RE: opendkim body hash did not verify problem

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Murray S. Kucherawy <msk_at_cloudmark.com>
Date: Thu, 22 Apr 2010 10:08:00 -0700

> -----Original Message-----
> From: opendkim-users-bounce_at_lists.opendkim.org [mailto:opendkim-users-
> bounce_at_lists.opendkim.org] On Behalf Of Dino Ciuffetti
> Sent: Thursday, April 22, 2010 6:35 AM
> To: opendkim-users_at_lists.opendkim.org
> Subject: Re: opendkim body hash did not verify problem
>
> I had the same error verifing signatures coming to my courier mta.
> For ex. mails coming from gmail.com are signed for all the headers and
> body, so the risk of a broken signature due to mail modification during
> the transport to the destination MTA where the DKIM filter is working
> is
> very high.
>
> After posting to the courier-users list we have found that many MTA,
> MDA,
> distribution list software do body and header modifications that make
> DKIM
> signature unmatch (unuseful).

It would be really helpful to us and to the DKIM working group if you could provide examples of the modifications you observed. Then it might be possible to update the protocol or recommend other courses of action for implementers that make DKIM more robust.
Received on Thu Apr 22 2010 - 17:08:10 PST