Can I configure mailman so that it won't break S/MIME digital signatures?

smime mailman

We're currently using Mailman as a mailing list manager. Mailman modifies the content of mail messages. The problem is that some of our users are sending digitally signed messages and the modification makes the signature break. I've seen this behavior with Apple Mail, Outlook, and Thunderbird.

The problem seems to be this: S/MIME signed messages are implemented with a Content-Type: multipart/signed; MIME Content-Type. Mailman wraps this inside a Content-Type: multipart/mixed MIME Content-Type. None of the mail readers look inside the outer mixed for the inner signed.

We won't be able to get the clients fixed. Is there anyway to modify Mailman so that it doesn't have this behavior?


Mailman is probably configured to add a header or footer to every message. Check the msg-header and msg-footer parameters, which can be accessed on the [Non-digest options] page.

It's also important to ensure that pass_mime_types includes application/pkcs7-signature as one of the permitted types in the [Content filtering] section.

When Mailman is configured to add a header or footer, it modifies the message by creating a new MIME part and concatenating it with the root part from the original message. The reasoning for this behaviour is explained more fully on the Mailman wiki (wiki.list.org).

Although the original signed message is still intact, it seems that most mail clients only interpret the SMIME signature correctly if multipart/signed is the root MIME part. As a test, I removed the extra MIME parts inserted by mailman from one of my test messages and resent it, and the signature was correctly validated by my mail client.


The problem is not the lack of "smartness" of email clients.

Rather, this is a security problem. See Bug 578295 - S/MIME Signature not shown/verified in nested MIME-Message

Quote:

A message isn't signed if it's only partially signed. Particularly in the context of Thunderbird, if we claimed a message was signed if only part of it was signed, an attacker could attach signed contents to a message that never get displayed and give the appearance in the UI of a signed message.

It is thus correct for an email client to show no or an invalid signature to a partially signed multipart message.

Related

Iperf from one interface to another on the same computer?
How to check gpu usages on aws ec2 gpu instance?
How to get Home, End, Delete keys working for PuTTY SSH sessions to Cisco ASA?
Tracking costs within one AWS account
How do i use socat as a proxy server?
What are the correct SPF records to allow both local and Google Apps delivery
Cluster failover and strange gratuitous arp behavior
How to write spark streaming DF to Kafka topic
simple hit counter for page views in rails
How to draw text using only OpenGL methods?
iOS devices as web server [closed]
How to draw a line between draggable and droppable?