Re: SA DKIM related bug 6462 - Possibly Gmail, Sendmail and/or Thunderbird related?

From: Kevin A. McGrail <KMcGrail_at_PCCC.com>
Date: Thu, 15 Dec 2011 19:17:13 -0500

On 12/15/2011 6:44 PM, SM wrote:
> At 15:25 15-12-2011, Kevin A. McGrail wrote:
>> Specifically, the case change on the To: header.
>>
>> So what rewrote the To: header and why?
>>
>> The one thing I've been able to pin down is that if I use the gmail
>> web-based interface and play around with case, the for part of the
>> received header has the correct case and my DKIM tests work fine.
>>
>> However, when AXB uses thunderbird to send via gmail, the case
>> sensitivity between the for in the received and the To header appears
>> different.
>>
>>
>> Now on a pure sendmail environment on a stock CentOS Installation,
>> attached is an email AXB wrote via Thunderbird sent via gmail. Note
>> that it will fail opendkim UNLESS you modify the to header to the
>> correct email address he used to root_at_TALON1.PCCC.com. Somewhere
>> along the way the To: header gets rewritten to all lower case.
>>
>> However, I couldn't reproduce this scenario with all my tests but I
>> don't use anything but Gmail's web interface.
>>
>> So my conclusion is that Thunderbird or Gmail are somehow ending up
>> with one case version of the to address as the for in the received
>> header and a different case version in the to header. Then during
>> delivery, either procmail or sendmail are "fixing" the To: header
>> which is breaking DKIM.
>>
>> Anyone have any recommendations? Is this known behavior in sendmail
>> or procmail? Something specific to Gmail and using an external client?
>> Specific to Thunderbird?
>
> Sendmail is not causing the problem here. I would also rule out a
> Thunderbird issue. Can you test to see whether the domain gets
> changed to lowercase when you send a message to Gmail?
I disagree. I thought of another test case:

Manual injection on a stock CentOS machine with stock sendmail:

Telnet Dialogue

[root_at_talon1 ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 talon1.pccc.com ESMTP Sendmail 8.13.1/8.13.1; Thu, 15 Dec 2011
19:09:50 -0500
helo pccc.com
250 talon1.pccc.com Hello localhost.localdomain [127.0.0.1], pleased to
meet you
mail from: kmcgrail_at_pccc.com
250 2.1.0 kmcgrail_at_pccc.com... Sender ok
rcpt to: root_at_Talon1.PCCC.com
250 2.1.5 root_at_Talon1.PCCC.com... Recipient ok
data
354 Enter mail, end with "." on a line by itself
Subject: Test from Manual SMTP injection
To: root_at_talon1.pccc.com

This is a test.
.
250 2.0.0 pBG09o2Z000464 Message accepted for delivery


Email manually edited from mbox in /var/spool/mail:

 From kmcgrail_at_pccc.com Thu Dec 15 19:10:33 2011
Return-Path: <kmcgrail_at_pccc.com>
Received: from pccc.com (localhost.localdomain [127.0.0.1])
         by talon1.pccc.com (8.13.1/8.13.1) with SMTP id pBG09o2Z000464
         for root_at_Talon1.PCCC.com; Thu, 15 Dec 2011 19:10:07 -0500
Date: Thu, 15 Dec 2011 19:09:50 -0500
From: kmcgrail_at_pccc.com
Message-Id: <201112160010.pBG09o2Z000464_at_talon1.pccc.com>
Subject: Test from Manual SMTP injection
To: root_at_Talon1.PCCC.com

This is a test.


This definitely shows that the case used in the Received header is
re-injected by either procmail or Sendmail changing the case on the
original To header because the header I wrote is clearly overridden.

This behavior subsequently breaks DKIM's ability to check a signature
because of the change on the To: header based on my testing with Gmail.
And I do understand this is not a bug in DKIM unless for the To: Header
is not supposed to be used or case-sensitivity is not supposed to
involved. But I think this is a large issue that likely points to a
major problem with big players in the DKIM arena.

Regards,
KAM
Received on Fri Dec 16 2011 - 00:17:23 PST