Ok, I found which is the header that create problem in my case.
It's Content-Type.
>> 2) the header called "Content-Type" change its value some way and its
>> position
> The value change might cause a problem even for "relaxed", depending on
> what the change was. If it was simply adding or removing spaces (e.g.
> re-wrapping the value) it should still work. But again, position changes
> don't affect DKIM.
The original header coming from gmail.com was:
Content-Type: text/plain; charset=ISO-8859-1
(Return from dkim_getresultstr(): Success)
The courier-mta modified version that fails DKIM verification is:
Content-Type: text/plain; charset=iso-8859-1
(Return from dkim_getresultstr(): Bad signature)
I have found that simply changing the value to uppercase fixed the problem
and the verification succeeded.
Should relaxed canonicalization tolerate such case modification into the
header value or not?
Hi, Dino.
--
Dino Ciuffetti
Linux System Administrator and Architect
TuxWeb S.r.l. - http://www.tuxweb.it/
Received on Fri Apr 23 2010 - 23:52:32 PST