Re: [exim] exim 4.82 + dkim signing

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Maxim Shpakov
Dátum:  
Címzett: Tom Kistner
CC: exim-users, Phil Pennock
Tárgy: Re: [exim] exim 4.82 + dkim signing
Hi!

I can't confirm this problem when using SMTP for delivery.
I can reproduce this bug only using command line "exim" for delivery.

.......
250 Accepted
+ echo -ne 'DATA\n'
+ sleep 1
354 Enter message, ending with "." on a line by itself
+ echo -ne 'To: check-auth2@???\nFrom:
my@???\nSubject: test\nContent-Type: text/plain;
charset=utf-8\n\nTest\r\n\r\nTest\n\n\n.\n'
+ sleep 1
250 OK id=1WFUbc-0005aO-Sm
.......

DKIM check:         pass
...
Canonicalized Body:
    Test'0D''0A'
    '0D''0A'
    Test'0D''0A'
...



2014-02-17 13:40 GMT+03:00 Tom Kistner <tom@???>:
> This looks like an interaction problem of Exim with the pdkim lib. I've run
> some test on library level with these inputs and they are fine.
>
> I believe there's some line-ending stuffing going on on Exim's side,
> particularly for command-line submissions. The pdkim lib expects all inputs
> to only use CRLF line termination, if it receives mixed input it might just
> behave like in the posted examples.
>
> @Maxim: On your system, if you submit a test mail with an empty line via
> SMTP, using a standard mail client, does it also fail verification?
>
> Thx,
>
> /tom
>
>
>
> On Mon, Feb 17, 2014 at 10:33 AM, Tom Kistner <tom@???> wrote:
>>
>> Yeah that looks like a bug. I'll check it out.
>>
>>
>>
>> On Mon, Feb 17, 2014 at 9:49 AM, Phil Pennock <pdp@???> wrote:
>>>
>>> Tom,
>>>
>>> I can confirm that when I send mail off-box with DKIM signing in Exim,
>>> the \r\n\r\n sequence between the two "Test" lines becomes \n\n\n by the
>>> time that it comes back to me.
>>>
>>> Do you know what might be going on here, please?
>>>
>>> -Phil
>>>
>>>
>>> ---------- Forwarded message ----------
>>> From: Maxim Shpakov <maxim@???>
>>> To: exim-users@???
>>> Cc:
>>> Date: Sun, 16 Feb 2014 16:48:52 +0300
>>> Subject: [exim] exim 4.82 + dkim signing
>>> Hi all!
>>>
>>> I'm using exim 4.82 on centos 6 with dkim signing enabled.
>>> Signing is working fine with some little but very annoying exception.
>>>
>>> When I send email with empty line (\r\n) in body, dkim check always
>>> fails on other side (gmail, port25 dkim verifier)
>>>
>>> I've created test case to reproduce my problem
>>>
>>> echo -e "To: check-auth2@???\nFrom:
>>> maxim@???\nSubject: test\nContent-Type: text/plain;
>>> charset=utf-8\n\nTest\r\n\r\nTest" | exim -v -f maxim@???
>>> check-auth2@???
>>>
>>> >>>
>>> PDKIM >> Hashed body data, canonicalized >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> Test{CR}{LF}{CR}{CR}{LF}Test{CR}{LF}PDKIM
>>> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>>> <<<
>>>
>>> Answer from port25 dkim checker:
>>>
>>> DKIM check details:
>>> ------------------------------
>>> ----------------------------
>>> Result:         fail (wrong body hash: expected
>>> l9qLW/Z1TIMHEIl16x0J09yLZXuCbdcdVGCHdUgSvhQ=)
>>> ........
>>> Canonicalized Body:
>>>     Test'0D''0A'
>>>     '0D''0A'
>>>     '0D''0A'
>>>     Test'0D''0A'

>>>
>>> =========
>>>
>>> I've made some more tests:
>>>
>>> \r\n\space\r\n = {CR}{LF}{CR}{LF} => dkim ok
>>> \r\n\n = {CR}{LF}{CR}{LF} => dkim ok
>>> \n\n = {CR}{LF}{CR}{LF} => dkim ok
>>> \r\n\r\n = {CR}{LF}{CR}{CR}{LF} => dkim fail
>>> \n\r\n = {CR}{LF}{CR}{CR}{LF} => dkim fail
>>> \n\space\r\n = {CR}{LF}{CR}{CR}{LF} => dkim ok
>>>
>>> Receiving side always see \r\n in all tests..
>>> Why exim shows {CR}{CR} when it sign email body?
>>> What I'm doing wrong ? Is this a bug or expected behaviour?
>>>
>>> --
>>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
>>> ## Exim details at http://www.exim.org/
>>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>>
>>
>