BUG: Forwarding tampers digitally signed messages

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
pik256
New user
New user
Posts: 16
Joined: 2016-05-18 11:25
Location: Poland

BUG: Forwarding tampers digitally signed messages

Post by pik256 » 2017-01-17 13:24

As in subject. This is testing environment to show the ill behaviour:

2 accounts: recipient1 and recipient2 (in fact recipient2 need not to be a local account). Recipient 1 has set forwarding to recipient2 but keeps original message (this is not necessary for bug to occur, just for demonstration). I sent a digitally signed message to recipient1. This is a crucial fragment of the message (with headers):

Code: Select all

MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms010609030807050301060903"

This is a cryptographically signed message in MIME format.

--------------ms010609030807050301060903
Content-Type: multipart/mixed;
 boundary="------------E71BD78D3288EFDAF7F24D3C"

This is a multi-part message in MIME format.
I cut this from a message on recipient1's account. This is exactly as it was sent and it is correctly digitally signed.
Unfortunately hMail reformats the message before forwarding. This is what I have found on recipient2's account:

Code: Select all

MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256;
 boundary="------------ms010609030807050301060903"
X-hMailServer-LoopCount: 1

This is a cryptographically signed message in MIME format.

--------------ms010609030807050301060903
Content-Type: multipart/mixed; boundary="------------E71BD78D3288EFDAF7F24D3C"

This is a multi-part message in MIME format.
It is syntactically correct but hMail deleted a newline in a multipart header. It is a violation of a digital signature. Recipient2 sees the message as tampered. Digitally signed messages cannot be reformatted.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8953
Joined: 2011-09-08 17:48

Re: BUG: Forwarding tampers digitally signed messages

Post by jimimaseye » 2017-01-17 14:09

Just done a quick test and replicated. The FORWARDING aspect is unimportant as just the formating for delivery to local does the same thing.

Original SENT email source:

[code]From: <user2@jim.com>
To: <user1@jim.co>
Subject: test
Date: Tue, 17 Jan 2017 11:43:47 -0000
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0009_01D270B6.F711E6B0"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 15.4.3538.513
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3538.513

This is a multi-part message in MIME format.

------=_NextPart_000_0009_01D270B6.F711E6B0
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_000A_01D270B6.F711E6B0"


------=_NextPart_001_000A_01D270B6.F711E6B0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

this is a test bod

Last line of bod
------=_NextPart_001_000A_01D270B6.F711E6B0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD></HEAD>
<BODY dir=3Dltr>
<DIV dir=3Dltr>
<DIV style=3D"FONT-SIZE: 10pt; FONT-FAMILY: 'Arial'; COLOR: #000000">
<DIV>this is a test bod</DIV>
<DIV>&nbsp;</DIV>
<DIV>Last line of bod</DIV></DIV></DIV></BODY></HTML>

------=_NextPart_001_000A_01D270B6.F711E6B0--

------=_NextPart_000_0009_01D270B6.F711E6B0
Content-Type: application/vnd.oasis.opendocument.spreadsheet;
name="BudgetISAcalulatorUntitled 1.ods"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="BudgetISAcalulatorUntitled 1.ods"

[/code]



Received email source:

[code]From: <user2@jim.com>
To: <user1@jim.co>
Subject: test
Date: Tue, 17 Jan 2017 11:43:47 -0000
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0009_01D270B6.F711E6B0"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 15.4.3538.513
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3538.513
X-hMailServer-Reason-Score: 0

This is a multi-part message in MIME format.

------=_NextPart_000_0009_01D270B6.F711E6B0
Content-Type: multipart/alternative; boundary="----=_NextPart_001_000A_01D270B6.F711E6B0"


------=_NextPart_001_000A_01D270B6.F711E6B0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

this is a test bod

Last line of bod
------=_NextPart_001_000A_01D270B6.F711E6B0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD></HEAD>
<BODY dir=3Dltr>
<DIV dir=3Dltr>
<DIV style=3D"FONT-SIZE: 10pt; FONT-FAMILY: 'Arial'; COLOR: #000000">
<DIV>this is a test bod</DIV>
<DIV>&nbsp;</DIV>
<DIV>Last line of bod</DIV></DIV></DIV></BODY></HTML>

------=_NextPart_001_000A_01D270B6.F711E6B0--

------=_NextPart_000_0009_01D270B6.F711E6B0
Content-Type: application/vnd.oasis.opendocument.spreadsheet; name="BudgetISAcalulatorUntitled
1.ods"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="BudgetISAcalulatorUntitled 1.ods"
[/code]



I note that all header/mime inserts such as

Code: Select all

Content-Type: multipart/alternative;
	boundary="----=_NextPart_001_000A_01D270B6.F711E6B0"
get reformatted at the semicolon ; to

Code: Select all

Content-Type: multipart/alternative; boundary="----=_NextPart_001_000A_01D270B6.F711E6B0"


https://github.com/hmailserver/hmailserver/issues/211
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Post Reply