the header mangeling is gmime https://bugzilla.gnome.org/show_bug.cgi?id=776825 ftp://ftp.gnome.org/pub/GNOME/sources/gmime/3.0/
DKIM verifyication/scoring normally happens before dbmail-lmtpd and forwardings should also not touch the spilt/reconstruct code as far as i can see the GPG breakage happens around the "signature.asc" with different types of new-lines and headers are typicall not part of the gpg-signature aynways, any difference between the inbound message and what you get back from dbmail is harmful except the headers aded by lmtpd itself on top (which was also wrong, Return-Path before the patch i requested where on bottom while every hop touching a mail is supposed to add his headers on top and don't touch any present headers) Am 21.04.2018 um 11:01 schrieb Casper Langemeijer: > I fired up my facebook account, and added a few email addresses to send > mails to my accounts. I found that mails sent to my gmail account > directly differ from the mails I receive with my dbmail server in one > important way: The 'Content-Type; header has a different format. > > Sent (and received with gmail): > Content-Type: multipart/alternative; > boundary="b1_67a90b8ff6c9e9d71d8464cdb1c370fc" > > As received with a mail client through dbmail: > Content-Type: multipart/alternative; > boundary=b1_a639100bff13cf3e25a329d562f419ee > > The difference: It's originally sent as single-line header, but dbmail > touches it and reformats it. Removing the quotes and making it a > multi-line header. > > For DKIM I know this is a problem. Facebook (and most other senders) > sends DKIM signatures with the h parameter set to > 'Date:To:Subject:From:MIME-Version:Content-Type'. This means that the > signature is calculated on the body and these headers. Therefore any > modifications to these headers are an alteration of the message and > cause DKIM to fail. > > I can imagine this could possibly break PGP/MIME, if it checks the > integrity in a similar way. > > > On Fri, Apr 20, 2018 at 6:14 PM Casper Langemeijer > <cas...@langemeijer.eu <mailto:cas...@langemeijer.eu>> wrote: > > I'm not sure this is related, and I probably should investigate > further before posting this here, but in my setup, dbmail seems to > break DKIM signatures. > > I've seen that mails from booking.com <http://booking.com> and > facebook.com <http://facebook.com> have broken DKIM signatures > according to google's gmail, when forwarded by my mailserver. This > happens both for mail I forward to a gmail mail address, and email > that POPped by gmail. (Where forwarded mail doesn't get delivered > because of DMARC policies) > > As I stated, I haven't really investigated, but this could be caused > by dbmail doing any kind of 'normalization' on mail message headers. > > Does anyone here know if there an easy way to log raw incoming email > messages for a specific user or from a specific domain? I use a > fairly standard postfix/dbmail setup. Ideally I get to 'record' a > DKIM-correct message, that can be fed into dbmail-lmtp for testing _______________________________________________ DBmail mailing list DBmail@dbmail.org http://lists.nfg.nl/mailman/listinfo/dbmail
