[exim-dev] [Bug 2295] Invalid DKIM signatures (due to header…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2295] Invalid DKIM signatures (due to header hash miscomputed)
https://bugs.exim.org/show_bug.cgi?id=2295

--- Comment #3 from Guillaume Outters <guillaume-exim@???> ---
Oh, you're right. I rechecked my old e-mails: the problem does not lies in the
header hash being computed with a ";", but in this being inconsistent with the
final DKIM-Signature.

On the different versions I ran on my e-mail server:

4.82:
hash computed with b=;
emitted DKIM-Signature: v=1; …; b=<signature>;
-> valid signature (hash computing base and emitted header being consistent)

4.89 and 4.90:
hash computed with b=;
emitted DKIM-Signature: v=1; …; b=<signature>
-> invalid signature (inconsistent, hash computed with a final ;, header
emitted with no ;)

my modified 4.90:
hash computed with b=
emitted DKIM-Signature: v=1; …; b=<signature>
-> valid signature (consistent on no ; at the end)

So another way of making it work may be restoring the ; at the end of the
emitted DKIM-Signature header, to make it consistent with the input of the
header hash.

What puzzles me is that the 4.91 of the exim-dev mailing list has those ; at
the end (so they validate).
So maybe it is a misconfiguration in my exim install? Something like a filter
who would normalize headers by suppressing final semicolons. I will try to
narrow the problem.

--
You are receiving this mail because:
You are on the CC list for the bug.