https://bugs.exim.org/show_bug.cgi?id=2278
Bug ID: 2278 Summary: Invalid outgoing DKIM header signature Product: Exim Version: 4.86 Hardware: x86-64 OS: Linux Status: NEW Severity: bug Priority: medium Component: DKIM Assignee: t...@duncanthrax.net Reporter: bugzilla.exim.si...@arlott.org CC: exim-dev@exim.org If Exim is given a message with the following header, it fails to sign the headers correctly (and SpamAssassin agrees). Outgoing headers: Subject: Re: xxxxx xxxxxxx To: "xxxxx, xxx" <xxx.xx...@xxxxxxxxx.xxx> Cc: "xxxxxx, xxx" <xxx.xxx...@xxxxxxxxx.xxx> References: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...@xxx.xxxxxx.xxx.xx> <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@xxxxxx.xxxxx.xxxxxx> From: xxx xxxxxx <x...@xxxxxx.xxx> Message-ID: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...@xxx.xxxxxx.xxx.xx> Date: Thu, 24 May 2018 17:19:53 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@xxxxxx.xxxxx.xxxxxx> Content-Type: multipart/alternative; boundary="------------8DB30605A0D35CCA4247A948" Content-Language: en-US Outgoing debug: PDKIM >> Hashed body data, canonicalized >>>>>>>>>>>>>>>>>>>>>>>>>>>>> PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< PDKIM [arlott.org] Body bytes hashed: 0 PDKIM [arlott.org] bh computed: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 PDKIM >> Hashed header data, canonicalized, in sequence >>>>>>>>>>>>>> content-type:multipart/alternative;{SP}boundary="------------8DB30605A0D35CCA4247A948"{CR}{LF} in-reply-to:<xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@xxxxxx.xxxxx.xxxxxx>{CR}{LF} mime-version:1.0{CR}{LF} date:Thu,{SP}24{SP}May{SP}2018{SP}17:19:53{SP}+0100{CR}{LF} message-id:<xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...@xxx.xxxxxx.xxx.xx>{CR}{LF} from:xxx{SP}xxxxxx{SP}<x...@xxxxxx.xxx>{CR}{LF} references:<xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...@xxx.xxxxxx.xxx.xx>{SP}<xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@xxxxxx.xxxxx.xxxxxx>{CR}{LF} cc:"xxxxxx,{SP}xxx"{SP}<xxx.xxx...@xxxxxxxxx.xxx>{CR}{LF} to:"xxxxx,{SP}xxx"{SP}<xxx.xx...@xxxxxxxxx.xxx>{CR}{LF} subject:Re:{SP}xxxxx{SP}xxxxxxx{CR}{LF} PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< PDKIM >> Signed DKIM-Signature header, canonicalized >>>>>>>>>>>>>>>>> dkim-signature:v=1;{SP}a=rsa-sha256;{SP}q=dns/txt;{SP}c=relaxed/relaxed;{SP}d=arlott.org;{SP}s=20180217;{SP}h=Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:{SP}References:Cc:To:Subject;{SP}bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;{SP}b={SP}; PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< PDKIM [arlott.org] hh computed: 2ef7f83ea7361a44c1386bb27ab88738497c5186a97bd37e4ed42fb0c0ed05ee PDKIM [arlott.org] b computed: a1d98575e1bb5527af3180e2008f8a377df927053ac0968a353076676a6919b357c5b4f4983faa0b996355cd1eab20577e762493a742a565a095104d1580cdfd174dd9e2eb0ba8ecdca54b26cb2f16e1f0044b40ad60455692dee5b0c32f943c49e88460fc934738917222d6303249119944ada50c34e147e50742204389cf0ebde45ef0ccdc25cf03c2a1816a8ce64c0402c42ea6a0067a1b41714afe469068bb9578f7fc75a784fc3b4011f190752027de31e328d31e22351fb669e99d98f39a0708c82e2c5b8659a65d724d7c095491829b7a19cc62ab3fb889b2f8bc94d8978cfd904b7fcb8169938a370646164ebe3a82e2d3c4fd904f02b9ce062c3328 Incoming debug: PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< PDKIM [arlott.org] Body bytes hashed: 0 PDKIM [arlott.org] bh computed: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 PDKIM [arlott.org] Body hash verified OK PDKIM >> Hashed header data, canonicalized, in sequence >>>>>>>>>>>>>> content-type:multipart/alternative;{SP}boundary="------------8DB30605A0D35CCA4247A948"{CR}{LF} in-reply-to:<xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@xxxxxx.xxxxx.xxxxxx>{CR}{LF} mime-version:1.0{CR}{LF} date:Thu,{SP}24{SP}May{SP}2018{SP}17:19:53{SP}+0100{CR}{LF} message-id:<xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...@xxx.xxxxxx.xxx.xx>{CR}{LF} from:xxx{SP}xxxxxx{SP}<x...@xxxxxx.xxx>{CR}{LF} references:<xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...