RE: opendkim 2.10.3 versus header letter case

From: Kirk MacDonald <Kirk.MacDonald_at_corp.eastlink.ca>
Date: Tue, 23 Feb 2016 20:13:23 +0000

I think I’ve answered my own question – relaxed vs simple header Canonicalization… 3.4.1/3.4.2 of RFC4871.

From: opendkim-users-bounce_at_lists.opendkim.org [mailto:opendkim-users-bounce_at_lists.opendkim.org] On Behalf Of Kirk MacDonald
Sent: Tuesday, February 23, 2016 3:13 PM
To: 'opendkim-users_at_lists.opendkim.org' <opendkim-users_at_lists.opendkim.org>
Subject: opendkim 2.10.3 versus header letter case

I’ve been testing a problem a DKIM signer is having using the email relay I administer. To replicate their situation I setup a domain I control for DKIM, setup postfix and opendkim and started testing.

The short version of what I have found is that if I sign using headers like Message-ID or Content-Type, my production relay MTAs (not postfix) seem to be changing these to “Message-Id” and “Content-type”. The actual values of the headers are unchanged.

I used the KeepTemporaryFiles opendkim option to examine what milter is processing and the header names still have the capital letters at that point.

If I specify those headers in the SignHeaders options in opendkim.conf, I get DKIM failures at the recipient side. If I omit them, I get passes. Interestingly I specified the User-Agent header, which my production MTA does not change the letter case of for whatever reason, and naturally got DKIM passes.

Is this letter case changing a red herring, and instead the failures could be “something else”?


Kirk MacDonald
System Administrator
Internet
Eastlink

Received on Tue Feb 23 2016 - 20:13:37 PST