Andrew C Aitchison via mailop <[email protected]> writes: > Bearing in mind RFC6376 section 8.2 > https://datatracker.ietf.org/doc/html/rfc6376#section-8.2 > I have my system set to warn me of messages which set a length > to the DKIM signed part of the message body with the l= tag. > > I have recently seen messages on this list (from more than > one person) that have DKIM headers with l= values, > and no they had not DKIM signed (and oversigned) the Content-Type: > header to protext against > https://www.zone.eu/blog/bimi-and-dmarc-cant-save-you/ > > Have things changed so that it is now safe to use DKIM l= > - eg as a perfomance optimisation (saves reading the body twice) ?
Thank you for your interest in DKIM, Andrew! So i did test with opendkim
at localhost.
<code: /some/path/setup-policy.lua>
-- -*- coding: utf-8 -*-
-- test with l= tag
from2822 = odkim.get_header(ctx, "From", 0)
odkim.log(ctx, "RFC2822.From:"..from2822)
local AUID = "soyeomul@"
if string.find(from2822, AUID, 1, true) ~= nil then
odkim.use_ltag(ctx)
odkim.sign(ctx, "smtp.gmail.com")
end
</code>
<log>
Jan 28 15:17:46 thinkpad-e495 postfix/pickup[4654]: 25001D62A63: uid=1000
from=<soyeomul>
Jan 28 15:17:46 thinkpad-e495 postfix/cleanup[6144]: 25001D62A63:
message-id=<[email protected]>
Jan 28 15:17:46 thinkpad-e495 opendkim[5432]: 25001D62A63: no signing table
match for '[email protected]'
Jan 28 15:17:46 thinkpad-e495 opendkim[5432]: RFC2822.From: BH
<[email protected]>
Jan 28 15:17:46 thinkpad-e495 opendkim[5432]: 25001D62A63: DKIM-Signature field
added (s=smtp.gmail.com, d=doraji.xyz)
Jan 28 15:17:46 thinkpad-e495 postfix/qmgr[4653]: 25001D62A63:
from=<[email protected]>, size=480, nrcpt=1 (queue active)
Jan 28 15:17:46 thinkpad-e495 postfix/local[6146]: 25001D62A63:
to=<soyeomul@localhost>, relay=local, delay=0.04, delays=0.03/0.01/0/0,
dsn=2.0.0, status=sent (delivered to mailbox)
Jan 28 15:17:46 thinkpad-e495 postfix/qmgr[4653]: 25001D62A63: removed
</log>
<quote: result and demonstration>
soyeomul@thinkpad-e495:/tmp$ sudo opendkim-testkey -vv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: record 0 for 'smtp.gmail.com' retrieved
opendkim-testkey: checking key 'smtp.gmail.com'
opendkim-testkey: key smtp.gmail.com secure
opendkim-testkey: record 1 for 'Haewon-Boeun' retrieved
opendkim-testkey: checking key 'Haewon-Boeun'
opendkim-testkey: key Haewon-Boeun secure
opendkim-testkey: 2 keys checked; 2 pass, 0 fail
soyeomul@thinkpad-e495:/tmp$ ls -l /tmp/new
-rw------- 1 soyeomul soyeomul 1287 1월 28 15:19 /tmp/new
soyeomul@thinkpad-e495:/tmp$ file /tmp/new
/tmp/new: ASCII text
soyeomul@thinkpad-e495:/tmp$ sudo opendkim-testmsg < /tmp/new
soyeomul@thinkpad-e495:/tmp$ cat /tmp/new
