Hi, When I send a message through Exim that has an empty subject (i.e. the subject header is there but has no value), the DKIM signature is invalid. If the subject is present or is not in the message at all, then the signature is valid. I'm using the default (i.e. unset) value of dkim_sign_headers.
Is this a bug? Something I'm doing wrong? The way it's meant to work? (I've read the RFC, which discusses including headers in the signature that aren't present in the message, but as far as I can tell, an empty header should still be included). To verify the signature, I'm lazily using gmail, which adds an authentication header like this for success: mx.google.com; spf=neutral (google.com: 31.25.103.16 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]; dkim=pass [email protected] And an authentication header like this when the subject is present but empty: mx.google.com; spf=pass (google.com: domain of [email protected] designates 188.40.178.54 as permitted sender) [email protected]; dkim=hardfail [email protected] (Exim 4.76 also considers the signature bad; I haven't tried with 4.80). Thanks, Tony Full Exim configuration (minimal and created specifically to test this, obviously): """ acl_smtp_rcpt = acl_check_rcpt begin acl acl_check_rcpt: accept domains = spamexperts.com deny begin routers dnslookup: driver = dnslookup transport = remote_smtp same_domain_copy_routing = yes begin transports remote_smtp: driver = smtp dkim_domain = dkimtest.simplyspamfree.com dkim_selector = testing dkim_private_key = /tmp/key """ Exim build information: """ $ exim -bV Exim version 4.80 #2 built 07-Jun-2012 04:33:34 Copyright (c) University of Cambridge, 1995 - 2012 (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2012 Berkeley DB: Berkeley DB 4.6.21: (June 10, 2009) Support for: iconv() DKIM Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm dbmjz dbmnz dnsdb Authenticators: Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile autoreply pipe smtp Fixed never_users: 0 Size of off_t: 8 Configuration file is /usr/exim/configure """ Message sending (Python): """ >>> s = smtplib.SMTP("dkimtest.simplyspamfree.com") >>> s.ehlo() (250, 'dkimtest.simplyspamfree.com Hello tonyandrewmeyer.homeip.net [60.234.179.13]\nSIZE 52428800\n8BITMIME\nPIPELINING\nHELP') >>> s.mail("[email protected]") (250, 'OK') >>> s.rcpt("[email protected]") (250, 'Accepted') >>> s.data("Subject: 1\nFrom:[email protected]\n\nWith subject >>> (good signature).") (250, 'OK id=1ScSjb-0000uT-J7') >>> s.quit() (221, 'dkimtest.simplyspamfree.com closing connection') >>> s = smtplib.SMTP("dkimtest.simplyspamfree.com") >>> s.ehlo() (250, 'dkimtest.simplyspamfree.com Hello tonyandrewmeyer.homeip.net [60.234.179.13]\nSIZE 52428800\n8BITMIME\nPIPELINING\nHELP') >>> s.mail("[email protected]") (250, 'OK') >>> s.rcpt("[email protected]") (250, 'Accepted') >>> s.data("From:[email protected]\n\nWithout subject (good >>> signature).") (250, 'OK id=1ScSkI-0000wP-3P') >>> s.quit() (221, 'dkimtest.simplyspamfree.com closing connection') >>> s = smtplib.SMTP("dkimtest.simplyspamfree.com") >>> s.ehlo() (250, 'dkimtest.simplyspamfree.com Hello tonyandrewmeyer.homeip.net [60.234.179.13]\nSIZE 52428800\n8BITMIME\nPIPELINING\nHELP') >>> s.mail("[email protected]") (250, 'OK') >>> s.rcpt("[email protected]") (250, 'Accepted') >>> s.data("Subject:\nFrom:[email protected]\n\nWith empty >>> subject (bad signature).") (250, 'OK id=1ScSkn-0000wc-U0') >>> s.quit() (221, 'dkimtest.simplyspamfree.com closing connection') """ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
