not suppose to be
affected by that - still noddling on that one). The problem back then
was that many Mime aware applications would generate a line ending
sequence (protocol convention \r\n) encoded in quoted printable with
\r=0A where MimeTools would emit it as =0D=0A (equivalent) and that was
what was causing THAT problem. Not sure if there is a base-64 encoding
equiv to that problem but anything in quoted printable can be expressed
as =hh for the byte and that causes a major indeterminancy.
The option that was causing the headaches in MailScanner was in
mailscanner.conf where the default was "Sign Clean Messages = yes".
That forced MailScanner to unpack all Mime messages and repack them in
order to add its "clean message" signature.
Check that setting and make damn sure it's "Sign Clean Messages = no".
Nobody EVER came back with the definitely way to insure that messages
were not corrupted in the "= yes" case and I had Julian and David (from
MimeTools) busting their asses trying to figure it out.
Mike
> On Sat, Nov 28, 2009 at 3:18 PM, Michael H. Warfield
> <mhw at wittsend.com> wrote:
> Jim,
>
> On Sat, 2009-11-28 at 14:23 -0500, Jim Kinney wrote:
> > OK. So Mailman is (maybe) munging the gpg signature. Fixing
> that will
> > be a challenge if it's caused by signing the wrong sections
> of the
> > message body.
>
>
> Something is not right here. I run a mailman site supporting
> several
> dozen lists and multiple domains (IT-ISAC, ISAC Council, +++)
> and I
> don't see this problem. We use gpg/pgp all the time on those
> lists.
> Furthermore, my own signatures through the ALE list seem to be
> coming
> through fine.
>
> Couple of years ago, I did run into a problem with MailScanner
> which
> Julian and I took a few days to shoot. In that case,
> MailScanner was
> unpacking the mime and then repacking it (quoted printable in
> that case,
> I believe). While the contents of the attachments remained
> unaltered,
> the encoding encapsulation changed (Mime is ambiguous on
> several points
> and something time MailTools or MimeTools will pack something
> differently than will Evolution or Thunderbird). We had to
> stipulate
> something in MailScanner where the message was passed
> unmolested if
> nothing was found untoward in it, rather than repacking it and
> sending
> it on.
>
> There are a couple of MailScanner Mime settings that could
> impact this
> but I seriously doubt it.
>
> Try this for a test. Send a message back to me and to the
> list. Just a
> Reply-All should do just fine. I can do a byte for bye,
> attachment for
> attachment comparison. Make SURE <mhw at wittsend.com> is on the
> cc list,
> so I get a direct copy. You should be able to verify my
> signatures on
> this message the same way. Compare the results from the ALE
> relay to
> the direct message.
>
> Regards,
> Mike
>
>
> > What is needed now is to test a gpg signature sent from a
> plain text
> > (NOT from firegpg) email through mailman. It needs to be
> tested
> > through both firegpg and regular text email (anyone got a
> quick link
> > to gpg with mutt?).
> >
> > I sent myself a test message from firegpg to myself and NOT
> through
> > mailman. firgpg then reported it as a good signature. That
> leads me to
> > think the issue _is_ with mailman.
> >
> > oh joy. criticizing a gnu codebase ....
> >
> > On Sat, Nov 28, 2009 at 12:41 PM, Jeremy T. Bouse
> > <jeremy.bouse at undergrid.net> wrote:
> > jim.kinney at gmail.com wrote:
> >
> > > This is a simple test of firegpg running on Fedora
> > 12/Firefox 3.5.5
> > >
> > > Please reply with good or bad signature status.
> > >
> >
> >
> > gpg command line and output:
> > /usr/bin/gpg
> > gpg: Signature made Sat 28 Nov 2009 11:04:06 AM EST
> using RSA
> > key ID
> > 6A87D3C5
> > gpg: BAD signature from "James P. Kinney III
> (Physicist,
> > Brewer, Dad)
> > <jimkinney at gmail.com>"
> >
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> >
> >
> >
> >
> > --
> > --
> > James P. Kinney III
> > Actively in pursuit of Life, Liberty and Happiness
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> --
>
> Michael H. Warfield (AI4NB) | (770) 985-6132 |
> mhw at WittsEnd.com
> /\/\|=mhw=|\/\/ | (678) 463-0932 |
> http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in
> the best of all
> PGP Key: 0x674627FF | possible worlds. A pessimist is
> sure of it!
>
>
>
> --
> --
> James P. Kinney III
> Actively in pursuit of Life, Liberty and Happiness
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20091129/eda314fd/attachment.bin
More information about the Ale
mailing list