RE: difference between opendkim-testmsg and opendkim for verification

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Tue, 29 Jan 2013 16:21:47 -0800 (PST)

On Tue, 29 Jan 2013, Vinubalaji Gopal wrote:
> Ok that fixed it. Thank you very much. Adding CRs on the wrapped headers
> passes the message using opendkim-testmsg. But I still don't understand
> how it works with the opendkim binary. Is there any way I can use the
> libopendkim to work the same way as opendkim? Is the message parsed
> differently in opendkim vs opendkim-testmsg. I see that dkim_eom is
> called in opendkim-testmsg, but opendkim does its own parsing I guess?

The message was signed in its malformed state. opendkim-testmsg
instantiates libopendkim with a flag set that fixes bare CRs and LFs into
CRLFs, while opendkim by default does not. So opendkim "works" in that it
doesn't convert the input into something properly formed, so it verifies
the already-broken message, while opendkim-testmsg fixes it up for you and
then verifies it, which breaks. You can turn this on with opendkim by
adding "FixCRLF True" to opendkim.conf.

opendkim is a wrapper around libopendkim, as is opendkim-testmsg, so both
of them use the library.

There are two ways to feed data to the library for processing.
opendkim-testmsg uses the "chunking" interface which means you hand it a
series of buffers of message data without thinking about what's in them,
and the library figures out where header fields are and where the body is
for you; opendkim itself figures out where those breaks are and then feeds
them to the library individually. The second interface is designed to
line up nicely with the way milter works.

-MSK
Received on Wed Jan 30 2013 - 00:22:03 PST