Menu

#259 Inconsistent behavior between opendkim and opendkim-testmsg. Also affecting milter.

2.10.3
open
nobody
None
3
2017-11-11
2017-08-25
Reno Reckling
No

Hi, i'm having a rather strange problem with postfix+opendkim that I struggle with:
I have 2 milter stages in postfix, the first one is opendkim for dkim verification and the second one is rspamd (which also does dkim verification for spam detection).
Only on a very specific email, I have this behaviour:
When going through the milter:
opendkim fails the signature verification with "bad signature data".
rspamd successfully validates the dkim signature.
BUT
When I throw the message into "opendkim -t" it successfully validates the signature. But when I throw the message into "opendkim-testmsg", it returns "Bad signature".
I have no idea why this is inconsistent and what to do about it.

The email in question is attached.

1 Attachments
testmail.eml

Related

Bugs: #226

Discussion

  • Dilian Wesselinov Palauzov

    Dilian Wesselinov Palauzov - 2017-11-10

    RFC 6376 DomainKeys Identified Mail (DKIM) Signatures, Section 3.4.2. The "relaxed" Header Canonicalization Algorithm (https://tools.ietf.org/html/rfc6376#section-3.4.2) mandates:

    -- unfold all header field continuation lines
    -- delete any WSP characters remaining before and after the colon

    So the header:
    ABC:
    def
    is canonicalized as "abc:def".

    The implementation of libopendkim however, first eats all WSP after the colon and then converts all isspace() characters to a single space character. So the above header is canonicalized with space after the colon as "abc: def".

    diff --git a/libopendkim/dkim-canon.c b/libopendkim/dkim-canon.c
--- a/libopendkim/dkim-canon.c
+++ b/libopendkim/dkim-canon.c
@@ -388,7 +388,7 @@ dkim_canon_header_string(struct dkim_dstring *dstr, dkim_canon_t canon,
                }

                /* skip all spaces before first word */

-               while (*p != '\0' && DKIM_ISWSP(*p))
+               while (*p != '\0' && DKIM_ISLWSP(*p))
                        p++;

                space = FALSE;                          /* just saw a space */
     

  • Dilian Wesselinov Palauzov

    Dilian Wesselinov Palauzov - 2017-11-11

    Duplicate of [#226].

     

    Related

    Bugs: #226

Log in to post a comment.

MongoDB Logo MongoDB