When did it became okay to write about human beings the same way we write about bedbugs or lice? Once the Tamils have safely disembarked from their boat we should use it to float the entire Toronto Sun editorial staff out to sea.
Co-worker snapped a shot on his iphone when I arrived to work after being hit by a car.
Learning to use DKIM usually involves a lot of trust in a process that may not be fully understood by the operators. I hope to lift the veil by implementing a step by step application to demonstrate what is being done and why.
Please download the following perl script:
And execute against any saved message that contains a DKIM-Signature:
In the first screen, we’ve simply extracted the DKIM-Signature header from the email, and displayed it for informational purposes.
Once in the second screen, we’ve split the header out, and fed it into a hash reference. This contains the values that we will be operating with during the verification process.
The next part is the generation of the body hash. This hash is stored in the DKIM-Signature, under the bh= field, and is used to verify that the content of the body did not change once the signature was generated. This is done by looking at the a= field to determine which digest algorithm to use, then the result is base64 encoded in order to be printed within the email header.
But! Before we can generate the digest on the body, we must agree upon the representation of the body. Difference MUAs might change the body around, treating whitespace differently etc. So what we do is we canonicalize the body first. The c= field shows which algorithm to use when canonicalizing the body. In this example, we want to use the “relaxed” method implemented in the script. This is documented under 3.4.4. The “relaxed” Body Canonicalization Algorithm of the DKIM RFC. The script outputs the relaxed lines, surrounded by brackets to show where the lines start and end. Note that it does so in reverse order. This way we can strip out all tailing blank lines, per the RFC.
Once a canonicalized representation of the body has been established, we generate the digest (in this case, sha256) then base64 encode the digest. If this value matches the value of bh= then we know that the body has not been altered since the time of the message signing!
The script is currently only implemented through the body hash section. Next is the header relaxation, and signature verification process.
Please stay tuned for updates!
On facebook I received a friend notification… from none other than a young girl with cleavage! Looks like 9 people have already (greedily) friended this person. Nice.
It’s like I’m back in 1995!
While traveling, I decided to opt-out of my work’s vacation notification system, and roll my own instead. The reason was that I’m a member of a number of internal work mailing lists, and it’s really annoying that my vacation notification message goes out to anyone who emails one of those lists. Secondly, I only wanted to send the notification to people at work.
It just took a little procmail, and a little perl to get the job done.
First, I forwarded a copy of my mail to an account on a unix server that I administer, which has perl and procmail installed. In mail procmail recipe, I had:
:0
* ^(To|Cc|Received):.*(YOUREMAILHERE@tucows\.com).*
{
:0
|/home/pblair/vacation.pl
}
Which looked into the headers, and only sent the message to my vacation script if my email address was explicitly named. Not the mailing lists, but my email address.
Then, the vacation perl script:
It tracks the sender by the Return-Path header (added by Postfix on the mail server), which was a lazy way out, and maybe not the best, since it would have replied to any mailing lists that I’m a part of, and could have unsubscribed me if the mailing list software thought that my message was a bounce message (hopefully any clueful mailer will know the difference between an autoresponder and a DSN message). The smarter way would have been to tease out the email address from the “From:” header, but I was lazy.
Anyways, hope that this could be helpful — I found it a little nicer than most vacation applications that just blast back to anyone.
Oh, and the notification is only ever sent once.
Moved the blog from killallhumans.ca to petermblair.com, and in turn broke everything. After going into the DB’s backend, and updating all of the URL’s from all of the posts, and changing the htaccess mod_rewrite rules, everything seems to be working again. I think.
Well, I guess I should upgrade to wordpress 3.0 now…
Moved some bikes into the apartment while some work is being done on the garage door downstairs.
Enjoyed a coffee outside today in the 18 degree weather
