My OpenDKIM installation (2.11.0~alpha-11build1 on Ubuntu 18.04 Server) can sign your message, and produces a valid signature.
Perhaps some other component at your site or in transit is altering the folding or line terminators? Anything unusual about your system and configuration? Perhaps try setting Canonicalization to ‘relaxed/relaxed’ and see if the verification result changes (https://tools.ietf.org/html/rfc6376#section-3.4.2)? -- You received this bug notification because you are a member of Ubuntu Mail Server, which is subscribed to opendkim in Ubuntu. https://bugs.launchpad.net/bugs/1857618 Title: opendkim generate an invalid signature if one header is fold just after the header name Status in opendkim package in Ubuntu: New Bug description: opendkim generate an invalid signature if one header is fold just after the header name Expected : the email is well signed. Actual : Signature is invalid. How to reproduce ? Send the email just below by replacing "example.com" by a valid DKIM-signed domain. I used postfix to send the email. Here is a source .eml email that will fail to be correctly signed by opendkim : ``` From: <[email protected]> To: <[email protected]> Subject: Folding_White_Space_and_too_long_subject_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Test ``` opendkim generate an invalid signature with this email because of the "Subject:" folding white space. The signature is valid if the "Subject:" is written in one line : ``` Subject: Folding_White_Space_and_too_long_subject_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa ``` Ubuntu 18.04.3 LTS opendkim : 2.11.0~alpha-11build1 --- This bug occurs for all headers signed by opendkim (not only with "Subject:"). This syntax seems valid. At least Gmail, Outlook, Thunderbird display the subject correctly. https://www.ietf.org/rfc/rfc5322.txt : > Unfolding is accomplished by simply removing any CRLF > that is immediately followed by WSP. Each header field should be > treated in its unfolded form for further syntactic and semantic > evaluation. An unfolded header field has no length restriction and > therefore may be indeterminately long. Gmail and opendkim itself consider the signature as invalid. opendkim : ``` Authentication-Results: xxx.example.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=example.com header.b=ABCDEF; ``` Gmail: ``` ARC-Authentication-Results: i=1; mx.google.com; dkim=fail [email protected] header.s=xxxxxxx header.b="a/aaaaaa"; ``` To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opendkim/+bug/1857618/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~ubuntu-mail-server Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-mail-server More help : https://help.launchpad.net/ListHelp
