Hi Louis. Hope you are well. Thanks for your reply. Answers to your questions below:
- No, there are no other mail relays involved. Just Postfix 2.6.6 which is installed on the same machine as Packetfence. Sendmail has also been uninstalled. - No relayhost is set in Postfix. - As for default settings, I am guessing you are referring to smtpserver=localhost, which is kept as default. We do have different values for fromaddr and emailaddr which pertain to our domain. Interestingly when I sent your test email, here's the result of it - it passed DKIM verification. I am using port25 to verify emails. Return-Path: <[email protected]> Received: from mydomain.com (185.49.74.26) by verifier.port25.com id h9n78i20i3gh for <[email protected]>; Thu, 19 Nov 2015 08:28:41 -0500 (envelope-from <[email protected]>) Authentication-Results: verifier.port25.com; spf=pass [email protected] Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) [email protected] Authentication-Results: verifier.port25.com; dkim=pass (matches From: [email protected]) header.d=mydomain.com Authentication-Results: verifier.port25.com; sender-id=pass [email protected] DKIM-Filter: OpenDKIM Filter v2.10.3 mydomain.com 2F6C420A1F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mydomain.com; s=mail; t=1447939719; bh=VQu1/XUGxRCyPd1fqmJaNYciqXWqPDGCzw1scjqRIec=; h=To:Message-Id:From:From:To:Message-Id; b=LrbI0Ij2M9TKeVJTWrgVj/9tmtHdeIMAGk1z+opLCaTtl52uMFrzSNflVZNA45dsc 7C6D7K0i44fr5ldRmbvXU6P1FFoswSHoRPTje+OcenHc0+C74XmCiCX9zWH6pzyHnN U9aHKjlFAhc3qfNVirBYT1UIV+7GWy31ek4m7WpdD3p5Z2yIizcwj+zVVqKNvUGfRw Kqa0wGCNiRcYsw+U/wliaqg5DrJ4N+bKkK3OYZ5gmHBBSyn/XK+r5wGCq/N9IkgGE5 M76Q05G6IiQsNILsG6yFI8AFWho0d7rIrwc2GrpsVHeWZGzeK4ygzvmi/nTy6vuMfI 2n5Ottj6Uuy8g== Date: Thu, 19 Nov 2015 13:28:39 +0000 To: [email protected] Subject: test User-Agent: Heirloom mailx 12.4 7/29/08 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <[email protected]> From: [email protected] (root) This is a test of a very long line for which I am the very model of a modern MTA. PS. Sendmail is dead. ________________________________ > From: [email protected] > Date: Thu, 19 Nov 2015 08:23:00 -0500 > To: [email protected] > Subject: Re: [PacketFence-users] DKIM fails while sending packetfence emails. > > Hi Andy, > Are you sure it’s Postfix doing it? > I don’t want to doubt you but it does seem odd, so I am wondering if > there some other piece of the puzzle we may be missing. > > Can you tell us a little bit more about your setup as far as mail > relaying goes? > Is there another mail relay involved? Is a relay host set in postfix? > Did you change any of the defaults in PacketFence regarding mail > relaying and notifications? Check your conf/pf.conf if in doubt. > > Finally, does this also happen when sending emails without involving > PacketFence? > E.g. does it also affect any email sent using “mail”, as in > > # echo "This is a test of a very long line for which I am the very > model of a modern MTA. PS. Sendmail is dead." | mail -s test > [email protected]<mailto:[email protected]> > > Regards, > -- > Louis Munro > [email protected]<mailto:[email protected]> > :: www.inverse.ca<http://www.inverse.ca> > +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 > Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) > and PacketFence (www.packetfence.org<http://www.packetfence.org>) > > On Nov 19, 2015, at 8:00 , Andy A > <[email protected]<mailto:[email protected]>> wrote: > > Hello. > > We are running PF 5.2 in in-line mode on Centos 6.x > We have postfix running locally with opendkim, opendmarc. All the > packetfence emails are sent via the local MTA (postfix) > > The mails are being delivered and are signed as they have DKIM > signature, but the body hash fails. DNS TXT records for dmarc, dkim and > spf are all valid and present. We have figured out what the issue is. > Postfix is chopping certain lines of the messages after a total of 74 > characters. This is quite strange as the line length limit for Postfix > is 998 characters and SMTP protocol line length limit is 1000 > characters. But, what's even more puzzling is that the messages which > are being sent out as text/plain are also being subjected to this > chopping. > > Thus, the messages which have lines longer than 74 characters get > chopped and split into two lines after DKIM signature is applied to the > mail message. This results in incorrect body hash on the verifier's > end. I have tested this with two different messages stated below. I > used the emails-guest_admin_pregistration.txt.tt template for this. Can > anyone suggest what's going on and how can this be resolved? > > Following is the original template messages which fails the DKIM > verification at the verifier's end. As you can see, the lines have been > chopped off and a '=' has been added towards the end of the line where > the lines have been longer than 74 characters. > > Hi , > > An account has been created for you to access our network. > > Once you will be on-site, authenticate using the following credentials to= > our captive portal: > > Username: email.verify > Password: password > > This username and password will be valid starting 2015-11-18. Registratio= > n must happen before 2015-11-19. Once authenticated the access will be va= > lid for 1 hour. > > Please ignore this request if you have not requested network access. > -- > This is a post only E-mail, please do not reply. > > > > Following is the message which passes the DKIM verification at the > verifier's end. I modified the template message so that no lines are > longer than 74 characters. > > Hi , > > An account has been created for you to access our network. > > Username: email.verify > Password: password > > Please ignore this request if you have not requested network access. > -- > This is a post only E-mail, please do not reply > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing list > [email protected]<mailto:[email protected]> > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > ------------------------------------------------------------------------------ > > _______________________________________________ PacketFence-users > mailing list [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
