I fired up my facebook account, and added a few email addresses to send mails to my accounts. I found that mails sent to my gmail account directly differ from the mails I receive with my dbmail server in one important way: The 'Content-Type; header has a different format.
Sent (and received with gmail): Content-Type: multipart/alternative; boundary="b1_67a90b8ff6c9e9d71d8464cdb1c370fc" As received with a mail client through dbmail: Content-Type: multipart/alternative; boundary=b1_a639100bff13cf3e25a329d562f419ee The difference: It's originally sent as single-line header, but dbmail touches it and reformats it. Removing the quotes and making it a multi-line header. For DKIM I know this is a problem. Facebook (and most other senders) sends DKIM signatures with the h parameter set to 'Date:To:Subject:From:MIME-Version:Content-Type'. This means that the signature is calculated on the body and these headers. Therefore any modifications to these headers are an alteration of the message and cause DKIM to fail. I can imagine this could possibly break PGP/MIME, if it checks the integrity in a similar way. On Fri, Apr 20, 2018 at 6:14 PM Casper Langemeijer <cas...@langemeijer.eu> wrote: > I'm not sure this is related, and I probably should investigate further > before posting this here, but in my setup, dbmail seems to break DKIM > signatures. > > I've seen that mails from booking.com and facebook.com have broken DKIM > signatures according to google's gmail, when forwarded by my mailserver. > This happens both for mail I forward to a gmail mail address, and email > that POPped by gmail. (Where forwarded mail doesn't get delivered because > of DMARC policies) > > As I stated, I haven't really investigated, but this could be caused by > dbmail doing any kind of 'normalization' on mail message headers. > > Does anyone here know if there an easy way to log raw incoming email > messages for a specific user or from a specific domain? I use a fairly > standard postfix/dbmail setup. Ideally I get to 'record' a DKIM-correct > message, that can be fed into dbmail-lmtp for testing. >
_______________________________________________ DBmail mailing list DBmail@dbmail.org http://lists.nfg.nl/mailman/listinfo/dbmail
