Re: Signing with OpenDKIM doesn't work when the content-type is multipart

Wed, 27 Nov 2013 05:30:14 -0800 

So I managed to get rid of this error.

The mail was effectively modified after being signed. The reason of that
was (indeed! :) ) that some <CR> were present in the message body.

I used this line of php to correct this:

$this->sMessage = str_replace("\r", "", $this->sMessage);

Thank you!

Jean-Christophe BEGUE
Ingénieur R&D - Devisubox
Marseille - France
+33 6 89 64 45 88
http://www.devisubox.com


2013/11/21 Wietse Venema <wie...@porcupine.org>

> Jean-Christophe Begue:
> > Wieste : apparently, the php script uses htmlMimeMail5.php, that you can
> > find here:
> >
> http://code.google.com/p/punchcms/source/browse/trunk/manager/libraries/htmlMimeMail5/htmlMimeMail5.php?r=87
> .
> >  I think it could be as buggy as you described, i'll try to dump the Raw
> > message.
>
> My guess is that your email contains >990 characters per line,
> causing the Postfix SMTP client to insert <CR><LF>SPACE>,
>
> Bad line endings can be fixed with message_strip_characters=\r,
> although I expect that c=relaxed/relaxed will take care of that, too.
>
>         Wietse
>
> > Viktor : thank you for the tip, i didin't figure the difference between
> > relaxed and simple, thank you. Your strategy for detecting post-added
> > fields seems good! I'll give it a try!
> >
> > Jean-Christophe BEGUE
> > Ing?nieur R&D - Devisubox
> > Marseille - France
> > +33 6 89 64 45 88
> > http://www.devisubox.com
> >
> >
> > 2013/11/21 Viktor Dukhovni <postfix-us...@dukhovni.org>
> >
> > > On Thu, Nov 21, 2013 at 09:07:44AM -0500, Wietse Venema wrote:
> > >
> > > > > DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=
> devisubox.com;
> > > s=mail;
> > > > >       t=1385028965;
> bh=75o/sAM/Vtv41UrIwg0b4q1zZtrst1XwSPtjrKyZij0=;
> > > > >
> > > h=To:Subject:From:Reply-To:Content-Type:Content-Transfer-Encoding:
> > > > >        Message-Id:Date;
> > > >
> > > > This email contains Content-Type: and Content-Transfer-Encoding:
> > > > without MIME-Version: header.  That is the result of buggy software.
> > >
> > > Furthermore, "simple" canonicalization is too fragile, use "relaxed"
> > > at least for the headers.  I would add "Cc" and "Content-Disposition"
> > > and all the above to the list headers signed even when absent (thus
> > > detecting downstream insertion as a DKIM signature failure).
> > >
> > > --
> > >         Viktor.
> > >
>

Reply via email to