Signing-milter / SMIME - como este e-mail foi assinado incorretamente?

Question

Signing-milter / SMIME - como este e-mail foi assinado incorretamente?

#1 resposta do (0 votos)

2

Eu tenho um problema com a assinatura do milter ( link ). O problema é que o sinalizador -b é obrigatório, e o sinalizador -b não é recomendado porque ele envia um e-mail não compatível com RFC. No entanto, remover o sinalizador -b resulta em emails que não validam S / MIME com a mensagem de erro "Conteúdo adulterado". A descrição do sinalizador -b é a seguinte:

Causes signing-milter to not break headerlines after a ; Header
              lines  moved  inside  a mime-container while signing must not be
              longer then 76 characters. This switch  disables  the  autobreak
              before signing.

Eu tentei com o APENAS executando o milter de assinatura intermediário, e eu também tentei "lavar" qualquer erro de RFC do correio analisando-o com MIME :: Parser e então reconstruindo o email a partir do zero. . Mas algo ainda está errado. Os seguintes correios são sem o filtro "lavar".

Os seguintes e-mails são assinados corretamente com o comando:

signing-milter -g postfix -m /var/secure_files/cert/signers.cdb -s inet:9991 -t 60 -u postfix –b &>/dev/null </dev/null &

resultará no seguinte e-mail, que valida corretamente:

Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from Bangatan601 (unknown [192.168.2.3])
    by dns1.sebbe.eu (Postfix) with SMTP id E61E74C01D1
    for <[email protected]>; Wed, 25 Feb 2015 11:12:41 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sebbe.eu; s=root;
    t=1424859168; bh=0JJ2CUrz7gs1slXbxbBt0gped0s3PEJ2R6vh4blyqTQ=;
    h=From:To:Subject:Date:From;
    b=bxDrSPc8mTl7jSpHYlc3lDgPywm71Y8nnHFccVllB8yd8tYGh3lkPEQZhGxTTz+sn
     iR8cto0qyBEZM8qNfgQSVD0a2jXdM38/VNB6G49Au252CZ6IsjfQdY9LFkdl7WudXt
     YgYQ5Pnj59kCp4GSacRPHlwxQwZCT3hxwF5VcoPc=
Message-ID: <B385DB0CB2F144BFA9FE47A007A6B077@Bangatan601>
From: "Sebastian Nielsen" <[email protected]>
To: <[email protected]>
Subject: test
Date: Wed, 25 Feb 2015 11:12:39 +0100
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3528.331
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331
X-Hashcash: 1:26:150225:[email protected]::NrJAmsa7evEzktIr:000000000000000000000000000000000000000001h79K
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="----162A57F1542DDFAD76008518F14459BD"

This is an S/MIME signed message

------162A57F1542DDFAD76008518F14459BD
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0019_01D050EB.F7C76180"

------=_NextPart_000_0019_01D050EB.F7C76180
Content-Type: text/plain;
    charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

test
------=_NextPart_000_0019_01D050EB.F7C76180
Content-Type: text/html;
    charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD></HEAD>
<BODY dir=3Dltr>
<DIV dir=3Dltr>
<DIV style=3D"FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000">
<DIV>test</DIV></DIV></DIV></BODY></HTML>

