[exim] DKIM verification strangeness

Top Page
Delete this message
Reply to this message
Author: Martijn Grendelman
Date:  
To: exim-users
Subject: [exim] DKIM verification strangeness
Hi,

I have been experimenting with Exim's experimental DKIM support (v4.69),
and now I have run into something that I can't explain.

Verification of DKIM signed mail works, at least for mail that I sent
and signed myself:

Authenticaton-Results: post.dev-zero.nl; dkim=good
header.i=@grendelman.net

Now, I have a Gmail account set up to forward mail to my personal
mailbox, and when I send a signed mail there, Google checks my
signature, and finds it OK:

Authenticaton-Results: mx.google.com; spf=neutral (...)
smtp.mail=martijn@???; dkim=pass header.i=@grendelman.net

but when my own Exim server receives the mail back from Google, the DKIM
signature is found bad:

Authenticaton-Results: post.dev-zero.nl; dkim=bad header.i=@grendelman.net

The only reason I can think of why this would happen, is if Google
changed the message somehow before forwarding it, but I can't find any
evidence that they did, at least not the body, or any of the signed
headers (h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type).

I have in the DATA ACL:

warn  message     = Authentication-Results: $primary_hostname; \
                 dkim=${lookup dkim{DKIM_DOMAIN}} header.i=@DKIM_DOMAIN
      log_message = DKIM results for DKIM_DOMAIN: ${lookup
dkim{DKIM_DOMAIN}}
      !condition  = ${if eq{${lookup dkim{DKIM_DOMAIN}}}{unsigned} }


Any idea why this happens?

Thanks,
Martijn.