Hi list, Recently i've switched on DKIM-signing for my outgoing messages. Works like a charm! Mostly.
One of my users botched the system by sending (automated) messages that have a ~20KB XML-dump all on one long line. The message in my logs is nothing more than "DKIM: message could not be signed, and dkim_strict is set. Deferring message delivery." without any further indication to *WHY* the signing failed. Even running a delivery in -d+all mode doesn't really give any details to why the signing failed. So, Googling brought me to a thread from 2012 [1], this subscriber reports about the line length being an issue for DKIM and reports the differences in checks for parts of the Exim code. I tried to get some info on this. Aparently RFC2822 specifies a line in an email should not exceed 998 chars (+CRLF=1000). I haven't heard of any MTA enforcing this and it would seem a bit low to me. Now i'm facing several questions... Why are there three different(!) MAX-settings in the Exim code? Why does Exim accept such mails in the first place? Why exactly can't it DKIM sign such messages? (Do other MTAs handle these situations gracefuly?) Why isn't any of this line length stuff discussed in the Fine Manual[2]? How do other mail ops handle such cases with regard to DKIM signing? Also, instead of deferring delivery for such messages, wouldn't it be nicer to freeze them in the queue and notify postmasters? The system now slows down deliveries for other (properly formatted) messages going to that same destination. This is how this came to my attention: users complaining that their email wasn't "instant" as everyone believes it was intended to be... ;) Any insights would be welcome! Thanks, -Sander. [1] http://www.gossamer-threads.com/lists/exim/users/93884 [2] http://www.exim.org/exim-html-current/doc/html/spec_html/ch-support_for_dkim_domainkeys_identified_mail.html -- | Scenery is here, wish you were beautiful. | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2
pgpH7C8EXsCVF.pgp
Description: PGP signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
