[PacketFence-users] DKIM fails while sending packetfence emails.

Thu, 19 Nov 2015 05:08:26 -0800 

Hello. 
We are running PF 5.2 in in-line mode on Centos 6.xWe have postfix running 
locally with opendkim, opendmarc. All the packetfence emails are sent via the 
local MTA (postfix)
The mails are being delivered and are signed as they have DKIM signature, but 
the body hash fails. DNS TXT records for dmarc, dkim and spf are all valid and 
present. We have figured out what the issue is. Postfix is chopping certain 
lines of the messages  after a total of 74 characters. This is quite strange as 
the line length limit for Postfix is 998 characters and SMTP protocol line 
length limit is 1000 characters. But, what's even more puzzling is that the 
messages which are being sent out as text/plain are also being subjected to 
this chopping. 
Thus, the messages which have lines longer than 74 characters get chopped and 
split into two lines after DKIM signature is applied to the mail message. This 
results in incorrect body hash on the verifier's end. I have tested this with 
two different messages stated below.  I used the 
emails-guest_admin_pregistration.txt.tt template for this. Can anyone suggest 
what's going on and how can this be resolved?
Following is the original template messages which fails the DKIM verification 
at the verifier's end. As you can see, the lines have been chopped off and a 
'=' has been added towards the end of the line where the lines have been longer 
than 74 characters.
Hi  ,An account has been created for you to access our network.Once you will be 
on-site, authenticate using the following credentials to= our captive 
portal:Username: email.verifyPassword: passwordThis username and password will 
be valid starting 2015-11-18. Registratio=n must happen before 2015-11-19. Once 
authenticated the access will be va=lid for 1 hour.Please ignore this request 
if you have not requested network access.--This is a post only E-mail, please 
do not reply.


Following is the message which passes the DKIM verification at the verifier's 
end. I modified the template message so that no lines are longer than 74 
characters.
Hi  ,An account has been created for you to access our network.Username: 
email.verifyPassword: passwordPlease ignore this request if you have not 
requested network access.--This is a post only E-mail, please do not reply      
                                
------------------------------------------------------------------------------

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to