Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provide more fine-grained verification result (especially also check signature on body hash mismatch and vice-versa) #420

Open
JustMyGithub opened this issue Jan 4, 2024 · 2 comments

Comments

@JustMyGithub
Copy link

It would be nice to have a more precise output why the verification fails (No signature/Body hash mismatch/failed to retrieve key/signature failed to verify) - I did not etst all of them, some may already be shown.

Furthermore I'd like to se if bodyhash fails but signature is ok and if the bodyhash it ok but the signature fails.)

I understand that for a mailserver it is pointless to verify the signature if the body hash mismatches (and vice-versa) but for debugging and forensics that would be an useful information

@lieser
Copy link
Owner

lieser commented Jan 6, 2024

I think the error result is already pretty detailed, at least as long as showing detailed error reasons is enabled in the advanced options.

If you think there is still something missing please explicitly say which error you encountered but was not reported in detail enough by the add-on.

bodyhash fails but signature is ok

Yes this is currently missing, in a sense that if the bodyhash mismatches the add-on will not bother checking the signature.

Would be interesting to know more about how and why you need this information.
So far I only very rarely was interested in this myself, and more out of curiosity than a need.

bodyhash it ok but the signature fails

The add-on is already distinguishing between a DKIM_SIGERROR_BADSIG (Signature is wrong) and DKIM_SIGERROR_CORRUPT_BH (E-Mail was modified) error, both in the logs and the user interface.

@JustMyGithub
Copy link
Author

JustMyGithub commented Jan 8, 2024

Depending on what you intend to verify it may be enough that the signature is valid, as it verifies the metadata fields that are included in the signature (e.g. there really was an email sent from sender to receiver with this timestamp). Furthermore modifications of the body may have several legitimate (or at least automatic & non-malicous) reasons, for example the outlook issues posted here (#300). Depending on how the email was tranfered and stored, there may be legitimate modifications that break the body hash which are just artefact of storage format and conversions. I did not verify details, but DKIM is originally intended to be validated by the server on arival, so mail servers do not necessarily care about keeping email unchanged such that DKIM can be validated afterwards.

(unverified) examples may be encoding issues (7bit outlook-encoding, ASCII, UFT8, UTF16) format conversions (e.g. msg format of outlook), conversions between CRLF and LF (Windows vs. Linux newline) and others.
Ideally people would document what legitimate changed are done to emails on which servers/clients/mail gateways ("Warning: external email", "Virus alert", ...) and other components of the communication such that a DKIM verifier like this add-on can (temporily) undo such changes to distingush legitimate changes from illegit manipulations, but that is a lot of effort and not easy to do

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants