Alan,
> [EMAIL PROTECTED] tells me: DKIM signature confirmed BAD
> Reason: Signature verification failed, message may have been tampered with
> or corrupted
> See below... I don't understand what is failing... It all appears to
> match-up.
Your posted DKIM-Signature header field was wrapped. If I manually edit it
back to what probably was your original:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=halachmi.net;
s=dartboard; t=1217886223; bh=MOoY7hUyMA3asttr9FMuvdVuOBslhVT/3jx29
C+42jE=; l=17; h=Date:From:To:Message-ID:MIME-Version:Content-Type;
z=Date:=20Mon,=204=20Aug=202008=2017:43:42=20-0400=20(EDT)|From:=20
Alan=20Halachmi=20<[EMAIL PROTECTED]>|X-X-Sender:[EMAIL PROTECTED]
.internal.halachmi.net|To:[EMAIL PROTECTED]|Message-ID:=20<Pi
[EMAIL PROTECTED]>|X-Ma
iler:=20Halachmi-Mail=20v1.2|MIME-Version:=201.0|Content-Type:=20TE
XT/PLAIN=3B=20charset=3DUS-ASCII=3B=20format=3Dflowed; b=mCDR0bI38s
4Ru4QPzI1GkHMKOhK42UShA87DCrlWQ6zuVsx/N46HdiKQjquf0H4d5SjQnGrV13l2M
2aP22USOkYLcZEYfvD6bSEfLMnsmUNSpzNTwCyBiWN7h4kS2ghvjI45PNUDbDjwxYaR
bKyAWIFXNJjurTcY41bZ88Sxyx4=
then the real problem shows up: your Date header filed was modified:
- DKIM signer saw:
Date: Mon, 4 Aug 2008 17:43:42 -0400 (EDT)
- but your message shows:
Date: Mon, 04 Aug 2008 17:43:42 -0400 (EDT)
Something turned '4 Aug' into '04 Aug', thus breaking a signature.
SM wrote:
> Your DKIM-Signature is below the headers that are signed. That
> header should be inserted instead of being appended below the headers.
The RFC 4871 does indeed tell that a signer should prepend a signature
and not append it, but it also recognizes the fact that mailers may
reorder header fields, and remains silent on how verifier should
collect header fields listed in a 'h' list from a message header,
except that it says the search must be bottom-up. It never says the
search should not extend above a DKIM-Signature header field.
As some mailers (like the Microsoft SMTPSVC apparently) move a
signature towards the end of a message header, it is prudent that
DKIM verifiers search the entire header section for the listed
header fields. The Mail::DKIM module does so, I'm not sure about
the verifier at sendmail.net.
Mark
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
dkim-milter-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
