a sequence CR/LF/LF: 0d 0a 0a
is not allowed to be used in SMTP emails. The line termination has to be CR/LF, also for empty lines ! https://datatracker.ietf.org/doc/html/rfc5321#section-2.3.8 Normaly assp will correct such a fault by adding any missing CR or LF ... BUT ONLY if the mail was not signed (SMIME,PGP,DKIM...) before it was received by assp! Correcting line endings in such a mail, would make every existing signature invalid! An uncorrected sequence of CR/LF/LF: 0d 0a 0a will result in an invalid DKIM and/or ARC signature using assp as DKIM-signer! Thomas DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* Von: "Scott MacLean" <[email protected]> An: [email protected] Datum: 01.05.2026 21:45 Betreff: Re: [Assp-test] DKIM hash calculated incorrectly on 2.8.2(26034) I have done a bunch more research to figure out what exactly is causing ASSP to generate invalid DKIM signatures. I can't say for sure what is causing it, but I can give an example of a very simple email which does cause it consistently: When this very simple email is transmitted as the body, the message signing fails every time: ----=43D70E2DE97749F99004_B859_B29B_9ACB Content-Type: text/html;charset="UTF-8" Content-Transfer-Encoding: 7bit <table> <tr> <td> </td></tr> </table> ----=43D70E2DE97749F99004_B859_B29B_9ACB-- It is being sent as multipart/mixed, and the content inside the boundaries is the only part contained within this email. GMail reports this: ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) HOWEVER...If I remove the blank line as shown below, the message signature passes fine: ----=5B9E2600A819445B9009_1861_9C26_1181 Content-Type: text/html;charset="UTF-8" Content-Transfer-Encoding: 7bit <table> <tr> <td> </td></tr> </table> ----=5B9E2600A819445B9009_1861_9C26_1181-- The blank line shown consists of CR/LF/LF: 0d 0a 0a If I change the 0d 0a 0a in the email to 0d 0a 0d 0a, the signature now succeeds. However, when I edit the consecutive LF's out of the newsletter email, ASSP still generates an invalid DKIM signature when sending it, so that is apparently not the only thing that is tripping up ASSP when generating signatures. On 5/1/2026 10:59, Scott MacLean wrote: > I send out a newsletter to over 100,000 people once a month. This month > has been an utter disaster. > > For some reason, when ASSP generates the DKIM signature for this month's > newsletter, it generates it incorrectly. As a result, the newsletter has > been rejected by all major email systems (most notably Google and > Microsoft) - and as a result of the mass rejections, my server is now > blacklisted all over the place. > > This is what Google is saying: > > DKIM: 'FAIL' > > Authentication-Results: mx.google.com; dkim=neutral (body hash did not > verify) > > > I can send other emails to Google through my server and they are signed > properly and pass. But when I send this specific email, containing this > month's newsletter, the DKIM signature created by ASSP is consistently, > repeatedly wrong, and is rejected everywhere. > > > > > _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
_______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
