Hi all,
I think I've found the cause of the problem, which is the exchange
server receiving the forwarded message.
gmail dkim signatures include signing of the Content-Type field, which
is somehow altered by the receiving exchange server this way:
-Content-Type: text/plain; charset=utf-8; format=flowed
+Content-Type: text/plain; charset="utf-8"; format=flowed
Thus adding the quotes around utf-8 breaks the signature.
Tests with forwarded messages to e.g. t-online.de show that the
signature is valid, the signed fields are not altered.
In the end my setup works as expected.
Regards
Dietrich
Am 20.07.2015 um 14:32 schrieb level420:
Hi all,
I'm very new to postfix, opendkim, postsrsd et al, but managed to configure
a server setup which dkim signs locally submitted messages successfully. So
far so good (I hope).
I have additionally installed postsrsd with the intention to raise
acceptance of mail forwarded (aliased?) by my postfix instance.
If a message originally coming from gmail.com is forwarded by my postfix
instance, the dkim signature becomes invalid. To my shame I have to admit
that I don't know if this what is intended to happen or not.
My "testbed" is centos 6.6, postfix 2.6.6 (self compiled from srpm with tcp
dictionary support), opendkim 2.10.3.
So my question is:
Is there a posibility to configure the combo above, allowing forwarding of
dkim signed messages without loosing the signing validity?
And if yes, of course: How can I achieve that?
Thank yo very much in advance for your answers and hints.
Best regards
Dietrich
--
View this message in context:
http://postfix.1071664.n5.nabble.com/postfix-with-opendkim-dkim-signed-forwarded-emails-fail-verification-tp78275.html
Sent from the Postfix Users mailing list archive at Nabble.com.
