[exim] Behaviour of dkim_sign_headers

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Tony Meyer
Data:  
Para: exim-users
Tópicos Antigos: Re: [exim] DKIM signing with empty headers
Assunto: [exim] Behaviour of dkim_sign_headers
Hi,

The documentation for this option says:

OPTIONAL: When set, this option must expand to (or be specified as) a colon-separated list of header names. Headers with these names will be included in the message signature. When unspecified, the header names recommended in RFC4871 will be used.

It sounds to me like this is intended to expose the "signed header fields" part of DKIM (i.e. the h= tag), although it doesn't say that explicitly.

The behaviour, as far as I can determine (see debugging process below), is not that, however. What happens is that the headers with those names will be included in the message signature *iff* they are present in the message being signed.

For example, in the message below I have dkim_sign_headers set to subject:to:from, and a message that has Subject: and From: headers, but no To: header, and the h= tag in the DKIM signature is From:Subject (i.e. "To" is missing).

Is this the intended behaviour of dkim_sign_headers? If so, is there any way to set the headers that will be included in h= (and therefore the signature)?

Thanks,
Tony

Exim version:

server1.test8.simplyspamfree.com:~$ /usr/exim/bin/exim -bV
Exim version 4.80 #5 built 20-Sep-2012 04:58:22
Copyright (c) University of Cambridge, 1995 - 2012
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2012
Berkeley DB: Berkeley DB 4.6.21: (June 10, 2009)
Support for: iconv() DKIM
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm dbmjz dbmnz dnsdb
Authenticators:
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile autoreply pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /usr/exim/configure

Data part of Exim debug output:

23922 SMTP>> DATA
23922 waiting for data on socket
23922 read response data: size=56
23922 SMTP<< 354 Enter message, ending with "." on a line by itself
23922 SMTP>> writing message and terminating "."
23922 writing data block fd=8 size=310 timeout=300
PDKIM >> Hashed body data, canonicalized >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
DKIM{SP}signing{SP}test.{CR}{LF}PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM [dkimtest.simplyspamfree.com] Body bytes hashed: 20
PDKIM [dkimtest.simplyspamfree.com] bh computed: 6f9649e04ec67550c6ad9c05d6f3fe0ddec2e47a019062147a1d8b2d1eef2347
PDKIM >> Hashed header data, canonicalized, in sequence >>>>>>>>>>>>>>
from:tony@???{CR}{LF}
subject:Hello{SP}world!{CR}{LF}
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM >> Signed DKIM-Signature header, canonicalized >>>>>>>>>>>>>>>>>
dkim-signature:v=1;{SP}a=rsa-sha256;{SP}q=dns/txt;{SP}c=relaxed/relaxed;{SP}d=dkimtest.simplyspamfree.com;{SP}s=testing;{SP}h=From:Subject;{SP}bh=b5ZJ4E7GdVDGrZwF1vP+Dd7C5HoBkGIUeh2LLR7vI0c=;{SP}b=;
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM [dkimtest.simplyspamfree.com] hh computed: a3b31fa092e45a6c5bf67fabd124c8984f446afe3628586f1b0f1fc177d6ba25
PDKIM [dkimtest.simplyspamfree.com] b computed: c8bc27d6387835fbf9b35e5d1cfad023f143a21c4d138993dcfc1ac65d3a3bf0034b17452892ba94bf207084738dc3afaef22ca9f3c300a81fbfecd4911726715f6fc62d01871cac4cf8da07716ee6f622c0390d72cb24867246caaeb2f1df523947c8219a54e7c90042077127f2247e99d5031e407f2d03e9620f1becf83660
23922 waiting for data on socket
23916 SMTP<< quit
23916 SMTP>> 221 server1.test8.simplyspamfree.com closing connection
23916 LOG: smtp_connection MAIN
23916 SMTP connection from (fyx.co.nz) [124.198.208.183] closed by QUIT
23916 search_tidyup called
23915 child 23916 ended: status=0x0
23915 normal exit, 0
23915 0 SMTP accept processes now running

Exim configuration:

server1.test8.simplyspamfree.com:~$ cat /usr/exim/configure
acl_smtp_rcpt = acl_check_rcpt
begin acl
acl_check_rcpt:
accept
domains = spamexperts.com
deny
begin routers
dnslookup:
driver = dnslookup
transport = remote_smtp
same_domain_copy_routing = yes
begin transports
remote_smtp:
driver = smtp
dkim_domain = dkimtest.simplyspamfree.com
dkim_selector = testing
dkim_private_key = /tmp/key
dkim_sign_headers = subject:to:from

Message sending:

220 server1.test8.simplyspamfree.com ESMTP Exim 4.80 Thu, 20 Sep 2012 09:27:52 +0200
helo fyx.co.nz
250 server1.test8.simplyspamfree.com Hello fyx.co.nz [124.198.208.183]
mail from:tony@???
250 OK
rcpt to:tony@???
250 Accepted
data
354 Enter message, ending with "." on a line by itself
Subject: Hello world!
From: tony@???

DKIM signing test.
.
250 OK id=1TEbB5-0006Dk-ER
quit
221 server1.test8.simplyspamfree.com closing connection