Good afternoon, I've just been troubleshooting an issue with the php mail() function and Postfix.
Keeping it short and to the point it appears that DKIM can be broken because something (assuming Cleanup) changes the line endings in the body section of the mail after it has been signed. What I noticed (eventually.....) was that text areas in forms submitted to a PHP script contained line endings \r\n. These were passed through to the Postfix sendmail implementation care of the php mail() function where it went: pickup,cleanup,qmgr,smtp,smtpd,smtp before going into: dkimproxy.out Then, after signing it went: cleanup,qmgr,smtp But by the time it arrived with the recipient the body had changed (not apparent to the eye) and this was happening: dkim=neutral (body hash did not verify) Now, if I manually strip the line endings \r\n and replace them a plain newline \n, it works perfectly suggesting something strips the line endings if the are \r\n after it has been signed. Initially I thought 'it won't be Postfix doing this' and I checked: http://www.postfix.org/cleanup.8.html to make sure it was not documented. The only fly in the ointment of that train of thought was another Postfix that I tested against (so I had Postfix to Postfix) where I got: (amavisd-new); dkim=softfail (fail, message has been altered) It's not a big issue, it's easy to filter out the spurious \r coming in from PHP, but I'd just like to know for my own piece of mind that I'm not going mad and that something is doing a little house-keeping here? Thank you, in advance, for any replies.
