Jean-Christophe Begue:
> Hello,
>
> I'm running postfix 2.7.0 and OpenDKIM Filter v2.0.2 on Ubuntu 10.04.4 LTS.
The critical component that you fail to mention is the program that
generates the email. And that program is the most likely source of
the problem.
> I suspect that i'm missing something that postfix does to my email after it
> has been signed, thus invalidating the signature.
I suspect that you are sending improperly-formatted email.
With improperly-formatted mail there is no guarantee that any MTA,
Postfix or otherwise, will preserve DKIM signatures.
Examples of mistakes (there can be other mistakes than these):
- Lines > 990 characters. The Postfix SMTP client will fold such
lines (insert <CR><LF><SPACE>) to avoid violating SMTP standards,
This means that mail is changed after it is DKIM signed.
- Lines with extra <CR> characters. Some buggy (PHP-based) mail
apps send a mess with some lines ending in <LF> and other lines
in <CR><LF>. The Postfix 2.9 sendmail command cleans up this
mess. Older Postfix versions will send mail that violates SMTP.
You can avoid this with "message_strip_characters = \r" in main.cf.
- Non-ASCII text in 7-bit Content-Transfer-Encoding. Postfix does not
care but it will send mail that violates SMTP and other software
may care about such things.
> DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=devisubox.com; s=mail;
> t=1385028965; bh=75o/sAM/Vtv41UrIwg0b4q1zZtrst1XwSPtjrKyZij0=;
> h=To:Subject:From:Reply-To:Content-Type:Content-Transfer-Encoding:
> Message-Id:Date;
This email contains Content-Type: and Content-Transfer-Encoding:
without MIME-Version: header. That is the result of buggy software.
Wietse