------=_NextPart_000_0019_01D050EB.F7C76180--

------162A57F1542DDFAD76008518F14459BD
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIIJCwYJKoZIhvcNAQcCoIII/DCCCPgCAQExDzANBglghkgBZQMEAgEFADALBgkq
hkiG9w0BBwGgggYoMIIGJDCCBQygAwIBAgIDDQ+TMA0GCSqGSIb3DQEBCwUAMIGM
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3Rh
cnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwHhcN
MTUwMjIxMDg0NDM2WhcNMTYwMjIyMDE0NjQxWjBAMRswGQYDVQQDDBJzZWJhc3Rp
YW5Ac2ViYmUuZXUxITAfBgkqhkiG9w0BCQEWEnNlYmFzdGlhbkBzZWJiZS5ldTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM94fjNc4NN9VBqH8GkjKyMO
FvI2XfES1ptIN4ZG5Y1NIhmcqmH7QYveXP5H+fs2LiGALMYQlXY6QaM28q1r4mCY
ex9x68ahlzRMx9HuTujfyrj4ifusWU0rISJgPcVbuKvP4JH8Jf20ToCeyZIQNRyK
oUwBQvbeMbctXD7LYrOrEcEdcKlKwexGnxibd67kJGU0JUxR+p5lDBCFxZCKoTgj
3edLWqI8OjSDK/wXkF12alEBIsNEHcZ1l66sIz7+Jbm0j5rYR+fjuLxL5UgecfeN
PwlWDL/wZ1dUx7RBajAAQvkdF7oFCcdzhnOdXf/rCDgOExWvsQwTziu0W6KQySkC
AwEAAaOCAtgwggLUMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdJQQWMBQG
CCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUUybj3MhjLg2ZqpTQoQqHa3M3
BvgwHwYDVR0jBBgwFoAUU3Ltkpzg2ssBXHx+ljVO8tS4UYIwHQYDVR0RBBYwFIES
c2ViYXN0aWFuQHNlYmJlLmV1MIIBTAYDVR0gBIIBQzCCAT8wggE7BgsrBgEEAYG1
NwECAzCCASowLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3Bv
bGljeS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRpZmljYXRp
b24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQg
YWNjb3JkaW5nIHRvIHRoZSBDbGFzcyAxIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRz
IG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRo
ZSBpbnRlbmRlZCBwdXJwb3NlIGluIGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcg
cGFydHkgb2JsaWdhdGlvbnMuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwu
c3RhcnRzc2wuY29tL2NydHUxLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYI
KwYBBQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MxL2Ns
aWVudC9jYTBCBggrBgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2Vy
dHMvc3ViLmNsYXNzMS5jbGllbnQuY2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQsFAAOCAQEAEXThDfGRB/+ABR2c
fGNa4Bol8hLR9MtpjYayTps7KCNZUEm05kBGjtMZkhOLUfxjXkyF5bWdPiUdnWmL
O1i4rNLtRIfJlP9lVlqJGjp6x5tILb2y57b75xP95yCZeQZXUQ0315hK7lx58MLh
dXj0jrDMVN6A5f9G/KIGfXEeHKL+X4+UTtvGGQaowFilEPQ/gPPb6o5FYz+PBbbx
dhOpxQ+TuX1vivKpCndYsx17tfN+y3/m7pnhIeQbUR6LKSX89JFJnLvEWT59nGCn
AHM2d53h1XHK+xPWpSpqLjVMtlLyHOIT73tEqh+56Zlwz3A25647adJC+ec3y5hB
r6hQTTGCAqcwggKjAgEBMIGUMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUg
U2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVy
bWVkaWF0ZSBDbGllbnQgQ0ECAw0PkzANBglghkgBZQMEAgEFAKCB5DAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNTAyMjUxMDEyNDha
MC8GCSqGSIb3DQEJBDEiBCDUzXsP6GT4VlvqAsueiMMWtHZPDcm743OisWwhmsFp
QzB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCwYJ
YIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D
AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASCAQAd
3BNZCzPw4C4fCMSIuXmmQDnXV+8gdqCNwdRVQSkgbsC9laZU6/+gbTJGb/W/aZAn
JdaM1ZxiObIdntUVdXO57TDFK8c3fJc591mjzKoewUUYYL2VHkwwZWMM75t+jvX8
lwOqDJu81q50xIsBAbWOXjwz4u3ZsLrG98a/RPBJfFeNgDchqeODTFGPktvzvrXr
UQDa6Vf10hyMZqeXl8r3O3/hI0rhq/KE3WA2k3U2PBebTsC7NWScxGVayBcNlEjl
1XPubdjG5T0o1KP9sQqA+yIqGfkpR0mCuO8HEF16hPOeTxodW3kBMyfXc7WYJxAp
CcshMBM62XZFtkQmNvT9

------162A57F1542DDFAD76008518F14459BD--

No entanto, se eu remover o sinalizador -b do medidor de assinatura, ele será assinado da seguinte forma:

signing-milter -g postfix -m /var/secure_files/cert/signers.cdb -s inet:9991 -t 60 -u postfix &>/dev/null </dev/null &

Isso resulta em:

Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from Bangatan601 (unknown [192.168.2.3])
    by dns1.sebbe.eu (Postfix) with SMTP id 6CDFD4C0969
    for <[email protected]>; Wed, 25 Feb 2015 10:58:00 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sebbe.eu; s=root;
    t=1424858297; bh=g681Ani3vbnBMVPvXfhl81tk5PAU2QiaQD7wU8Opt0s=;
    h=From:To:Subject:Date:From;
    b=X4bAU3CenDkFk45IUztPl3sYkEWvOGphwAPBtGbdmtlUQ5Z5Faf1l/7B7Uz+J2lOu
     tdyWgsJ4rHJk0+ZC+R/GxShyc8H9tPyUpinR9psIJJG4bHFmbkcoeykTMCzootnOxO
     +GpHHPUHCwxaqBMDMfOKXgos691KZi++1LRsYThI=
Message-ID: <AA66989B33FB47379BEAE4365DE5394E@Bangatan601>
From: "Sebastian Nielsen" <[email protected]>
To: <[email protected]>
Subject: test
Date: Wed, 25 Feb 2015 10:57:53 +0100
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3528.331
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331
X-Hashcash: 1:26:150225:[email protected]::DwuKWYWY2MN+ZUXB:000000000000000000000000000000000000000003yEF8
Content-Type: multipart/signed;
    protocol="application/pkcs7-signature";
    micalg="sha-256";
    boundary="----FD52A1653AA3980B5C0A3BE3D9993FAB"

