Re: [exim] dkim=fail (body hash mismatch; body probably mod…

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Jeremy Harris
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: Re: [exim] dkim=fail (body hash mismatch; body probably modified in transit)
On 05/12/2022 05:46, Victor Sudakov via Exim-users wrote:
> Can you give me an address to send a test mail to on one of your
> Debian receivers?


I cannot; that was an internal-only test VM, not internet-facing.

>> The body-hash differing implies, I think, that the signature algorithm isn't
>> involved. I was using sha256; what's yours?
>
> Hmm, how do I figure out? Below is the complete sender configuration,
> without hiding anything:
>
> remote_smtp:
>    driver = smtp
>    message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
>    dkim_domain = library.tomsk.ru
>    dkim_selector = 20221203
>    dkim_private_key = /usr/local/etc/exim/dkim/library.tomsk.ru-private.pem
>    dkim_canon = relaxed
>    dkim_sign_headers = Date:From:To:Subject:Message-Id:In-Reply-To

>
> I think it's using some exim default algorithm.


As the docs say, the default for dkim_hash is sha256.

> What should I add to acl_smtp_dkim to enable debugging?


In ACL for (DATA-or-earlier) - not the DKIM ACL -

   warn
     ( any conditions preferred to limit what gets debugged,
     eg. hosts = my.test.source.ip )


     control = debug/tag=.dkimtest/opts=+all


--
Cheers,
Jeremy