Hello. We have Postfix 2:2.6.6-6.el6_5 running locally with opendkim, opendmarc on Centos 6.x. All the emails are sent via the local MTA (postfix)
The mails are being delivered and are signed as they have DKIM signature, but the body hash fails. DNS TXT records for dmarc, dkim and spf are all valid and present. We have figured out what the issue is. Postfix is chopping certain lines of the messages after a total of 74 characters. This is quite strange as the line length limit for Postfix is 998 characters and SMTP protocol line length limit is 1000 characters. But, what's even more puzzling is that the messages which are being sent out as text/plain are also being subjected to this chopping. Thus, the messages which have lines longer than 74 characters get chopped and split into two lines after DKIM signature is applied to the mail message. This results in incorrect body hash on the verifier's end. I have tested this with two different messages stated below. Following is the original message which fails the DKIM verification at the verifier's end. As you can see, the lines have been chopped off and a '=' has been added towards the end of the line where the lines have been longer than 74 characters. Hi , An account has been created for you to access our network. Once you will be on-site, authenticate using the following credentials to= our captive portal: Username: email.verify Password: password This username and password will be valid starting 2015-11-18. Registratio= n must happen before 2015-11-19. Once authenticated the access will be va= lid for 1 hour. Please ignore this request if you have not requested network access. -- This is a post only E-mail, please do not reply. Following is the message which passes the DKIM verification at the verifier's end. I modified the message so that no lines are longer than 74 characters. Hi , An account has been created for you to access our network. Username: email.verify Password: password Please ignore this request if you have not requested network access. -- This is a post only E-mail, please do not reply ================================================= Can anyone suggest what's going on and how can this be resolved? Thank you for your time and help.
