Dear Colleagues,
I have an exim 4.95 installation sending DKIM-signed mails to two
other exim servers. On one of the receiving servers (FreeBSD,exim-4.95_5),
I see that the DKIM check is successful:
Authentication-Results: XXXXXX;
iprev=pass (www.library.tomsk.ru) smtp.remote-ip=95.170.141.50;
spf=pass smtp.mailfrom=library.tomsk.ru;
dkim=pass header.d=library.tomsk.ru header.s=20221203 header.a=rsa-sha256
On the other receiving server (Debian, exim4 4.94.2-7), the very same
mail (sent simultaneously to two recipients on XXXXXX and YYYYYY) is
reported as having an unsuccessful DKIM check:
Authentication-Results: YYYYYY;
iprev=pass (www.library.tomsk.ru) smtp.remote-ip=95.170.141.50;
dkim=fail (body hash mismatch; body probably modified in transit)
header.d=library.tomsk.ru header.s=20221203 header.a=rsa-sha256
What could be causing the body hash mismatch fail on the second
server? I'm not giving any config details because I don't even know
what config details could be required. I need a hint in the right
direction. What could theoretically modify the body before the
acl_smtp_dkim check?
I have even calculated md5 sums from the mail body (mutt has the
ability to pipe the mail body to a command) and it is the same on both
servers! It's crazy, isn't it.
I have also noticed that some other mails (not all though, but several)
also fail the DKIM body check on the second server, e.g Ubuntu security
advisories from canonical.com (I would expect their DKIM signatures should
be correct).
Any ideas?
--
Victor Sudakov VAS4-RIPE
http://vas.tomsk.ru/
2:5005/49@fidonet
