For completeness, I posted my --disclaimer-html question and Mark's response to Paul Daniels (author of alterMIME) asking for his help and the followings were his reply:
Thanks for the email - you can let the AMaViS people know that I'll look into that - alterMIME sometimes converts to \r\n terminators if it thinks that the parent text body of the email contains \r\n terminated lines, so somewhere it's getting a bit confused it would seem. Regards, Paul. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Martinec Sent: Thursday, June 12, 2008 2:02 PM To: amavis-user@lists.sourceforge.net Subject: Re: [AMaViS-user] dkim + altermime disclaimer Patrick Wong writes: > I have a situation where altermime disclaimer insertion and amavis dkim > signing on outgoing mail begot result from gmail's dkim verification I > don't know what to make of: > > Mail of mime type plaintext with plaintext disclaimer inserted through > altermime + dkim signing is OK when verified by gmail (dkim=pass) > > But, when mime type is html and html disclaimer is used, I'll get > "dkim=neutral (body hash did not verify)" on gmail's authentication > result. I was able to reproduce the problem and I understand what is happening, although I'm not sure which component is to blame. When altermime is inserting a plain text disclaimer to a mail text (as stored on a file on Unix, i.e. line endings are LF), it inserts a text from a disclaimer file as-is, i.e. a disclaimer text along with its LF line endings is directly inserted into a mail text, unmodified. This works fine, message transfers unmodified and a signature is valid. When altermime is inserting a '--disclaimer-html' into a html mail, for some reason it inserts a CR before each LF of the inserted html text, instead of copying it as-is from a disclaimer file! Here is an example of the resulting message body: Content-Type: text/html; charset="iso-8859-1" <html><head><meta name="qrichtext" content="1" /></head><body style="font-size:18pt;font-family:Bitstream Vera Sans Mono"> <p>testing</p> <p><span style="font-style:italic">ital</span></p> ^M <br>^M <i>Disclaimer</i>^M <p>one, two, three^M <br>^M </body></html> --Boundary-01=_cBVUIiha08fkdho-- Amavisd then signs the resulting message, along with all the extra CR in the disclaimer part of a html text, then sends it over SMTP to Postfix. I confirmed that a signature is correct for the presented message, and tcpdump confirms that the SMTP session still has a CR before each end-of-line. As the SMTP protocol demands line endings to be CRLF, the bytes sent are actually CR CRLF (0d 0d 0a): 62 72 3e 0d 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 br>...</body></h When Postfix relays such a message, it strips off the extra CRs (CR CR LF => CR LF) as confirmed by a tcpdump of a SMTP session towards the next MTA. This modification of the message breaks a DKIM signature. Now, an easy finger-pointing tells me that altermime shouldn't be inserting extra CRs in the HTML disclaimer part (like it does correctly for the plain text disaclaimer). Apart from the altermime's guilt, which is the next in line? How should MTA and a DKIM-signer behave regarding bare-CR in a mail body? Mark ------------------------------------------------------------------------ - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/