Sorry - my bad. I found a mistake in my testing. The problem occurs if the signature is generated by Exim 4.76 (and verified by anyone) or if it is verified by Exim 4.76 (and generated by 4.80), but not otherwise. So I should just hurry up and move to 4.80.
Thanks, Tony On Thu, Jun 7, 2012 at 3:09 PM, Tony Meyer <[email protected]> wrote: > Hi, > > When I send a message through Exim that has an empty subject (i.e. the > subject header is there but has no value), the DKIM signature is > invalid. If the subject is present or is not in the message at all, > then the signature is valid. I'm using the default (i.e. unset) value > of dkim_sign_headers. > > Is this a bug? Something I'm doing wrong? The way it's meant to > work? (I've read the RFC, which discusses including headers in the > signature that aren't present in the message, but as far as I can > tell, an empty header should still be included). > > To verify the signature, I'm lazily using gmail, which adds an > authentication header like this for success: > > mx.google.com; spf=neutral (google.com: 31.25.103.16 is neither > permitted nor denied by best guess record for domain of > [email protected]) [email protected]; dkim=pass > [email protected] > > And an authentication header like this when the subject is present but empty: > > mx.google.com; spf=pass (google.com: domain of > [email protected] designates 188.40.178.54 as permitted > sender) [email protected]; dkim=hardfail > [email protected] > > (Exim 4.76 also considers the signature bad; I haven't tried with 4.80). > > Thanks, > Tony > > Full Exim configuration (minimal and created specifically to test > this, obviously): > > """ > acl_smtp_rcpt = acl_check_rcpt > begin acl > acl_check_rcpt: > accept > domains = spamexperts.com > deny > begin routers > dnslookup: > driver = dnslookup > transport = remote_smtp > same_domain_copy_routing = yes > begin transports > remote_smtp: > driver = smtp > dkim_domain = dkimtest.simplyspamfree.com > dkim_selector = testing > dkim_private_key = /tmp/key > """ > > Exim build information: > > """ > $ exim -bV > Exim version 4.80 #2 built 07-Jun-2012 04:33:34 > Copyright (c) University of Cambridge, 1995 - 2012 > (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2012 > Berkeley DB: Berkeley DB 4.6.21: (June 10, 2009) > Support for: iconv() DKIM > Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm > dbmjz dbmnz dnsdb > Authenticators: > Routers: accept dnslookup ipliteral manualroute queryprogram redirect > Transports: appendfile autoreply pipe smtp > Fixed never_users: 0 > Size of off_t: 8 > Configuration file is /usr/exim/configure > """ > > Message sending (Python): > > """ >>>> s = smtplib.SMTP("dkimtest.simplyspamfree.com") >>>> s.ehlo() > (250, 'dkimtest.simplyspamfree.com Hello tonyandrewmeyer.homeip.net > [60.234.179.13]\nSIZE 52428800\n8BITMIME\nPIPELINING\nHELP') >>>> s.mail("[email protected]") > (250, 'OK') >>>> s.rcpt("[email protected]") > (250, 'Accepted') >>>> s.data("Subject: 1\nFrom:[email protected]\n\nWith subject >>>> (good signature).") > (250, 'OK id=1ScSjb-0000uT-J7') >>>> s.quit() > (221, 'dkimtest.simplyspamfree.com closing connection') >>>> s = smtplib.SMTP("dkimtest.simplyspamfree.com") >>>> s.ehlo() > (250, 'dkimtest.simplyspamfree.com Hello tonyandrewmeyer.homeip.net > [60.234.179.13]\nSIZE 52428800\n8BITMIME\nPIPELINING\nHELP') >>>> s.mail("[email protected]") > (250, 'OK') >>>> s.rcpt("[email protected]") > (250, 'Accepted') >>>> s.data("From:[email protected]\n\nWithout subject (good >>>> signature).") > (250, 'OK id=1ScSkI-0000wP-3P') >>>> s.quit() > (221, 'dkimtest.simplyspamfree.com closing connection') >>>> s = smtplib.SMTP("dkimtest.simplyspamfree.com") >>>> s.ehlo() > (250, 'dkimtest.simplyspamfree.com Hello tonyandrewmeyer.homeip.net > [60.234.179.13]\nSIZE 52428800\n8BITMIME\nPIPELINING\nHELP') >>>> s.mail("[email protected]") > (250, 'OK') >>>> s.rcpt("[email protected]") > (250, 'Accepted') >>>> s.data("Subject:\nFrom:[email protected]\n\nWith empty >>>> subject (bad signature).") > (250, 'OK id=1ScSkn-0000wc-U0') >>>> s.quit() > (221, 'dkimtest.simplyspamfree.com closing connection') > """ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
