I suppose that would depend on which implementation you’re using, but generally
I’ve found use of the “z=” tag is a good way to track down such problems.
Failing that, you’ll need to capture the canonicalized message form at each end
and use something like “diff” to see what changed.
From: dkim-ops-bounces(_at_)mipassoc(_dot_)org
[mailto:dkim-ops-bounces(_at_)mipassoc(_dot_)org] On Behalf Of ram
Sent: Friday, November 06, 2009 4:50 AM
To: dkim-ops(_at_)mipassoc(_dot_)org
Subject: [dkim-ops] How do I know which header is breaking the signature
My messages are being changed in transit and so the signatures are breaking.
But I dont know which header is being changed
Can I run something to tell me Signature invalid "header-X" has been changed
For eg this message has a broken DKIM due to Content-Transfer-Encoding ( I
found that out by trial and error)
Received: from darkstar.netcore.co.in (unknown [192.168.2.105]) by
ho.netcore.co.in (Postfix) with ESMTPA id 3C2026CE04B3 for
<ram(_at_)netcore(_dot_)co(_dot_)in>; Fri, 6 Nov 2009 12:09:40 +0530
(IST)
Received: from location.exampledomain.com (list.netcore.co.in
[192.168.40.94]) by darkstar.netcore.co.in (Postfix) with ESMTP id
8C9226680CB for <ram(_at_)netcore(_dot_)co(_dot_)in>; Fri, 6 Nov 2009
12:09:36 +0530 (IST)
Received: from netcore.co.in (localhost [127.0.0.1]) by
location.exampledomain.com (Postfix) with ESMTP id 76B6D52C1C1 for
<ram(_at_)netcore(_dot_)co(_dot_)in>; Fri, 6 Nov 2009 12:09:34 +0530
(IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=netcore.co.in;
s=default; t=1257489574;
bh=GMfT7A4K07OPLdwXHEWtlS9++GG+RNZCfRtWpuTr5yg=;
h=MIME-Version:Content-Transfer-Encoding:Content-Type:Subject:
Message-Id:To:Date:From;
b=cSV+09TNvM01i4FR0ahZDCSMIdErr+KoxOl8860JrEdodUMsDMOPnx8VsewlV6Ovf
3ePE0IyfNPpggTzyn9EODmhCKQrVDujq1lMg2UvRYe5CKQSJVq68twGh+gpYbLJi6+
ff+STXh4Z4gqttY2Jyr7AfVAFoJcCbs1aQujVjXA=
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain
X-Mailer: MIME::Lite 3.0105 (F2.74; T1.19; A1.76; B3.07; Q3.07)
Subject: Test Mail
Message-Id:
<z8ux1gr9j5i3(_dot_)1257489574(_at_)netcore(_dot_)co(_dot_)in<mailto:z8ux1gr9j5i3(_dot_)1257489574(_at_)netcore(_dot_)co(_dot_)in>>
To:
ram(_at_)netcore(_dot_)co(_dot_)in<mailto:ram(_at_)netcore(_dot_)co(_dot_)in>
Date: Fri, 06 Nov 2009 12:09:34 +0530
From:
idcalerts(_at_)netcore(_dot_)co(_dot_)in<mailto:idcalerts(_at_)netcore(_dot_)co(_dot_)in>
Content-Transfer-Encoding: 8bit
This is a Test Mail
Please Ignore
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops