Re: [exim] skim with yahoo fails ...

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Lena
Date:  
À: exim-users
Sujet: Re: [exim] skim with yahoo fails ...
P.S. Seems like Exim bug.
I sent test messages via smtp.mail.yahoo.com
(yahoo signs each such message with two DKIM signatures)
to my Exim 4.83 and to another validator dkim-test()altn.com . Exim said
that the first signature did not verify:

2014-09-23 19:11:30 +0300 1XWSgc-000CL8-JV DKIM: d=yahoo.com s=s2048 c=relaxed/relaxed a=rsa-sha256 t=1411488686 [verification failed - signature did not verify (headers probably modified in transit)]
2014-09-23 19:11:30 +0300 1XWSgc-000CL8-JV DKIM: d=yahoo.com s=s1024 c=relaxed/relaxed a=rsa-sha256 t=1411488686 [verification succeeded]

The validator replied to another test message that both signatures are good:

Authentication-Results: mail1.altn.com
    spf=pass smtp.mailfrom=_spf.mail.yahoo.com;
    dkim=pass (good signature) header.d=yahoo.com header.b=LRexRutuqP;
    dkim=pass (good signature) header.d=yahoo.com header.b=jlKrJDEc94;


DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1411484490; bh=n9vkIBDDHiLTP/IZQNy9WDPCVheoMuGPodF+x6NdokI=; h=Received:Received:Received:DKIM-Signature:X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Content-Type:Date:To:Subject:MIME-Version:Content-Transfer-Encoding:From:Message-ID:User-Agent:From:Subject; b=LRexRutuqPdiTlqDJQcuXZOLiETqb4BMme1iWo8i+6kw8pTAuyd5kEOXh2xmes+n2UJb5lxCNRUmkP1+DCNp19tzEM4dt4FrxOj8g9lB/TV3hsJF6GtyTNn7su7dVHZBBQpqu7GtudxM2R7tqHXUgiLr+h5spn5/BMzd5VCc/gPm7sDbgDx0p18NSLfydZBrR1FEPtQbVBcAsEIby655MJIpOCJQVdxx0+9azDLiGAfcJzOhuO893m0C7UWtAqNAYjYCve/F01nqJMEtctW985nvYahuoSOesbuAT9x4wrsK6cc/WAjbxqC+dSfELLtinNrqO/9P2Z1/Yzhe/OvzEw==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1411484490; bh=n9vkIBDDHiLTP/IZQNy9WDPCVheoMuGPodF+x6NdokI=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Content-Type:Date:To:Subject:MIME-Version:Content-Transfer-Encoding:From:Message-ID:User-Agent; b=jlKrJDEc946EkLwYXfLP442cNzqzXPAv0GcrJAnmXhIW5dxbA7MeeWxnTA8me7cPhV2wOxhufxQQ5krWx/SvP0h1zczKnrmiVbZT9eWJglFjxmL1vK5G5dzJXFJV+NFxNt5C7Brp7pidYm9mM35+aYVCyAmxIamIZsdNR1R3n7k=

Apparently, DKIM signature validation by Exim fails incorrectly.
May be because of 2048 bits, may be because of two signatures in one message.

The DKIM part of Exim debug output in /var/log/exim/debuglog
(control=debug/opts=+all in predata ACL), I edited each @ to ():

PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM [yahoo.com] Body bytes hashed: 45
PDKIM [yahoo.com] bh computed: ffb491d3f7dbb34f6fd7094fc95f7cdda35fccaaa2b03864c0ea90c78b7a7f1c
PDKIM [yahoo.com] Body hash verified OK
PDKIM [yahoo.com] Body bytes hashed: 45
PDKIM [yahoo.com] bh computed: ffb491d3f7dbb34f6fd7094fc95f7cdda35fccaaa2b03864c0ea90c78b7a7f1c
PDKIM [yahoo.com] Body hash verified OK
PDKIM >> Hashed header data, canonicalized, in sequence >>>>>>>>>>>>>>
received:from{SP}[127.0.0.1]{SP}by{SP}smtp110.mail.ir2.yahoo.com{SP}with{SP}NNFMP;{SP}23{SP}Sep{SP}2014{SP}16:11:26{SP}-0000{CR}{LF}
received:from{SP}[46.228.39.73]{SP}by{SP}tm4.bullet.mail.ir2.yahoo.com{SP}with{SP}NNFMP;{SP}23{SP}Sep{SP}2014{SP}16:11:26{SP}-0000{CR}{LF}
received:from{SP}[212.82.98.51]{SP}by{SP}nm21.bullet.mail.ir2.yahoo.com{SP}with{SP}NNFMP;{SP}23{SP}Sep{SP}2014{SP}16:11:26{SP}-0000{CR}{LF}
x-yahoo-newman-id:835787.88824.bm()smtp110.mail.ir2.yahoo.com{CR}{LF}
x-yahoo-newman-property:ymail-3{CR}{LF}
x-ymail-osg:G3K_IuIVM1kOUegF3VFTBuGhqrLRs_c4gVNLMj_3Bi38z5X{SP}v.vO4Pc7JWdDi_inYorg2OLmeKPOYYG1hYQIU1NMseNpVlyzzPxFxj2jEb96{SP}GPnZTurGtUJHpC.VoVkVgB5mDI23BiesGo3F8PwifvEm6sTYEtz8THucSXPP{SP}L1X_DD8YPMBt4Yg8bBWDl1_3Ekbt5qFfcWOAX_8RpdmZNUaIQQRGIE1aOryp{SP}qHV5iUxNr4FGZdvwCTHf2oy7UejZ4r1eC1i3WA.fG_4Dif0S.nLXr06EAkRi{SP}e9VqStT190Xms3CtrIAqDr_fzcEphmZN_1UPynd1xeRS86GXID0Uzq3DT.BA{SP}3Yo4nlDVWGGOEPT5u0U_4I2wqQZAYsc07P77ZT3ZS_skao5RNP.VuEoPaKDO{SP}SI9gEkerSm1b9YrImYFM4gxglRs0tmatvsj6CEb.ijHWgPk2MVZFRsdD8nvw{SP}cRNNpH2spiuONwNF9odEnA4zLkda0SbdA2MEmdq89GX1NBBGkbXkgPPMtAdl{SP}_zliNbIziro5vk8V_i.SdbBnwscdlhQ--{CR}{LF}
x-yahoo-smtp:jlzoWrCswBAca6lFF5lzCm0mMU4R_Q--{CR}{LF}
content-type:text/plain;{SP}charset=koi8-r;{SP}format=flowed;{SP}delsp=yes{CR}{LF}
date:Tue,{SP}23{SP}Sep{SP}2014{SP}19:11:25{SP}+0300{CR}{LF}
to:dkim-test()altn.com{CR}{LF}
subject:third{SP}DKIM{SP}test,{SP}two{SP}recipients{CR}{LF}
mime-version:1.0{CR}{LF}
content-transfer-encoding:7bit{CR}{LF}
from:Lena{SP}<lena_kiev()yahoo.com>{CR}{LF}
message-id:<op.xmndxbojswoz15()bedside.lena.kiev.ua>{CR}{LF}
user-agent:Opera{SP}Mail/12.16{SP}(FreeBSD){CR}{LF}
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM >> Signed DKIM-Signature header, canonicalized >>>>>>>>>>>>>>>>>
dkim-signature:v=1;{SP}a=rsa-sha256;{SP}c=relaxed/relaxed;{SP}d=yahoo.com;{SP}s=s2048;{SP}t=1411488686;{SP}bh=/7SR0/fbs09v1wlPyV983aNfzKqisDhkwOqQx4t6fxw=;{SP}h=Received:Received:Received:DKIM-Signature:X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Content-Type:Date:To:Subject:MIME-Version:Content-Transfer-Encoding:From:Message-ID:User-Agent:From:Subject;{SP}b=
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM [yahoo.com] hh computed: dfad0711ec0ae2e4dd858671de093a81f415a1990ee54b3de02b5514c466492d
19:11:30 47438 DNS lookup of s2048._domainkey.yahoo.com. (TXT) succeeded
PDKIM >> Parsing public key record >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Raw record: k=rsa;{SP}p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoWufgbWw58MczUGbMv176RaxdZGOMkQmn8OOJ/HGoQ6dalSMWiLaj8IMcHC1cubJx2gziAPQHVPtFYayyLA4ayJUSNk10/uqfByiU8qiPCE4JSFrpxflhMIKV4bt+g1uHw7wLzguCf4YAoR6XxUKRsAoHuoF7M+v6bMZ/X1G+viWHkBl4UfgJQ6O8F1ckKKoZ5KqUkJH5pDaqbgs+F3PpyiAUQfB6EEzOA1KMPRWJGpzgPtKoukDcQuKUw9GAul7kSIyEcizqrbaUKNLGAmz0elkqRnzIsVpz6jdT1/YV5Ri6YUOQ5sN5bqNzZ8TxoQlkbVRy6eKOjUnoSSTmSAhwIDAQAB;
k=rsa