@xxx.xxxxxx.xxx.xx>{SP}<xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@xxxxxx.xxxxx.xxxxxx>{CR}{LF} cc:"xxxxxx,{SP}xxx"{SP}<xxx.xxx...@xxxxxxxxx.xxx>{CR}{LF} to:"xxxxx,{SP}xxx"{SP}<xxx.xx...@xxxxxxxxx.xxx>{CR}{LF} subject:Re:{SP}xxxxx{SP}xxxxxxx{CR}{LF} PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< PDKIM >> Signed DKIM-Signature header, canonicalized >>>>>>>>>>>>>>>>> dkim-signature:v=1;{SP}a=rsa-sha256;{SP}q=dns/txt;{SP}c=relaxed/relaxed;{SP}d=arlott.org;{SP}s=20180217;{SP}h=Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:{SP}References:Cc:To:Subject;{SP}bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;{SP}b=; PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< PDKIM [arlott.org] hh computed: 746daafc75e21529a1d355324f7abad5fc452db64e7a76586df17dcae1dd2a11 18:07:37 3831 DNS lookup of 20180217._domainkey.arlott.org. (TXT) succeeded PDKIM >> Parsing public key record >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Raw record: v=DKIM1;{SP}h=sha256;{SP}t=s;{SP}p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttFLnO+LAZMtNtiEY2IeDql/2PbnHMADkamsoCchqOafUokYxBX7Mm/D4YarG14ACmxOk9WqqmZRYlOjxHtiq9hzgJJ82LQomRNHE88tirlA5zBMU39bYaQLKBgfLE4MA7zlpxi1rYRk8IsnNMpVpTN/mYj3Y0jQjS0Wrce4PRFqhTzE+fLcoyYXGs6ta3h+O7Jsv+FHtQIm8qLudVZg+BgVHGnwFHxPvxHuedY5nxvmqNLSmFtsgR2mOdP/pgxXeLpsVuDR6IqIWCqNDElXZ3c0LIl855DtjP2QUVARbIi9hMu5dfBHYpLoyUQwRnOPJs1nQfd7ztTVgaFcT0G+0QIDAQAB v=DKIM1 h=sha256 t=s p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttFLnO+LAZMtNtiEY2IeDql/2PbnHMADkamsoCchqOafUokYxBX7Mm/D4YarG14ACmxOk9WqqmZRYlOjxHtiq9hzgJJ82LQomRNHE88tirlA5zBMU39bYaQLKBgfLE4MA7zlpxi1rYRk8IsnNMpVpTN/mYj3Y0jQjS0Wrce4PRFqhTzE+fLcoyYXGs6ta3h+O7Jsv+FHtQIm8qLudVZg+BgVHGnwFHxPvxHuedY5nxvmqNLSmFtsgR2mOdP/pgxXeLpsVuDR6IqIWCqNDElXZ3c0LIl855DtjP2QUVARbIi9hMu5dfBHYpLoyUQwRnOPJs1nQfd7ztTVgaFcT0G+0QIDAQAB PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< PDKIM [arlott.org] signature status: PDKIM_VERIFY_FAIL (PDKIM_VERIFY_FAIL_MESSAGE) Incoming headers: Received: by * with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from <*@*>) id 1fLtiD-0000zn-RO for postmaster@example.invalid; Thu, 24 May 2018 18:07:38 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=arlott.org; s=20180217; h=Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From: References:Cc:To:Subject; bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=; b= odmFdeG7VSevMYDiAI+KN335JwU6wJaKNTB2Z2ppGbNXxbT0mD+qC5ljVc0eqyBXfnYkk6dCpWWgl RBNFYDN/RdN2eLrC6js3KVLJssvFuHwBEtArWBFVpLe5bDDL5Q8SeiEYPyTRziRciLWMDJJEZlEra UMNOFH5QdCIEOJzw695F7wzNwlzwPCoYFqjOZMBALELqagBnobQXFK/kaQaLuVePf8daeE/DtAEfG QdSAn3jHjKNMeIjUftmnpnZjzmgcIyC4sW4ZZpl1yTXwJVJGCm3oZzGKrP7iJsvi8lNiXjP2QS3/L gWmTijcGRhZOvjqC4tPE/ZBPArnOBiwzKA==; Received: by * with esmtp (Exim 4.86_2) (envelope-from <*@*>) id 1fLthE-0008DC-Sl for postmaster@example.invalid; Thu, 24 May 2018 18:06:43 +0100 Subject: Re: xxxxx xxxxxxx To: "xxxxx, xxx" <xxx.xx...@xxxxxxxxx.xxx> Cc: "xxxxxx, xxx" <xxx.xxx...@xxxxxxxxx.xxx> References: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...@xxx.xxxxxx.xxx.xx> <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@xxxxxx.xxxxx.xxxxxx> From: xxx xxxxxx <x...@xxxxxx.xxx> Message-ID: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...@xxx.xxxxxx.xxx.xx> Date: Thu, 24 May 2018 17:19:53 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@xxxxxx.xxxxx.xxxxxx> Content-Type: multipart/alternative; boundary="------------8DB30605A0D35CCA4247A948" Content-Language: en-US DKIM DNS RR: 20180217._domainkey.arlott.org. 3600 IN TXT "v=DKIM1; h=sha256; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttFLnO+LAZMtNtiEY2IeDql/2PbnHMADkamsoCchqOafUokYxBX7Mm/D4YarG14ACmxOk9WqqmZRYlOjxHtiq9hzgJJ82LQomRNHE88tirlA5zBMU39bYaQLKBgfLE4MA7zlpxi1rYRk8IsnNMpVpTN/" "mYj3Y0jQjS0Wrce4PRFqhTzE+fLcoyYXGs6ta3h+O7Jsv+FHtQIm8qLudVZg+BgVHGnwFHxPvxHuedY5nxvmqNLSmFtsgR2mOdP/pgxXeLpsVuDR6IqIWCqNDElXZ3c0LIl855DtjP2QUVARbIi9hMu5dfBHYpLoyUQwRnOPJs1nQfd7ztTVgaFcT0G+0QIDAQAB" -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##