This is an S/MIME signed message

------FD52A1653AA3980B5C0A3BE3D9993FAB
Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0007_01D050E9.E7B05740"

------=_NextPart_000_0007_01D050E9.E7B05740
Content-Type: text/plain;
    charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

test
------=_NextPart_000_0007_01D050E9.E7B05740
Content-Type: text/html;
    charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD></HEAD>
<BODY dir=3Dltr>
<DIV dir=3Dltr>
<DIV style=3D"FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000">
<DIV>test</DIV></DIV></DIV></BODY></HTML>

------=_NextPart_000_0007_01D050E9.E7B05740--

------FD52A1653AA3980B5C0A3BE3D9993FAB
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIIJCwYJKoZIhvcNAQcCoIII/DCCCPgCAQExDzANBglghkgBZQMEAgEFADALBgkq
hkiG9w0BBwGgggYoMIIGJDCCBQygAwIBAgIDDQ+TMA0GCSqGSIb3DQEBCwUAMIGM
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3Rh
cnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwHhcN
MTUwMjIxMDg0NDM2WhcNMTYwMjIyMDE0NjQxWjBAMRswGQYDVQQDDBJzZWJhc3Rp
YW5Ac2ViYmUuZXUxITAfBgkqhkiG9w0BCQEWEnNlYmFzdGlhbkBzZWJiZS5ldTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM94fjNc4NN9VBqH8GkjKyMO
FvI2XfES1ptIN4ZG5Y1NIhmcqmH7QYveXP5H+fs2LiGALMYQlXY6QaM28q1r4mCY
ex9x68ahlzRMx9HuTujfyrj4ifusWU0rISJgPcVbuKvP4JH8Jf20ToCeyZIQNRyK
oUwBQvbeMbctXD7LYrOrEcEdcKlKwexGnxibd67kJGU0JUxR+p5lDBCFxZCKoTgj
3edLWqI8OjSDK/wXkF12alEBIsNEHcZ1l66sIz7+Jbm0j5rYR+fjuLxL5UgecfeN
PwlWDL/wZ1dUx7RBajAAQvkdF7oFCcdzhnOdXf/rCDgOExWvsQwTziu0W6KQySkC
AwEAAaOCAtgwggLUMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdJQQWMBQG
CCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUUybj3MhjLg2ZqpTQoQqHa3M3
BvgwHwYDVR0jBBgwFoAUU3Ltkpzg2ssBXHx+ljVO8tS4UYIwHQYDVR0RBBYwFIES
c2ViYXN0aWFuQHNlYmJlLmV1MIIBTAYDVR0gBIIBQzCCAT8wggE7BgsrBgEEAYG1
NwECAzCCASowLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3Bv
bGljeS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENlcnRpZmljYXRp
b24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQg
YWNjb3JkaW5nIHRvIHRoZSBDbGFzcyAxIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRz
IG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRo
ZSBpbnRlbmRlZCBwdXJwb3NlIGluIGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcg
cGFydHkgb2JsaWdhdGlvbnMuMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwu
c3RhcnRzc2wuY29tL2NydHUxLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGBMH8wOQYI
KwYBBQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MxL2Ns
aWVudC9jYTBCBggrBgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2Vy
dHMvc3ViLmNsYXNzMS5jbGllbnQuY2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQsFAAOCAQEAEXThDfGRB/+ABR2c
fGNa4Bol8hLR9MtpjYayTps7KCNZUEm05kBGjtMZkhOLUfxjXkyF5bWdPiUdnWmL
O1i4rNLtRIfJlP9lVlqJGjp6x5tILb2y57b75xP95yCZeQZXUQ0315hK7lx58MLh
dXj0jrDMVN6A5f9G/KIGfXEeHKL+X4+UTtvGGQaowFilEPQ/gPPb6o5FYz+PBbbx
dhOpxQ+TuX1vivKpCndYsx17tfN+y3/m7pnhIeQbUR6LKSX89JFJnLvEWT59nGCn
AHM2d53h1XHK+xPWpSpqLjVMtlLyHOIT73tEqh+56Zlwz3A25647adJC+ec3y5hB
r6hQTTGCAqcwggKjAgEBMIGUMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUg
U2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVy
bWVkaWF0ZSBDbGllbnQgQ0ECAw0PkzANBglghkgBZQMEAgEFAKCB5DAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNTAyMjUwOTU4MTda
MC8GCSqGSIb3DQEJBDEiBCAh+/oOeBFGDqcr6FntbmDkiaNH7kwwQppeMWJq0oZa
OjB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCwYJ
YIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D
AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASCAQCq
rISJ8Fpsbc8GxCevwpmNHb6hMDe/mmcg1tmoCT6TJIz6tM690G0kOttL39cY1Qv8
zEYiNTcaKX94Fx7mJIUyGJasJuR9MdLhyAhvkgcJ3DiCqvmVhHbwsW/jl/WcIrM6
XLAGnMsroYTnp94SrJfLflCmQgXMTi0U+iTERnUs9bLsZ17adhQ7MavuEcze7Fcg
IIoF8awZkoLZnPYgiJT89GP3jq5KS3NtojRlycDAf99AoM2Q3dcUEUdrfX6fRy/k
3W18ihE7nmworE/u8F5yQMtMvZGhyRZlgGw2yhX7Cuev3E8sS9g/8tZB5ndU/Gzq
0GAvKNW+4OrtIjzrCc8n

