> Hello,
>
> upon receiving an email with:
>
> To: Aaaaaaa aaa Aaaaaaaa <aaaa...@example33.org>,Bbb bbb Bbbbbbbbbb
> <b...@example.int>
>
> - notice the missing space after the comma - sendmail passes the
> unmodified header to milters, e.g. for adding DKIM-Signature, and then
> rewrites the header to
>
> To: Aaaaaaa aaa Aaaaaaaa <aaaa...@example33.org>,
> Bbb bbb Bbbbbbbbbb
> <b...@example.int>
>
> The introduction of a white space/new line after the comma is not
> conformant to DKIM relaxed Header Canonicalization Algorithm (https://t
> ools.ietf.org/html/rfc6376#section-3.4.2): this change breaks the
> signature, just made by the milter.
>
> Does postfix (consider the header as valid and therefore) keep the
> header unchanged?
First of all, Postfix rewrites headers before calling Milters,
so it cannot break its own DKIM signatures unless you do
something with milter_header_checks or content filters.
In the case of DKIM-signed mail that arrived from elsewhere, after
2005, if Postfix does not have to change* any ADDRESS in a message
header, then it will not change the header at all (i.e. no
parse/unparse. no line folding, etc.).
* Either address rewriting is disabled (controlled with
local_header_rewrite_clients) or all addresses are already in the
desired form.
If any address in the header needs to be rewritten, then of course
that will invalidate any prior DKIM signatures, regardless of a
header line will be folded.
Wietse
