[exim] Exim4 vs Gmail - DKIM algorithms incompatibility

Top Page
Delete this message
Reply to this message
Author: Tomasz Kusy
Date:  
To: Exim-users
Subject: [exim] Exim4 vs Gmail - DKIM algorithms incompatibility
Hello,
Tested on Exim version 4.72 with DKIM.

We noticed weird problem.
Some of messages sent to gmail didn't pass DKIM verification:

Authentication-Results: mx.google.com;
        dkim=fail (test mode) header.i=@xxxxxx.xx


After hours of debug we found why:

     PDKIM >> Hashed header data, canonicalized, in sequence >>>>>>>>>>>>>>
     date:Thu,{SP}31{SP}Oct{SP}2013{SP}12:59:16{SP}+0100{CR}{LF}
subject:Test:{SP}+200{SP}=?UTF-8?Q?punkt=C3=B3w?={SP}w{SP}xxxxxx!{SP}{CR}{LF}
from:"XXXXX{SP}Newsletter"{SP}<newsletter@xxxxxxxx>{CR}{LF}
     PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<


In this case subject had whitespace (marked as {SP}) at end of line
(before {CR}{LF}) .
To compute hash for headers, exim uses this {SP}, but gmail ignores it.
The compare of hashes results in fail.

I know that this whitespace shouldn't occur there, but exim4 allows that.

Regards
Tomasz Kusy