On 21-Apr-22 13:09, Mark Sapiro wrote:
On 4/21/22 04:53, tlhackque via Mailman-users wrote:
Note that MailMan is encapsulating a multipart/signed message in a multipart/mixed in order to append it's footer, and reports that it removed the signature part of the multipart/signed. This makes the signed message format invalid. So at least, MM3 needs to handle signed messages better: either include the signature or remove the signature headers (an unwrapping exercise to convert the message to unsigned)... Note that this can be recursive where a signed message contains a message/rfc822 part that contains a signed message, that....
This was an issue with Mailman's content filtering for the mailmanusers@mailman3.org list. Pass types was:
multipart message/rfc822 text application/pgp-signature
So the application/x-pkcs7-signature part was removed. I have just updated Pass types to:
multipart message/rfc822 text application/pgp-signature application/x-pkcs7-signature
to not remove application/x-pkcs7-signature parts going forward.
That's what I expected to be behind the behavior. Thanks for fixing it on this list.
But as I noted, it would be better if the application/*signature parts were automagically passed when a multipart/signed is present. Ideally those that correspond to the multipart/signed, but it's probably less work to allow them anywhere.
I've seen variations of this misconfiguration on a number of lists, all of whose administrators had to learn by experience. Seems like a good case for Mailman becoming smart enough to do the right thing...