Håkon Alstadheim via Postfix-users wrote in
<[email protected]>:
|I am having trouble that mail to some recipients from an outlook user is
|getting DKIM fail. I /believe/ (*) this is because a header with an
|empth first line, like:
|
|> References:
|> <cabw_nmrffv9cx-xfrqjwbbazddabzgr_8bhqcb7mfm_yg+m...@mail.gmail.com>
|> <[email protected]>
|
|is "fixed" by upstream to not start with an empty line, thus breaking
|dkim signing. Mail leaving my host has DKIM signature containing:
|
|[...]References:=0D=0A=09<CABW_NmRF[...]
This header should not undergo Content-Transfer-Encoding, like
quoted-printable in the example. It has no business with MIME.
The mailer user agent or whatever generates this is wrong, as
it breaks the RFC 5321 defined allowed content of References.
It is possibly questionable whether postfix should reject this, or
correct this, or whatever.
Beside this DKIM works on the raw data, and therefore should
see exactly what you show above. It does not even know whether
that is right or wrong, is has no business with content
verification, it only normalizes the data stream according to
rules (whitespace, mostly), in order to be able to
cryptographically verify what is has seen, portably.
|Putting a header_checks with "/^References:[\x0a\x0d\x09\x20]+(.*)/
|REPLACE References: $1" seems to have fixed dkim-signing, but I've
|noticed that attached ("nested") emails also get edited, and I'd like to
|*only* edit the actual message headers, leaving attachments alone.
|Anybody have a recipe for that?
|
|* Note: I don't *know* that I'm on the right track here. I've had
|trouble getting hold of mails as they look at the receiving end, and not
|all mails fail, maybe because the headers don't have empty lines, maybe
|because I'm totally wrong in my understanding.
This is very mysterious. Especially since what you say you have
removed is actually bytes that are part of the normalization
pattern of DKIM..
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
