I tracked down the problem to the use of CHUNKING by Gmail. (See details at
https://tools.ietf.org/html/rfc1830 "SMTP Service Extensions for Transmission of Large and Binary MIME Messages"). The command BDAT gets injecting into the canonalized body string in the middle of the data stream (approx. each 63kB), breaking so the body hash, of course.
The BDAT commands get really only injected into the canonalized string, NOT into the message output self. That's also why it is impossible to debug or detect it offline, using the saved messages. The saved messages always match the signature, and the email is intact, too. You can only see it live during the transmission in daemon mode, assuming you turn debugging on.
If interested, I posted more details to
https://bugs.exim.org/show_bug.cgi?id=2016
Greetings,
Ivo Truxa
