On 04/12/2022 06:33, Victor Sudakov via Exim-users wrote:
I have sent 10 short messages from the library.tomsk.ru host:
echo "test test" | mail -s "test test" vas@XXXXXX vas@YYYYYY
and its 10 times dkim=pass on FreeBSD and 10 times dkim=fail on Debian
so I guess it's consistent.
However, I've noticed that when I send a larger mail, like
uuencode /usr/bin/vi vi | mail -s "test test" vas@XXXXXX vas@YYYYYY
then 10 of the 10 mails on Debian have dkim=pass. So the message size
or encoding is envolved somehow? What gives?
So. Size-dependent, rx-end dependent, and seems consistently reproducible.
Could be the library used for hashing the body, or the way it's being
driven, or the exact sizes of chunks of body being handed it.
FreeBSD sender:
Compiler: CLang [10.0.1 ([email protected]:llvm/llvm-project.git
llvmorg-10.0.1-0-gef32c611aa2)]
Probably Berkeley DB version 1.8x (native mode)
Library version: OpenSSL: Compile: OpenSSL 1.1.1l-freebsd 24 Aug 2021
Runtime: OpenSSL 1.1.1l-freebsd 24 Aug 2021
: built on: reproducible build, date
unspecified
FreeBSD receiver:
Compiler: CLang [10.0.1 ([email protected]:llvm/llvm-project.git
llvmorg-10.0.1-0-gef32c611aa2)]
Probably Berkeley DB version 1.8x (native mode)
Library version: OpenSSL: Compile: OpenSSL 1.1.1l-freebsd 24 Aug 2021
Runtime: OpenSSL 1.1.1l-freebsd 24 Aug 2021
: built on: reproducible build, date
unspecified
Debian receiver YYYYYY:
Compiler: GCC [10.2.1 20210110]
Library version: GnuTLS: Compile: 3.7.1
Runtime: 3.7.1
A test here does not fail:
Sender:
FreeBSD 13.0-ALPHA3
Exim version: 4.96+ (44b6e099b76f403a55e77650821f8a69e9d2682e)
Compiler: CLang [11.0.1 ([email protected]:llvm/llvm-project.git
llvmorg-11.0.1-0-g43ff75f2c3fe)]
OpenSSL 1.1.1i-freebsd 8 Dec 2020
Command-line exim initiation, stdin from "echo -e 'Subject: test\n\nSmall
body\n'"
DKIM used ed25519-sha256
Receiver A:
Debian 11
Debian 5.10.127-1 (2022-06-30)
Exim version: 4.96+ (44b6e099b76f403a55e77650821f8a69e9d2682e)
Compiler: GCC [10.2.1 20210110]
GnuTLS: Compile: 3.7.1
Runtime: 3.7.1
Log line: DKIM: d=wizmail.org s=e202001 c=relaxed/relaxed a=ed25519-sha256
b=512 [verification succeeded
Receiver B:
Debian 11
Debian 5.10.127-1 (2022-06-30)
Exim version: 4.96+ (44b6e099b76f403a55e77650821f8a69e9d2682e)
Compiler: GCC [10.2.1 20210110]
OpenSSL: Compile: OpenSSL 1.1.1n 15 Mar 2022
Log line: DKIM: d=wizmail.org s=e202001 c=relaxed/relaxed a=ed25519-sha256
b=512 [verification succeeded]
The body-hash differing implies, I think, that the signature algorithm isn't
involved. I was using sha256; what's yours?
I guess there's also the dkim canonicalisation. Mine was relaxed/relaxed.
Yours?
Can you set up the receiver exim with debug enabled? Either commandline option
or ACL modifier can be used to enable that, the latter having the benefit of
being able to only trace certain classes of connection. The interesting part
would be the DKIM receive processing, which is in the debug "acl" channel.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