From [email protected] Wed Jan 28 15:17:46 2026
Return-Path: <[email protected]>
X-Original-To: soyeomul@localhost
Delivered-To: soyeomul@localhost
Received: by thinkpad-e495.home.arpa (Postfix, from userid 1000)
id 25001D62A63; Wed, 28 Jan 2026 15:17:46 +0900 (KST)
DKIM-Filter: OpenDKIM Filter v2.11.0 thinkpad-e495.home.arpa 25001D62A63
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=doraji.xyz;
s=smtp.gmail.com; t=1769581066; x=1770185866;
bh=IRxDRRI7UA9o+JTgd7p+7cL7QA3JKn5SlBFWm9P+Xa0=; l=5;
h=Date:From:To:Subject:From;
b=CvLEHTQLB7OtSpG5OMtHzsl19v/g15qnfQXv6qzA24Kz70XrF2c8LbP4BHuB3ZNr3
9zPIaS4qhNBuDbz7qJ4CqTfUCvrAZy8IWZlTu8QrW2L2/x97PXDDL6eChBveAP/pHs
ML7ysH7vVaPaMRQGyJpJZhtXQq96bawOiJNJ5XHERIJtq1EhBN9q1XwUegnbhjUKjX
oBaWNF5yuliv+P3/ScSpNK0xbD/UCd+WinyuLD59D/T/R99AKc8bQrmAfd6wrw1fb0
twXOGc7Pxv9jRzYdSZtyJ/tzGNS8tr6zA7c3mC+0oCf24pPxDUqSd5g5uPrk66WzuB
qSVH3LLa5nZlA==
Date: Wed, 28 Jan 2026 15:17:46 +0900
From: BH <[email protected]>
To: soyeomul@localhost
Subject: new test
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.9.4 (2018-02-28)
Status: RO
Content-Length: 4
Lines: 1
hi~
soyeomul@thinkpad-e495:/tmp$ echo -e "\nAnd i will Always love You HJ^^^" >>
/tmp/new
soyeomul@thinkpad-e495:/tmp$ cat /tmp/new
From [email protected] Wed Jan 28 15:17:46 2026
Return-Path: <[email protected]>
X-Original-To: soyeomul@localhost
Delivered-To: soyeomul@localhost
Received: by thinkpad-e495.home.arpa (Postfix, from userid 1000)
id 25001D62A63; Wed, 28 Jan 2026 15:17:46 +0900 (KST)
DKIM-Filter: OpenDKIM Filter v2.11.0 thinkpad-e495.home.arpa 25001D62A63
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=doraji.xyz;
s=smtp.gmail.com; t=1769581066; x=1770185866;
bh=IRxDRRI7UA9o+JTgd7p+7cL7QA3JKn5SlBFWm9P+Xa0=; l=5;
h=Date:From:To:Subject:From;
b=CvLEHTQLB7OtSpG5OMtHzsl19v/g15qnfQXv6qzA24Kz70XrF2c8LbP4BHuB3ZNr3
9zPIaS4qhNBuDbz7qJ4CqTfUCvrAZy8IWZlTu8QrW2L2/x97PXDDL6eChBveAP/pHs
ML7ysH7vVaPaMRQGyJpJZhtXQq96bawOiJNJ5XHERIJtq1EhBN9q1XwUegnbhjUKjX
oBaWNF5yuliv+P3/ScSpNK0xbD/UCd+WinyuLD59D/T/R99AKc8bQrmAfd6wrw1fb0
twXOGc7Pxv9jRzYdSZtyJ/tzGNS8tr6zA7c3mC+0oCf24pPxDUqSd5g5uPrk66WzuB
qSVH3LLa5nZlA==
Date: Wed, 28 Jan 2026 15:17:46 +0900
From: BH <[email protected]>
To: soyeomul@localhost
Subject: new test
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.9.4 (2018-02-28)
Status: RO
Content-Length: 4
Lines: 1
hi~
And i will Always love You HJ^^^
soyeomul@thinkpad-e495:/tmp$ sudo opendkim-testmsg < /tmp/new
soyeomul@thinkpad-e495:/tmp$
</quote>
As you can see above, your concerns about the l= tag risk are correct,
thanks!
Sincerely, Byunghee
signature.asc
Description: PGP signature
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
