Dear all,
I found out why DKIM signature did not work in my case.
It comes from a bug in altermime as described here :
* https://www.ijs.si/software/amavisd/release-notes.txt
<https://www.ijs.si/software/amavisd/release-notes.txt>
*
https://mailing.unix.amavis-user.narkive.com/3anI8l14/amavis-user-dkim-and-internal-header-stripping
<https://mailing.unix.amavis-user.narkive.com/3anI8l14/amavis-user-dkim-and-internal-header-stripping>
Basically, one has to correct for this bug at the transport_filter
point. As it took me hours to get it done, I give it to you :-)
transport_filter = /bin/sh -c "/usr/bin/altermime --input=-
--disclaimer=/etc/exim4/textdisclaimer --disclaimer-html=/etc/exim4/htmldisclaimer | perl
-pe 's/\r//g; s/\n/\r\n/g'"
This way the DKIM signature works well together with a disclaimer added
by altermime.
Kind regards,
Bruno
Le 03/11/2023 à 18:20, brunoc68 via Exim-users a écrit :
Le 30/10/2023 à 11:09, Jeremy Harris via Exim-users a écrit :
On 30/10/2023 09:42, brunoc68 via Exim-users wrote:
Looking at the description of the transport option "size_addition",
I understand that the size of the message is sent by smtp before the
message is processed by the filter.
I am not sure about my understanding of this option. Could that be a
possible source of the error I obtain ?
Marginally possible. It would require that the receiving system uses
the SIZE
passed with the MAIL TO for its dkim verification but *not* for its
actual
reception of the message. Pretty unlikely, but you could test by
setting
the option to -1 (which would mean it couldn't possibly do that).
I checked several configuration of the "size_addition" option and it
does not work.
I also sent an email to another of my servers running both Exim and
spamassassin as well.
I got the following, clearly telling DKIM_INVALID :
------------------------------------------------------------------------------------
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=ciarem.fr;
s=dkim;
h=Content-Type:Message-ID:Subject:Date:MIME-Version:To:From:Sender:
Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=KqNN2YxYpsbEJ+qOKn2J3M0huRA1QxmBanUfyMElrc0=;
b=LypOiBYcyrZvGx6xEIsFbc4/L8
Hu1UMcQH/SXtR4R6fRYqbx7yPMOzXsN83LVsiIFTNF+LUdFJrEwIFxOF/Kz30CB86x96BMZwsHy7s
JxlHdFBdnmD7rgc21vLV/dmavvgHQaPnAw2TCCxpv84qvOivKn0CfBaWyRXXkRBXxVzVuW658QMjQ
OjR9rLZ1Z4wToQ9tm43S08rLZivFGiWp5Rtz8HGeydmmmWAolYEsvJmJwCFdMeR3DWxXtdp7xjSmL
/d1Ot6IgZUJef9vfxcJTG8PoPJvxO09Jche5xn4zQjjcw51xqO4w6ut4zILH/qW/tyGxo9VnH9ov3
Bv0slp7A==;
X-Spam-Status: No, score=3.3 required=5.0
tests=*DKIM_INVALID*,DKIM_SIGNED,
HTML_IMAGE_ONLY_08,HTML_MESSAGE,MIME_QP_LONG_LINE,RDNS_NONE,SPF_HELO_PASS,
SPF_PASS,T_REMOTE_IMAGE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED,
URIBL_DBL_BLOCKED_OPENDNS autolearn=disabled version=3.4.0
------------------------------------------------------------------------------------
Jeremy, you told me what I sent to your private email was ok, but on
my side I can not reproduce any recipient (mail-tester.com, gmail.com,
another of my server) where the DKIM signature is valid...
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
