Re: difference between opendkim-testmsg and opendkim for verification from Murray S. Kucherawy on 2013-01-28 (OpenDKIM Users mailing list)

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Mon, 28 Jan 2013 17:51:50 -0800 (PST)

On Tue, 29 Jan 2013, Vinubalaji Gopal wrote:
> I am trying to run a message through opendkim-testmsg and opendkim with
> the -t option for message verification. I see that the message
> verification succeeds with the opendkim binary but fails when I use
> opendkim-testmsg.
>
> #bash# opendkim-testmsg < /tmp/dkim-test/test-msg.eml
> opendkim-testmsg: dkim_eom(): Bad signature
>
> #bash# opendkim -t /tmp/dkim-test/test-msg.eml
> opendkim: /tmp/dkim-test/test-msg.eml: verification (s=20110426, d=mx.aol.com, 1024-bit key) succeeded
>
> I can send the whole message if that helps. I am pasting the dkim
> related headers here:
>
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com;
> s=20110426; t=1333805525;
> bh=sUtXOD9kIbE9nFaZcq4nK6eMpPFsGcRZMAIvEF18eO0=;
> h=From:Subject:Date:MIME-Version:Content-Type;
> b=YVcndekXGr77RDqorbjg8qeGZALqZAWRkp8en5fZMAuY6Uhqg/wybgffrjqa3KnnB
> aQm/T52Rzt7YSENG3ykhsmW7xQOaT509JKXEYI/eopty7h9mrDugTYqaUf6uL+VQg+
> PC1dIYXzLdzfT8yd9TgelSdLG8T+8+3yIHVVU9Us=DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com;
> s=20110426; t=1333805525;
> bh=sUtXOD9kIbE9nFaZcq4nK6eMpPFsGcRZMAIvEF18eO0=;
> h=From:Subject:Date:MIME-Version:Content-Type;
> b=YVcndekXGr77RDqorbjg8qeGZALqZAWRkp8en5fZMAuY6Uhqg/wybgffrjqa3KnnB
> aQm/T52Rzt7YSENG3ykhsmW7xQOaT509JKXEYI/eopty7h9mrDugTYqaUf6uL+VQg+
> PC1dIYXzLdzfT8yd9TgelSdLG8T+8+3yIHVVU9Us=^M
>
> I found out the difference in the result was due to the extra ^M which
> is due to the difference in the file format. Doing a dos2unix on the
> file fixes opendkim-testmsg to work properly. My question is what does
> opendkim.c do that makes it handle cases like these carriage returns? Is
> there any option in ilbopendkim/opendkim-testmsg to do the same?

I can't reproduce this with just a simple test message. The file "gmail"
below is signed by gmail.com with a valid signature:

medusa[13248]% ls -l gmail
-rw------- 1 msk users 2301 Jan 28 17:48 gmail
medusa[13249]% opendkim/opendkim-testmsg < gmail
medusa[13250]% unix2dos gmail
medusa[13251]% ls -l gmail
-rw------- 1 msk users 2345 Jan 28 17:49 gmail
medusa[13252]% opendkim/opendkim-testmsg < gmail
medusa[13253]%

If you built with --with-unbound, you might be experiencing a bug that's
fixed in 2.8.0. Try the attached patch if that's the case. If not,
please gzip/bzip2 your sample message and send it either to the list or to
me directly for testing.

-MSK

TEXT/PLAIN attachment: PATCH

Received on Tue Jan 29 2013 - 01:52:08 PST

This archive was generated by hypermail 2.3.0 : Tue Jan 29 2013 - 01:54:01 PST