Author: Jasen Betts Date: To: exim-users Subject: Re: [exim] DKIM in exim: Broken?
On 2014-11-08, Phillip Carroll <postmaster@???> wrote:
> [verification failed - body hash mismatch (body probably modified in
> transit)]
>
> The emails all use rsa-sha256 with c=relaxed/relaxed. The signed headers
> are:
> h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding
>
> All of these headers are straightforward, non-repeated, and easily found
> in the email. I am absolutely certain that none of these enumerated
> headers nor the body text have been altered en route.
In that case you can be fairly certain that either chase is signing them
incorrectly, or exim can't parse them correctly.
> is broken such that you can't use it to verify, for example, any
> signatures contained in postings to this mailing list, or any other
> mailing list".
? AFAIK it's working correctly. there's plenty of mail clients and
servers that sign messages in a way that makes the signature incompatible
with mailing lists of this type. because mailing lists often modify
the body of emails
> Basically, I am asking:
>
> (a) Is the exim dkim support simply broken in this regard?
> or
> (b) Is is it possible I have set up the configuration wrong? (emails
> that do not have extra headers all seem to verify ok)
> or
> (c) Or is the whole DKIM concept intrinsically broken?
What evedence do you have that Chase hasn't made the error?