Re: [exim] Gmail frequent DKIM failures

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] Gmail frequent DKIM failures
Ivo Truxa <truxa@???> (So 15 Jan 2017 20:10:11 CET):
> I tracked down the problem to the use of CHUNKING by Gmail. (See details at https://tools.ietf.org/html/rfc1830 "SMTP Service Extensions for Transmission of Large and Binary MIME Messages"). The command BDAT gets injecting into the canonalized body string in the middle of the data stream (approx. each 63kB), breaking so the body hash, of course.
>
> The BDAT commands get really only injected into the canonalized string, NOT into the message output self. That's also why it is impossible to debug or detect it offline, using the saved messages. The saved messages always match the signature, and the email is intact, too. You can only see it live during the transmission in daemon mode, assuming you turn debugging on.
>
> If interested, I posted more details to https://bugs.exim.org/show_bug.cgi?id=2016


Ok, I can confirm it. Just tested it sending me (exim 4.88) a message
from gmail.

If my side offers chunking and the sending side uses it, the signature
is broken. If I set chunking_advertise_hosts to an empty string, the
DKIM signature test passes.


    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -