Re: DKIM signing problem

Sun, 18 Sep 2011 11:38:44 -0700 

On 09/18/2011 07:41 PM, Wietse Venema wrote:

alex:

On 09/17/2011 10:34 PM, Patrick Ben Koetter wrote:

* alex<m...@deltaindigo.ro>:

Hi

I have a problem with messages signed by my server. All messages
send from any email client(tb, webmail) , fail verification with :
        dkim=softfail (fail, message has been altered)
except messages send from command line (telnet, sendmail).

Software use is: centos 6 (x86_64), postfix 2.8.0/2.8.5,
dkim-milter-2.8.3-8.el6.x86_64, no content filtering.
I can't find anything in my config that could modify the body of the
message after is signed.

Any suggestions?


A likely cause of breakage is that the sending application generates
email that is incompatible with RFC 5322 or RFC 5321 in some respect.

- Lines longer than 990.

   The Postfix SMTP client keeps the line length below the SMTP
   protocol limit of 1000 bytes including<CR><LF>. Since this change
   happens after signing, it will definitely break DKIM signatures.

   To avoid long-line curruption problems send mail in quoted-printable
   or base64 encoding, with lines of at most 80 characters long.

- Malformed line endings.

   SMTP requires<CR><LF>  line endings, and does not allow<CR>  or
   <LF>  characters in any other context.

   The Postfix sendmail commands expects UNIX-style<LF>  line endings.
   It will also accept lines ending in<CR><LF>  but you can't use
   mixed line ending styles in the same message.

And so on. If you want to ensure that DKIM signatures survive, you
need to send email that is within the protocol specs; otherwise
you'll have to "normalize" the message before applying the DKIM
signature.

Postfix is only an MTA. It is not a message normalizer.

        Wietse

Hi
All messages used to test the dkim signatures was send with subject hhmm and body hhmm (ex 2126 hour 21 and 26 minutes) or with empty body. Nothing to complicated. 

Also in dkim-filter.conf I have:

##  FixCRLF { yes | no }
##
##  Requests that the library convert "naked" CR and LF characters to
##  CRLFs during canonicalization.  The default is "no".

I have try this option but still get the same results.
How is say in my first post I have also try the 2.8.2 version of the dkim-milter , but again with same results. 

Alex

Reply via email to