Background:
I have developed MTA-integrated DKIM code (implemented from scratch and
not based on libdkim) which has to sign/verify several thousands mails
per day. About 10% of all DKIM signed mails fails to verify. Almost all
of that failing mails have a MIME part with "Content-Transfer-Encoding:
quoted-printable".
At first, I assumed a bug in my body canonicalization algorithm and
started to check several of that failing mails against DKIM reflectors.
During this test I have used, among others, this mail:
---- BEGIN ORIGINAL MAIL-----
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; t=1208175282; l=612;
s=domk; d=spammy.de;
h=Content-Type:Date:Sender:From:to:Subject:MIME-Version:Reply-To:
X-RZG-AUTH:X-RZG-CLASS-ID;
bh=0xkwtWDyAkwZ+XGb6Ty4hFi1MwxQUipNk+mxIvRIijQ=;
b=eH9mANfgU6qNKnoLJm6yNyKicmhOXwdzlN9gagiNZjgAE2/X4sEbO51zTvkfD2yAdQ9
+64SWxfTpT7tHyhdRUw12BFPDsaYcuZvbt36N/ZyMEJXaJTmqOA0K2xAZ8E4jo3ZgKp1J
Z5gyGCoSjml0ODf+r4OGSb7QDZlW/TpvQkc=
X-RZG-CLASS-ID: mo07
X-RZG-AUTH: gMy4iLuoo0mwStkpFrn1D3wpdvX8/TGeLTM6LWkZs4LPT9L9WRsmyy74
Received: from chance.store ([192.168.40.26]) by post.webmailer.de
(fruni mo-test) (RZmta 16.21)
with ESMTP id L02c2ek3EBE9Ma
for ; Mon, 14 Apr 2008 14:14:42 +0200 (MEST)
(envelope-from: )
Reply-To: lehmann(_at_)strato-rz(_dot_)de
MIME-Version: 1.0
Subject: DKIM Test
to:
Message-ID: <004E30A6(_at_)spammy(_dot_)de>
From: brakel(_at_)spammy(_dot_)de
Sender: brakel(_at_)spammy(_dot_)de
Date: Fri, 11 Apr 2008 16:14:06 +0200
Content-Type: multipart/related; boundary="=_related 004DF4F0C1257428_="
Dies is a multi-part message in MIME-format.
--=_related 004DF4F0C1257428_=
Content-Type: multipart/alternative; boundary="=_alternative
004DF4F3C1257428_="
--=_alternative 004DF4F3C1257428_=
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
=B7 =B7 =B7 =B7=20
Sandra Ree=
s=20
--=_alternative 004DF4F3C1257428_=
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
<br><font size=3D2 face=3D"sans-serif">Hallo Herr Meyer,
</font>
--=_alternative 004DF4F3C1257428_=--
--=_related 004DF4F0C1257428_=--
----- END ORIGINAL MAIL-----
Notes:
All white spaces are spaces (0x20), not TABs (0x09).
The lines "---- BEGIN ORIGINAL MAIL-----" and "----- END ORIGINAL
MAIL-----" are not part of the mail.
This mail body will be reflected by the reflectors as follows:
content-type:multipart/related;'20'boundary="=_related'20'004DF4F0C1257428_="'0d''0a'
date:Fri,'20'11'20'Apr'20'2008'20'16:14:06'20'+0200'0d''0a'
sender:brakel(_at_)spammy(_dot_)de'0d''0a'
from:brakel(_at_)spammy(_dot_)de'0d''0a'
to:'0d''0a'
subject:DKIM'20'Test'0d''0a'
mime-version:1.0'0d''0a'
reply-to:lehmann(_at_)strato-rz(_dot_)de'0d''0a'
x-rzg-auth:gMy4iLuoo0mwStkpFrn1D3wpdvX8/TGeLTM6LWkZs4LPT9L9WRsmyy74'0d''0a'
x-rzg-class-id:mo07'0d''0a'
dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed;'20't=1208175282;'20'l=612;'20's=domk;'20'd=spammy.de;'20'h=Content-Type:Date:Sender:From:to:Subject:MIME-Version:Reply-To:'20'X-RZG-AUTH:X-RZG-CLASS-ID;'20'bh=0xkwtWDyAkwZ+XGb6Ty4hFi1MwxQUipNk+mxIvRIijQ=;'20'b=
Dies'20'is'20'a'20'multi-part'20'message'20'in'20'MIME-format.'0d''0a'
--=_related'20'004DF4F0C1257428_='0d''0a'
Content-Type:'20'multipart/alternative;'20'boundary="=_alternative'20'004DF4F3C1257428_="'0d''0a'
'0d''0a'
'0d''0a'
--=_alternative'20'004DF4F3C1257428_='0d''0a'
Content-Type:'20'text/plain;'20'charset="ISO-8859-1"'0d''0a'
Content-Transfer-Encoding:'20'quoted-printable'0d''0a'
'0d''0a'
'0d''0a'
'20''20''20''20''20''20'=B7'20''20''20''20''20''20''20''20''20''20'=B7'20''20''20''20''20''20''20''20''20'=B7'20''20''20''20''20''20''20''20''20''20'=B7=20'0d''0a'
Sandra'20'Ree='0d''0a'
s=20'0d''0a'
'0d''0a'
'0d''0a'
--=_alternative'20'004DF4F3C1257428_='0d''0a'
Content-Type:'20'text/html;'20'charset="ISO-8859-1"'0d''0a'
Content-Transfer-Encoding:'20'quoted-printable'0d''0a'
'0d''0a'
Hallo'20'Herr'20'Meyer,'0d''0a'
'0d''0a'
'0d''0a'
--=_alternative'20'004DF4F3C1257428_=--'0d''0a'
--=
The problem is the very last body line "--=_related
004DF4F0C1257428_=--". This line appears truncated in the canonical
message dump as "--=", what causes the body hash verification to fail.
The following reflectors produce the same wrong result as shown above:
test(_at_)dkimtest(_dot_)jason(_dot_)long(_dot_)name
verifier-feedback(_at_)port25(_dot_)com
mail(_at_)testing(_dot_)dkim(_dot_)org
It seems to be a problem in the under-laying libdkim.
The body line " =B7 =B7 =B7 =B7=20" the
the line that probably triggers that bug.
Note to DKIM Reflector developers: It would be nice to see also the
calculated hash value(s).
It would be nice whether I do something wrong or I have found a bug.
Steffen
_______________________________________________
dkim-dev mailing list
dkim-dev(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-dev