All,
The specific SA issue is
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6462
I've been working with AXB from the SpamAssassin project and others for
a few weeks on a DKIM issue. Now, for my particular install, I know I
have some DKIM failures because I purposefully modify the email body.
But I've also been testing in a pure sendmail installation.
The bug is a modified To: Header but I'm unsure why/what is changing the
To: Header. The first emails are being tested with spamassassin called
from procmail after using MD is called.
I found that if AXB uses the Gmail web interface, all is good. However,
he normally uses Thunderbird. I think that's a red-herring or just part
of the problem though so keep reading.
Now I have a trapped version of the email pre delivery / going through
mimedefang, virus scanners, etc. etc.
Testing it with opendkim on the command line shows the pre works and the
post sendmail/md/procmail fails:
[root_at_devel tmp]# opendkim -t - < gmailviatbird-predelivery.txt
opendkim: (stdin): verification (s=gamma, d=gmail.com, 1024-bit key)
succeeded
[root_at_devel tmp]# opendkim -t - < gmailviatbird-postdelivery.txt
opendkim: (stdin): verification (s=gamma d=gmail.com, 1024-bit key)
failed: signature verification failed
A diff and lots of trial and error testing showed that the failure was
because of this:
-To: "Kevin A. McGrail" <KMcGrail_at_PCCC.com>
+To: "Kevin A. McGrail" <KMcGrail_at_pccc.com>
Specifically, the case change on the To: header.
So what rewrote the To: header and why?
The one thing I've been able to pin down is that if I use the gmail
web-based interface and play around with case, the for part of the
received header has the correct case and my DKIM tests work fine.
However, when AXB uses thunderbird to send via gmail, the case
sensitivity between the for in the received and the To header appears
different.
Now on a pure sendmail environment on a stock CentOS Installation,
attached is an email AXB wrote via Thunderbird sent via gmail. Note
that it will fail opendkim UNLESS you modify the to header to the
correct email address he used to root_at_TALON1.PCCC.com. Somewhere along
the way the To: header gets rewritten to all lower case.
However, I couldn't reproduce this scenario with all my tests but I
don't use anything but Gmail's web interface.
So my conclusion is that Thunderbird or Gmail are somehow ending up with
one case version of the to address as the for in the received header and
a different case version in the to header. Then during delivery, either
procmail or sendmail are "fixing" the To: header which is breaking DKIM.
Anyone have any recommendations? Is this known behavior in sendmail or
procmail? Something specific to Gmail and using an external client?
Specific to Thunderbird?
Regards,
KAM
Received on Thu Dec 15 2011 - 23:26:05 PST