Jeremy Harris via Exim-users wrote:
> On 04/12/2022 06:33, Victor Sudakov via Exim-users wrote:
> > I have sent 10 short messages from the library.tomsk.ru host:
> >
> > echo "test test" | mail -s "test test" vas@XXXXXX vas@YYYYYY
> >
> > and its 10 times dkim=pass on FreeBSD and 10 times dkim=fail on Debian
> > so I guess it's consistent.
> >
> > However, I've noticed that when I send a larger mail, like
> >
> > uuencode /usr/bin/vi vi | mail -s "test test" vas@XXXXXX vas@YYYYYY
> >
> > then 10 of the 10 mails on Debian have dkim=pass. So the message size
> > or encoding is envolved somehow? What gives?
>
> So. Size-dependent, rx-end dependent, and seems consistently reproducible.
Correct.
>
> Could be the library used for hashing the body, or the way it's being
> driven, or the exact sizes of chunks of body being handed it.
[dd]
>
> A test here does not fail:
Can you give me an address to send a test mail to on one of your
Debian receivers? And we will look at what it says about the body.
>
>
> The body-hash differing implies, I think, that the signature algorithm isn't
> involved. I was using sha256; what's yours?
Hmm, how do I figure out? Below is the complete sender configuration,
without hiding anything:
remote_smtp:
driver = smtp
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
dkim_domain = library.tomsk.ru
dkim_selector = 20221203
dkim_private_key = /usr/local/etc/exim/dkim/library.tomsk.ru-private.pem
dkim_canon = relaxed
dkim_sign_headers = Date:From:To:Subject:Message-Id:In-Reply-To
I think it's using some exim default algorithm.
>
> I guess there's also the dkim canonicalisation. Mine was relaxed/relaxed.
> Yours?
dkim_canon = relaxed
>
> Can you set up the receiver exim with debug enabled? Either commandline
> option
> or ACL modifier can be used to enable that, the latter having the benefit of
> being able to only trace certain classes of connection. The interesting part
> would be the DKIM receive processing, which is in the debug "acl" channel.
What should I add to acl_smtp_dkim to enable debugging?
--
Victor Sudakov VAS4-RIPE
http://vas.tomsk.ru/
2:5005/49@fidonet
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
