I'm definitely going to stick with "nofws" rather than "simple" canonicalization, as it does seem that "simple" is still problematic with at least one other system -- gmail. I'm using exim 4.62 w/ libdomainkeys-0.68 on OS X.4. Using "nofws" I am not seeing any sign of trouble.
Using "simple", I have successful validation when using Yahoo's [EMAIL PROTECTED], Sendmail's [EMAIL PROTECTED], and Skylist's http://www.skylist.net/resources/authentication.php testing services. Gmail still insists that it's bad, however! I've read the "domainkeys experiment and c=simple always bad" thread too, so I'm using a similar subject line here. At this point, since libdomainkeys is current, and things are validating at prominent test sites, I would blame GMail for validating the signature in a different way or having MTA's that tamper with key headers. I have submitted a report to them on that assumption. I also applied the recent patch posted to exim-dev which adds the "h" tag to to the signature to inform the receiver explicitly of which headers were included in the hash. I think this is a great addition. It did not affect the gmail validation trouble, however -- that seems specific to whitespace and/or header wrapping. FWIW, I recommend that people use "nofws" only -- in fact that should be the default, since "simple" is more fragile. Hope my couple experiences here can help a few others with this configuration setting. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
