[exim-dev] [Bug 2278] New: Invalid outgoing DKIM header sign…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2278] New: Invalid outgoing DKIM header signature
https://bugs.exim.org/show_bug.cgi?id=2278

            Bug ID: 2278
           Summary: Invalid outgoing DKIM header signature
           Product: Exim
           Version: 4.86
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: DKIM
          Assignee: tom@???
          Reporter: bugzilla.exim.simon@???
                CC: exim-dev@???


If Exim is given a message with the following header, it fails to sign the
headers correctly (and SpamAssassin agrees).

Outgoing headers:
Subject: Re: xxxxx xxxxxxx
To: "xxxxx, xxx" <xxx.xxxxx@???>
Cc: "xxxxxx, xxx" <xxx.xxxxxx@???>
References: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@???>
<xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@???>
From: xxx xxxxxx <xx@???>
Message-ID: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@???>
Date: Thu, 24 May 2018 17:19:53 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101
Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@???>
Content-Type: multipart/alternative;
boundary="------------8DB30605A0D35CCA4247A948"
Content-Language: en-US

Outgoing debug:
PDKIM >> Hashed body data, canonicalized >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM [arlott.org] Body bytes hashed: 0
PDKIM [arlott.org] bh computed:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
PDKIM >> Hashed header data, canonicalized, in sequence >>>>>>>>>>>>>>
content-type:multipart/alternative;{SP}boundary="------------8DB30605A0D35CCA4247A948"{CR}{LF}
in-reply-to:<xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@???>{CR}{LF}
mime-version:1.0{CR}{LF}
date:Thu,{SP}24{SP}May{SP}2018{SP}17:19:53{SP}+0100{CR}{LF}
message-id:<xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@???>{CR}{LF}
from:xxx{SP}xxxxxx{SP}<xx@???>{CR}{LF}
references:<xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@???>{SP}<xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@???>{CR}{LF}
cc:"xxxxxx,{SP}xxx"{SP}<xxx.xxxxxx@???>{CR}{LF}
to:"xxxxx,{SP}xxx"{SP}<xxx.xxxxx@???>{CR}{LF}
subject:Re:{SP}xxxxx{SP}xxxxxxx{CR}{LF}
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM >> Signed DKIM-Signature header, canonicalized >>>>>>>>>>>>>>>>>
dkim-signature:v=1;{SP}a=rsa-sha256;{SP}q=dns/txt;{SP}c=relaxed/relaxed;{SP}d=arlott.org;{SP}s=20180217;{SP}h=Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:{SP}References:Cc:To:Subject;{SP}bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;{SP}b={SP};
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM [arlott.org] hh computed:
2ef7f83ea7361a44c1386bb27ab88738497c5186a97bd37e4ed42fb0c0ed05ee
PDKIM [arlott.org] b computed:
a1d98575e1bb5527af3180e2008f8a377df927053ac0968a353076676a6919b357c5b4f4983faa0b996355cd1eab20577e762493a742a565a095104d1580cdfd174dd9e2eb0ba8ecdca54b26cb2f16e1f0044b40ad60455692dee5b0c32f943c49e88460fc934738917222d6303249119944ada50c34e147e50742204389cf0ebde45ef0ccdc25cf03c2a1816a8ce64c0402c42ea6a0067a1b41714afe469068bb9578f7fc75a784fc3b4011f190752027de31e328d31e22351fb669e99d98f39a0708c82e2c5b8659a65d724d7c095491829b7a19cc62ab3fb889b2f8bc94d8978cfd904b7fcb8169938a370646164ebe3a82e2d3c4fd904f02b9ce062c3328

