DKIM and OWASP HTML Sanitizer...

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
User avatar
DavidMerrill
Advanced member
Advanced member
Posts: 126
Joined: Thu Jul 30, 2015 2:44 pm
Location: Portland, ME
ZCS/ZD Version: 8.8.15 P19
Contact:
Contact DavidMerrill

DKIM and OWASP HTML Sanitizer...

Post by DavidMerrill »

I've got a funny case where an incoming email has the following in the headers (sanitized a bit):

Code: Select all

Authentication-Results: mail.abcxyz.com (amavisd-new);
dkim=fail (1024-bit key) reason="fail (body has been altered)"
header.d=amajorusbank.com
which I think fires off the hit on DMARC_FAIL_REJECT

Code: Select all

X-Spam-Status: Yes, score=8.222 required=5.2 tests=[ALL_TRUSTED=-1,DKIM_INVALID=0.1, DKIM_SIGNED=0.1, DMARC_FAIL_REJECT=9,
HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, T_HTML_ATTACH=0.01, T_SPF_HELO_TEMPERROR=0.01]
driving up the score and marks the email as spam in Zimbra.

I know I can set a custom value for DMARC_FAIL_REJECT but as I searched around I ran into several seemingly-related posts (referring to the "body has been altered bit") and noted in my Zimbra system that the following is set:

Code: Select all

zimbra@mail:~$ zmlocalconfig | grep sanitizer
zimbra_use_owasp_html_sanitizer = true
I wanted to ask, can the OWASP HTML Sanitizer break DKIM checks? Is that a thing?

I would've imagined that that body-altering checks would happen before HTML-sanitization...
___________________________________
David Merrill - Zimbra Practice Lead
OTELCO Zimbra Hosting, Licensing and Professional Services
Zeta Alliance
Top
Post Reply

Return to “Administrators”