Author: Bill Cole Date: To: Jeremy Harris via Exim-users Subject: Re: [exim] dkim=fail (body hash mismatch;
body probably modified in transit)
On 2022-12-05 at 11:00:21 UTC-0500 (Mon, 5 Dec 2022 16:00:21 +0000)
Jeremy Harris via Exim-users <jgh@???>
is rumored to have said:
> On 05/12/2022 15:38, Bill Cole via Exim-users wrote:
>> If you use relaxed instead of relaxed/relaxed, the unspecified body
>> canonicalization is "simple" which is never what anyone should use.
>
> It shouldn't be. The docs say:
>
> "the current implementation only supports signing with
> the same canonicalization method for both headers and body".
Does the code itself concur? I'm not conversant with the Exim code so
I'm a bit at a handicap in checking.
If a message arrives with "c=relaxed;" in the DKIM-Signature header, a
*compliant* verifying implementation will act as if it said
"c=relaxed/simple;" If the signer DID "relaxed/relaxed" but only claimed
"relaxed" then the verification SHOULD break unless the 'relaxed' body
canonicalization is equivalent to "simple" (which it could sometimes
be...)
OR: the OP's 2 machines are using different DKIM implementations that
handle identical messages' bodies differently. He has made clear that
the messages are in fact identical (same hash) so the issue is somewhere
in the verification software.
--
Bill Cole
bill@??? or billcole@???
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