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoWufgbWw58MczUGbMv176RaxdZGOMkQmn8OOJ/HGoQ6dalSMWiLaj8IMcHC1cubJx2gziAPQHVPtFYayyLA4ayJUSNk10/uqfByiU8qiPCE4JSFrpxflhMIKV4bt+g1uHw7wLzguCf4YAoR6XxUKRsAoHuoF7M+v6bMZ/X1G+viWHkBl4UfgJQ6O8F1ckKKoZ5KqUkJH5pDaqbgs+F3PpyiAUQfB6EEzOA1KMPRWJGpzgPtKoukDcQuKUw9GAul7kSIyEcizqrbaUKNLGAmz0elkqRnzIsVpz6jdT1/YV5Ri6YUOQ5sN5bqNzZ8TxoQlkbVRy6eKOjUnoSSTmSAhwIDAQAB
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM [yahoo.com] signature status: PDKIM_VERIFY_FAIL (PDKIM_VERIFY_FAIL_MESSAGE)
PDKIM >> Hashed header data, canonicalized, in sequence >>>>>>>>>>>>>>
x-yahoo-newman-id:835787.88824.bm()smtp110.mail.ir2.yahoo.com{CR}{LF}
x-yahoo-newman-property:ymail-3{CR}{LF}
x-ymail-osg:G3K_IuIVM1kOUegF3VFTBuGhqrLRs_c4gVNLMj_3Bi38z5X{SP}v.vO4Pc7JWdDi_inYorg2OLmeKPOYYG1hYQIU1NMseNpVlyzzPxFxj2jEb96{SP}GPnZTurGtUJHpC.VoVkVgB5mDI23BiesGo3F8PwifvEm6sTYEtz8THucSXPP{SP}L1X_DD8YPMBt4Yg8bBWDl1_3Ekbt5qFfcWOAX_8RpdmZNUaIQQRGIE1aOryp{SP}qHV5iUxNr4FGZdvwCTHf2oy7UejZ4r1eC1i3WA.fG_4Dif0S.nLXr06EAkRi{SP}e9VqStT190Xms3CtrIAqDr_fzcEphmZN_1UPynd1xeRS86GXID0Uzq3DT.BA{SP}3Yo4nlDVWGGOEPT5u0U_4I2wqQZAYsc07P77ZT3ZS_skao5RNP.VuEoPaKDO{SP}SI9gEkerSm1b9YrImYFM4gxglRs0tmatvsj6CEb.ijHWgPk2MVZFRsdD8nvw{SP}cRNNpH2spiuONwNF9odEnA4zLkda0SbdA2MEmdq89GX1NBBGkbXkgPPMtAdl{SP}_zliNbIziro5vk8V_i.SdbBnwscdlhQ--{CR}{LF}
x-yahoo-smtp:jlzoWrCswBAca6lFF5lzCm0mMU4R_Q--{CR}{LF}
content-type:text/plain;{SP}charset=koi8-r;{SP}format=flowed;{SP}delsp=yes{CR}{LF}
date:Tue,{SP}23{SP}Sep{SP}2014{SP}19:11:25{SP}+0300{CR}{LF}
to:dkim-test()altn.com{CR}{LF}
subject:third{SP}DKIM{SP}test,{SP}two{SP}recipients{CR}{LF}
mime-version:1.0{CR}{LF}
content-transfer-encoding:7bit{CR}{LF}
from:Lena{SP}<lena_kiev()yahoo.com>{CR}{LF}
message-id:<op.xmndxbojswoz15()bedside.lena.kiev.ua>{CR}{LF}
user-agent:Opera{SP}Mail/12.16{SP}(FreeBSD){CR}{LF}
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM >> Signed DKIM-Signature header, canonicalized >>>>>>>>>>>>>>>>>
dkim-signature:v=1;{SP}a=rsa-sha256;{SP}c=relaxed/relaxed;{SP}d=yahoo.com;{SP}s=s1024;{SP}t=1411488686;{SP}bh=/7SR0/fbs09v1wlPyV983aNfzKqisDhkwOqQx4t6fxw=;{SP}h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Content-Type:Date:To:Subject:MIME-Version:Content-Transfer-Encoding:From:Message-ID:User-Agent;{SP}b=
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM [yahoo.com] hh computed: 670e37323e9d52be6b77fc033bce532ef753899df36afa0dd3d66194b7eddb29
19:11:30 47438 DNS lookup of s1024._domainkey.yahoo.com. (TXT) succeeded
PDKIM >> Parsing public key record >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Raw record: k=rsa;{SP}{SP}p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E9UGSXau/2P8LjnTD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfmJiDJOKU3Ns5L4KJAUUHjFwDebt0NP+sBK0VKeTATL2Yr/S3bT/xhy+1xtj4RkdV7fVxTn56Lb4udUnwuxK4V5b5PdOKj/+XcwIDAQAB;{SP}n=A{SP}1024{SP}bit{SP}key;
k=rsa
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrEee0Ri4Juz+QfiWYui/E9UGSXau/2P8LjnTD8V4Unn+2FAZVGE3kL23bzeoULYv4PeleB3gfmJiDJOKU3Ns5L4KJAUUHjFwDebt0NP+sBK0VKeTATL2Yr/S3bT/xhy+1xtj4RkdV7fVxTn56Lb4udUnwuxK4V5b5PdOKj/+XcwIDAQAB
n=A 1024 bit key
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM [yahoo.com] signature status: PDKIM_VERIFY_PASS
19:11:30 47438 LOG: MAIN
19:11:30 47438 DKIM: d=yahoo.com s=s2048 c=relaxed/relaxed a=rsa-sha256 t=1411488686 [verification failed - signature did not verify (headers probably modified in transit)]
19:11:30 47438 LOG: MAIN
19:11:30 47438 DKIM: d=yahoo.com s=s1024 c=relaxed/relaxed a=rsa-sha256 t=1411488686 [verification succeeded]