On Sat 06/Dec/2014 00:43:51 +0100 Murray S. Kucherawy wrote:
> On Fri, 5 Dec 2014, Alessandro Vesely wrote:
>> a user reported problems with a long (us-ascii) From:, so I tried myself. My
>> first attempt went ok, but then I noted he used simple/simple rather than
>> relaxed/relaxed. So I temporarily changed my settings. This time I failed too.
>>
>> I sent an empty message to each of the remailers in opendkim-README:
>>
>> sa-test_at_sendmail.net
>> check-auth_at_verifier.port25.com
>> autorespond+dkim_at_dk.elandsys.com
>> test_at_dkimtest.jason.long.name
>> dktest_at_exhalus.net
>> dkim-test_at_altn.com
>> dktest_at_blackops.org
>>
>> In addition, I tried Gmail, Yahoo!, and the following three:
>> http://www.brandonchecketts.com/emailtest.php
>> http://www.appmaildev.com/en/dkim/
>> http://9vx.org/~dho/dkim_validate.php
>>
>> Results: test_at_dkimtest.jason.long.name bounced, the last two succeeded, the
>> rest failed. To be more precise, applemaildev failed on an empty message like
>> the one below; however, it succeeded when the body contained some text. The
>> other checkers manage to munge the From: line before verification, so they
>> cannot succeed.
>
> sa-test_at_sendmail.net is probably running a pretty old version of OpenDKIM by
> now (though I haven't checked). The blackops.org always runs the latest code.
> No idea about the rest.
Blackops and sendmail tried to validate messages whose headers respectively
contained the following fields:
From: "Display phrase of 51, total line length line of 76" <vesely_at_tana.it>
From: "Display phrase of 51, total line length line of 76" <vesely_at_tana.it>
(those two apparently identical fields came back from those two validators.)
The corresponding field in a bcc to myself was:
From: "Display phrase of 51, total line length line of 76" <vesely_at_tana.it>
I took the length of 76 from the bug report. I think the user noticed the
signature breakage and tried various lengths until he reproduced the bug. He
ascribed it to zdkimfilter, with good reason, and reported it to me. I wanted
to find a different validator to prove that the signature was good, but who am
I to assert that my program is correct while all validators in the world say
the opposite? Maybe you could try that, since it's you who wrote the RFC, but
I wouldn't bet on it nonetheless.
> However, I just sent an empty message (using alpine as the MUA) through
> blackops.org to sendmail.net and it came back fine.
What length did you try?
> I'm not sure if your results mean DKIM validators are buggy, or a lot of
> infrastructure monkeys with empty messages, or both, or something else.
Buggy validators is the most relevant point.
> It would be interesting to know what results you get for simple/relaxed and
> relaxed/simple as that would give us some hints about whether it's a header
> problem or a body problem. I would put my money on the latter (though not very
> much of it).
Not to cash your money in, but body was empty.
Ale
Received on Sat Dec 06 2014 - 14:27:21 PST