------FD52A1653AA3980B5C0A3BE3D9993FAB--

O que não valida. (Mensagem de erro: conteúdo adulterado).

Este é um email UNSIGNED do mesmo cliente (Windows Live Mail) que pode ser usado para rastrear erros de RFC:

From: "Sebastian Nielsen" <[email protected]>
To: <[email protected]>
Subject: test
Date: Mon, 2 Mar 2015 23:17:33 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0005_01D0553F.10373AE0"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3528.331
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331

Det här är ett flerdelat meddelande i MIME-format.

------=_NextPart_000_0005_01D0553F.10373AE0
Content-Type: text/plain;
    charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

test
------=_NextPart_000_0005_01D0553F.10373AE0
Content-Type: text/html;
    charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD></HEAD>
<BODY dir=3Dltr>
<DIV dir=3Dltr>
<DIV style=3D"FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000">
<DIV>test</DIV></DIV></DIV></BODY></HTML>

------=_NextPart_000_0005_01D0553F.10373AE0--

Qual é o problema? Eu perguntei na lista de usuários do postfix e recebi a resposta de que a entrada não é compatível com RFC, mas de que maneira? (Então eu posso adicionar um filtro de conteúdo antes que corrige esse problema). O email é criado pelo Windows Live Mail.

postfix smime

por sebastian nielsen 04.03.2015 / 14:50

1 resposta

Tags postfix smime

O que faz com que o CTRL-ALT-DELETE seja ativado em um sistema não associado a um domínio? A temperatura da CPU afeta a vida útil da CPU? [duplicado]

score 0 · Answer 1

Eu tenho visto exatamente o mesmo comportamento no Outlook 2013 e no Outlook 2016, ambos falsamente relatando mensagens assinadas com várias partes assinadas pelo assinante como adulteradas, será o The Bat! v7 Professional (Windows) e Mac Mail (El Capitan) relatam as mesmas mensagens como válidas.

O problema é causado por muitos retornos de carro (CR) ou alimentação de linha (LF) ou uma combinação de ambos (CRLF) no final da carga útil da mensagem.

O final da carga útil da sua mensagem significa a final:

------=_NextPart_000_0005_01D0553F.10373AE0--

na mensagem não assinada / bruta que você postou.

Nem importa qual cliente envia a mensagem, o Outlook para o Outlook falhará como o Mac Mail para o Outlook.

Ver você usando o Windows Live Mail me leva a supor que isso afeta todos os clientes de e-mail usando o correio do Windows e / ou o back-end de criptografia.

Você pode até mesmo reproduzir isso confiavelmente enviando uma mensagem de várias partes usando nada além de telnet / ncat ...

Portanto, para ficar claro aqui, tenho quase 99% de certeza de que seus e-mails foram devidamente assinados com um certificado válido. É apenas a Microsoft fazendo coisas - de novo - de forma diferente.

Agora, não tenho ideia do que o interruptor -b fazia internamente na assinatura-milter, mas tenho certeza que ele se certificou de que a sua carga tenha escapado adequadamente antes de assiná-lo.

"Did" simplesmente porque esta opção parece ter sido descartada na versão atual (executando o milter de assinatura Versão 20150308 aqui) que apenas exibe

option -b is ignored for compatibily reasons, you may remove it safely

quando executado com este argumento, e correios, claro, ainda não são validados no Outlook.

Assim, a solução mais óbvia parece ser a de enviar os e-mails através de um milter adicional antes de enviá-los para o assinante milter.

Como eu já tenho um milter in-loco personalizado (escrito em python usando o libmilter), eu poderia simplesmente adotar meu código para cuidar disso:

...
if mail.is_multipart():
    logging.debug("Stripping tailing line feeds (if any) from multi-part payload")
    new_body = new_body.rstrip()

workflow["repl_body"] = new_body
return workflow

Assim, o Outlook finalmente pára de reclamar de nada.

Felicidades