Dear all,
I found out why DKIM signature did not work in my case.
It comes from a bug in altermime as described here :
* https://www.ijs.si/software/amavisd/release-notes.txt
<https://www.ijs.si/software/amavisd/release-notes.txt>
* https://mailing.unix.amavis-user.narkive.com/3anI8l14/amavis-user-dkim-and-internal-header-stripping
<https://mailing.unix.amavis-user.narkive.com/3anI8l14/amavis-user-dkim-and-internal-header-stripping>
Basically, one has to correct for this bug at the transport_filter
point. As it took me hours to get it done, I give it to you :-)
transport_filter = /bin/sh -c "/usr/bin/altermime --input=- --disclaimer=/etc/exim4/textdisclaimer --disclaimer-html=/etc/exim4/htmldisclaimer | perl -pe 's/\r//g; s/\n/\r\n/g'"
This way the DKIM signature works well together with a disclaimer added
by altermime.
Kind regards,
Bruno
Le 03/11/2023 à 18:20, brunoc68 via Exim-users a écrit :
> Le 30/10/2023 à 11:09, Jeremy Harris via Exim-users a écrit :
>> On 30/10/2023 09:42, brunoc68 via Exim-users wrote:
>>> Looking at the description of the transport option "size_addition",
>>> I understand that the size of the message is sent by smtp before the
>>> message is processed by the filter.
>>>
>>> I am not sure about my understanding of this option. Could that be a
>>> possible source of the error I obtain ?
>>
>> Marginally possible. It would require that the receiving system uses
>> the SIZE
>> passed with the MAIL TO for its dkim verification but *not* for its
>> actual
>> reception of the message. Pretty unlikely, but you could test by
>> setting
>> the option to -1 (which would mean it couldn't possibly do that).
>
>
> I checked several configuration of the "size_addition" option and it
> does not work.
>
> I also sent an email to another of my servers running both Exim and
> spamassassin as well.
> I got the following, clearly telling DKIM_INVALID :
>
> ------------------------------------------------------------------------------------
>
> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
> d=ciarem.fr;
> s=dkim;
> h=Content-Type:Message-ID:Subject:Date:MIME-Version:To:From:Sender:
> Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:
> Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
>
> In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
>
> List-Post:List-Owner:List-Archive;
> bh=KqNN2YxYpsbEJ+qOKn2J3M0huRA1QxmBanUfyMElrc0=;
> b=LypOiBYcyrZvGx6xEIsFbc4/L8
> Hu1UMcQH/SXtR4R6fRYqbx7yPMOzXsN83LVsiIFTNF+LUdFJrEwIFxOF/Kz30CB86x96BMZwsHy7s
>
> JxlHdFBdnmD7rgc21vLV/dmavvgHQaPnAw2TCCxpv84qvOivKn0CfBaWyRXXkRBXxVzVuW658QMjQ
>
> OjR9rLZ1Z4wToQ9tm43S08rLZivFGiWp5Rtz8HGeydmmmWAolYEsvJmJwCFdMeR3DWxXtdp7xjSmL
>
> /d1Ot6IgZUJef9vfxcJTG8PoPJvxO09Jche5xn4zQjjcw51xqO4w6ut4zILH/qW/tyGxo9VnH9ov3
>
> Bv0slp7A==;
>
> X-Spam-Status: No, score=3.3 required=5.0
> tests=*DKIM_INVALID*,DKIM_SIGNED,
> HTML_IMAGE_ONLY_08,HTML_MESSAGE,MIME_QP_LONG_LINE,RDNS_NONE,SPF_HELO_PASS,
>
> SPF_PASS,T_REMOTE_IMAGE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED,
> URIBL_DBL_BLOCKED_OPENDNS autolearn=disabled version=3.4.0
>
> ------------------------------------------------------------------------------------
>
>
> Jeremy, you told me what I sent to your private email was ok, but on
> my side I can not reproduce any recipient (mail-tester.com, gmail.com,
> another of my server) where the DKIM signature is valid...
>
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
