[exim-dev] [Bug 2017] New: DKIM failing on a dot terminator in test mode

admin Mon, 16 Jan 2017 03:19:21 -0800

https://bugs.exim.org/show_bug.cgi?id=2017


            Bug ID: 2017
           Summary: DKIM failing on a dot terminator in test mode
           Product: Exim
           Version: 4.88
          Hardware: x86
                OS: FreeBSD
            Status: NEW
          Severity: bug
          Priority: medium
         Component: DKIM
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected]

When simulating an email reception with "exim -bh <IP>", we are requested to
terminate the data with a CRLF-dot-CRLF sequence. The terminating dot-CLRF is
then included into the canonicalized body string, and in consequence the DKIM
signature fails with "bodyhash mismatch" even on perfectly good signatures.

An example section of a debug output for a message with a good DKIM signature
(pass in transmit) follows:

...
</blockquote></div></div></div><br></div>{LF}
</blockquote></div><br></div>{LF}
{LF}
--94eb2c1244feb957850545f8cf2e--{LF}
.{LF}

PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM [gmail.com] Body bytes hashed: 9559
PDKIM [gmail.com] bh  computed:
4372ba2a514f9d853896d4769e9a93a0eac28bd9eefe186b89a97691b60ca0a2
PDKIM [gmail.com] bh signature:
d0301500c1bfbcd41371be55cfdd5dd070d9696f287cefed88005932884be71b
PDKIM [gmail.com] Body hash did NOT verify

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

[exim-dev] [Bug 2017] New: DKIM failing on a dot terminator in test mode

Reply via email to