[exim] Re: disclaimer + DKIM does not work (reopened)

Góra strony
Delete this message
Reply to this message
Autor: brunoc68
Data:  
Dla: exim-users
Stare tematy: [exim] Re: disclaimer + DKIM does not work (reopened)
Temat: [exim] Re: disclaimer + DKIM does not work (reopened)
Dear all,

I found out why DKIM signature did not work in my case.

It comes from a bug in altermime as described here :

  * https://www.ijs.si/software/amavisd/release-notes.txt
    <https://www.ijs.si/software/amavisd/release-notes.txt>
  * https://mailing.unix.amavis-user.narkive.com/3anI8l14/amavis-user-dkim-and-internal-header-stripping
    <https://mailing.unix.amavis-user.narkive.com/3anI8l14/amavis-user-dkim-and-internal-header-stripping>


Basically, one has to correct for this bug at the transport_filter 
point. As it took me hours to get it done, I give it to you :-)

transport_filter = /bin/sh -c "/usr/bin/altermime  --input=- --disclaimer=/etc/exim4/textdisclaimer --disclaimer-html=/etc/exim4/htmldisclaimer | perl -pe 's/\r//g; s/\n/\r\n/g'"


This way the DKIM signature works well together with a disclaimer added 
by altermime.

Kind regards,
Bruno


Le 03/11/2023 à 18:20, brunoc68 via Exim-users a écrit :

> Le 30/10/2023 à 11:09, Jeremy Harris via Exim-users a écrit :
>> On 30/10/2023 09:42, brunoc68 via Exim-users wrote:
>>> Looking at the description of the transport option "size_addition",
>>> I understand that the size of the message is sent by smtp before the
>>> message is processed by the filter.
>>>
>>> I am not sure about my understanding of this option. Could that be a
>>> possible source of the error I obtain ?
>>
>> Marginally possible.  It would require that the receiving system uses
>> the SIZE
>> passed with the MAIL TO for its dkim verification but *not* for its
>> actual
>> reception of the message.  Pretty unlikely, but you could test by
>> setting
>> the option to -1 (which would mean it couldn't possibly do that).
>
>
> I checked several configuration of the "size_addition" option and it
> does not work.
>
> I also sent an email to another of my servers running both Exim and
> spamassassin as well.
> I got the following, clearly telling DKIM_INVALID :
>
> ------------------------------------------------------------------------------------
>
> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
> d=ciarem.fr;
>     s=dkim;
> h=Content-Type:Message-ID:Subject:Date:MIME-Version:To:From:Sender:
>     Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:
>     Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
>
>     In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
>
>     List-Post:List-Owner:List-Archive;
>     bh=KqNN2YxYpsbEJ+qOKn2J3M0huRA1QxmBanUfyMElrc0=;
> b=LypOiBYcyrZvGx6xEIsFbc4/L8
>     Hu1UMcQH/SXtR4R6fRYqbx7yPMOzXsN83LVsiIFTNF+LUdFJrEwIFxOF/Kz30CB86x96BMZwsHy7s
>
>     JxlHdFBdnmD7rgc21vLV/dmavvgHQaPnAw2TCCxpv84qvOivKn0CfBaWyRXXkRBXxVzVuW658QMjQ
>
>     OjR9rLZ1Z4wToQ9tm43S08rLZivFGiWp5Rtz8HGeydmmmWAolYEsvJmJwCFdMeR3DWxXtdp7xjSmL
>
>     /d1Ot6IgZUJef9vfxcJTG8PoPJvxO09Jche5xn4zQjjcw51xqO4w6ut4zILH/qW/tyGxo9VnH9ov3
>
>     Bv0slp7A==;
>
> X-Spam-Status: No, score=3.3 required=5.0
> tests=*DKIM_INVALID*,DKIM_SIGNED,
>     HTML_IMAGE_ONLY_08,HTML_MESSAGE,MIME_QP_LONG_LINE,RDNS_NONE,SPF_HELO_PASS,
>
>     SPF_PASS,T_REMOTE_IMAGE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED,
>     URIBL_DBL_BLOCKED_OPENDNS autolearn=disabled version=3.4.0
>
> ------------------------------------------------------------------------------------
>
>
> Jeremy, you told me what I sent to your private email was ok, but on
> my side I can not reproduce any recipient (mail-tester.com, gmail.com,
> another of my server) where the DKIM signature is valid...
>



--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/