What happens with duplicate substitute headers?

Vernon Schryver vjs@calcite.rhyolite.com
Thu Mar 18 15:49:27 UTC 2010


> From: Gary Mills 

> The second one has a newline and a tab between the two lines.  I assume
> that DCC will rejoin these lines somehow, but what do I specify as the
> substitute header.  As well, they've changed the format of the header,
> breaking all the checksums.  I'd have to re-list them all.

As required by the SMTP standards, dccm, dccifd, and dccproc ignore
"folding whitespace" including "\n\t" in headers.
However, dccm, dccproc, and whiteclnt and dccd whitelist files
use single lines.  Simply delete the newlines when copying the
header lines to whiteclnt, whitelist, or whitecommon files.

> More importantly, what is DCC going to do with the duplicate header
> field names?  Will it just compute two checksums?  In that case, I
> suppose it will all work.

The checksums for a message are not checked against the client
whiteclnt file and not sent to the DCC server to be checked against
its whitelist file until the end of the message.  So the checksum of
the last header of a set of duplicate headers is usually the only one
that matters.
Other, special arrangements are made for Received: headers.

You can see which headers matter by running test messages through
`dccproc -RQC -S... -w whiteclnt ...`


If the header you care about is not always the second of the pair, then
I would modify your DKIM milter to generate a different header for one
of them, such as X-Authentication-Results-2.
Or fix the milter to pick one answer instead of equivocating.  In other
words, generate only one Authentication-Results header.

(X- headers are a standardized escape from the global, practically
static list of standardized SMTP headers.)


By the way, has the Authentication-Results header been standardized?
http://www.google.com/search?q=Authentication-Results+smtp+site%3Aietf.org
as well as your experience with conflicting headers suggests not.  If
not, then I wonder if your DKIM milter ought to be adding X- headers
in any case.

Does your milter delete any Authentication-Results headers that
are already in incoming mail messages to foil games of the bad guys?


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.