[exim] DKIM signing & max line length

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Sander Smeenk
Date:  
À: exim-users
Sujet: [exim] DKIM signing & max line length
Hi list,

Recently i've switched on DKIM-signing for my outgoing messages.
Works like a charm!
Mostly.

One of my users botched the system by sending (automated) messages that
have a ~20KB XML-dump all on one long line. The message in my logs is
nothing more than "DKIM: message could not be signed, and dkim_strict is
set. Deferring message delivery." without any further indication to
*WHY* the signing failed. Even running a delivery in -d+all mode doesn't
really give any details to why the signing failed.

So, Googling brought me to a thread from 2012 [1], this subscriber
reports about the line length being an issue for DKIM and reports the
differences in checks for parts of the Exim code.

I tried to get some info on this. Aparently RFC2822 specifies a line in
an email should not exceed 998 chars (+CRLF=1000). I haven't heard of
any MTA enforcing this and it would seem a bit low to me.

Now i'm facing several questions...

Why are there three different(!) MAX-settings in the Exim code?
Why does Exim accept such mails in the first place?
Why exactly can't it DKIM sign such messages?
(Do other MTAs handle these situations gracefuly?)
Why isn't any of this line length stuff discussed in the Fine Manual[2]?
How do other mail ops handle such cases with regard to DKIM signing?

Also, instead of deferring delivery for such messages, wouldn't it be
nicer to freeze them in the queue and notify postmasters? The system
now slows down deliveries for other (properly formatted) messages
going to that same destination. This is how this came to my attention:
users complaining that their email wasn't "instant" as everyone believes
it was intended to be... ;)

Any insights would be welcome!

Thanks,
-Sander.

[1] http://www.gossamer-threads.com/lists/exim/users/93884
[2] http://www.exim.org/exim-html-current/doc/html/spec_html/ch-support_for_dkim_domainkeys_identified_mail.html
--
| Scenery is here, wish you were beautiful.
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2