Incoming debug:
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM [arlott.org] Body bytes hashed: 0
PDKIM [arlott.org] bh computed:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
PDKIM [arlott.org] Body hash verified OK
PDKIM >> Hashed header data, canonicalized, in sequence >>>>>>>>>>>>>>
content-type:multipart/alternative;{SP}boundary="------------8DB30605A0D35CCA4247A948"{CR}{LF}
in-reply-to:<xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@???>{CR}{LF}
mime-version:1.0{CR}{LF}
date:Thu,{SP}24{SP}May{SP}2018{SP}17:19:53{SP}+0100{CR}{LF}
message-id:<xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@???>{CR}{LF}
from:xxx{SP}xxxxxx{SP}<xx@???>{CR}{LF}
references:<xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@???>{SP}<xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@???>{CR}{LF}
cc:"xxxxxx,{SP}xxx"{SP}<xxx.xxxxxx@???>{CR}{LF}
to:"xxxxx,{SP}xxx"{SP}<xxx.xxxxx@???>{CR}{LF}
subject:Re:{SP}xxxxx{SP}xxxxxxx{CR}{LF}
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM >> Signed DKIM-Signature header, canonicalized >>>>>>>>>>>>>>>>>
dkim-signature:v=1;{SP}a=rsa-sha256;{SP}q=dns/txt;{SP}c=relaxed/relaxed;{SP}d=arlott.org;{SP}s=20180217;{SP}h=Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:{SP}References:Cc:To:Subject;{SP}bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;{SP}b=;
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM [arlott.org] hh computed:
746daafc75e21529a1d355324f7abad5fc452db64e7a76586df17dcae1dd2a11
18:07:37 3831 DNS lookup of 20180217._domainkey.arlott.org. (TXT) succeeded
PDKIM >> Parsing public key record >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Raw record:
v=DKIM1;{SP}h=sha256;{SP}t=s;{SP}p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttFLnO+LAZMtNtiEY2IeDql/2PbnHMADkamsoCchqOafUokYxBX7Mm/D4YarG14ACmxOk9WqqmZRYlOjxHtiq9hzgJJ82LQomRNHE88tirlA5zBMU39bYaQLKBgfLE4MA7zlpxi1rYRk8IsnNMpVpTN/mYj3Y0jQjS0Wrce4PRFqhTzE+fLcoyYXGs6ta3h+O7Jsv+FHtQIm8qLudVZg+BgVHGnwFHxPvxHuedY5nxvmqNLSmFtsgR2mOdP/pgxXeLpsVuDR6IqIWCqNDElXZ3c0LIl855DtjP2QUVARbIi9hMu5dfBHYpLoyUQwRnOPJs1nQfd7ztTVgaFcT0G+0QIDAQAB
v=DKIM1
h=sha256
t=s
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttFLnO+LAZMtNtiEY2IeDql/2PbnHMADkamsoCchqOafUokYxBX7Mm/D4YarG14ACmxOk9WqqmZRYlOjxHtiq9hzgJJ82LQomRNHE88tirlA5zBMU39bYaQLKBgfLE4MA7zlpxi1rYRk8IsnNMpVpTN/mYj3Y0jQjS0Wrce4PRFqhTzE+fLcoyYXGs6ta3h+O7Jsv+FHtQIm8qLudVZg+BgVHGnwFHxPvxHuedY5nxvmqNLSmFtsgR2mOdP/pgxXeLpsVuDR6IqIWCqNDElXZ3c0LIl855DtjP2QUVARbIi9hMu5dfBHYpLoyUQwRnOPJs1nQfd7ztTVgaFcT0G+0QIDAQAB
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM [arlott.org] signature status: PDKIM_VERIFY_FAIL
(PDKIM_VERIFY_FAIL_MESSAGE)

Incoming headers:
Received: by * with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
    (Exim 4.86_2)
    (envelope-from <*@*>)
    id 1fLtiD-0000zn-RO
    for postmaster@???; Thu, 24 May 2018 18:07:38 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=arlott.org;
     s=20180217; h=Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:
    References:Cc:To:Subject; bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;
b=


odmFdeG7VSevMYDiAI+KN335JwU6wJaKNTB2Z2ppGbNXxbT0mD+qC5ljVc0eqyBXfnYkk6dCpWWgl

RBNFYDN/RdN2eLrC6js3KVLJssvFuHwBEtArWBFVpLe5bDDL5Q8SeiEYPyTRziRciLWMDJJEZlEra

UMNOFH5QdCIEOJzw695F7wzNwlzwPCoYFqjOZMBALELqagBnobQXFK/kaQaLuVePf8daeE/DtAEfG

QdSAn3jHjKNMeIjUftmnpnZjzmgcIyC4sW4ZZpl1yTXwJVJGCm3oZzGKrP7iJsvi8lNiXjP2QS3/L
    gWmTijcGRhZOvjqC4tPE/ZBPArnOBiwzKA==;
Received: by * with esmtp (Exim 4.86_2)
    (envelope-from <*@*>)
    id 1fLthE-0008DC-Sl
    for postmaster@???; Thu, 24 May 2018 18:06:43 +0100
Subject: Re: xxxxx xxxxxxx
To: "xxxxx, xxx" <xxx.xxxxx@???>
Cc: "xxxxxx, xxx" <xxx.xxxxxx@???>
References: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@???>
 <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@???>
From: xxx xxxxxx <xx@???>
Message-ID: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@???>
Date: Thu, 24 May 2018 17:19:53 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@???>
Content-Type: multipart/alternative;
 boundary="------------8DB30605A0D35CCA4247A948"
Content-Language: en-US


DKIM DNS RR:
20180217._domainkey.arlott.org.    3600 IN    TXT "v=DKIM1; h=sha256; t=s;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttFLnO+LAZMtNtiEY2IeDql/2PbnHMADkamsoCchqOafUokYxBX7Mm/D4YarG14ACmxOk9WqqmZRYlOjxHtiq9hzgJJ82LQomRNHE88tirlA5zBMU39bYaQLKBgfLE4MA7zlpxi1rYRk8IsnNMpVpTN/"
"mYj3Y0jQjS0Wrce4PRFqhTzE+fLcoyYXGs6ta3h+O7Jsv+FHtQIm8qLudVZg+BgVHGnwFHxPvxHuedY5nxvmqNLSmFtsgR2mOdP/pgxXeLpsVuDR6IqIWCqNDElXZ3c0LIl855DtjP2QUVARbIi9hMu5dfBHYpLoyUQwRnOPJs1nQfd7ztTVgaFcT0G+0QIDAQAB"


--
You are receiving this mail because:
You are on the CC list for the bug.