Announcement

Collapse
No announcement yet.

DKIM signature fail when sending emiail via Browser

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • DKIM signature fail when sending emiail via Browser

    Hello,

    The title says pretty much everything I am currently facing with right now. To be more precise:

    I run my own mail server and have successfully configured DKIM. There are bunch of websites out there to validate the correctness of the configuration. One of them is http://dkimvalidator.com which I am using for my tests.

    Now the issue is when sending a HTML email using App Suite within a browser the email is somehow modified in a way that the DKIM signature seems to be invalid. Sending a HTML email using iOS (connected via ActiveSync to App Suite) does not show this behaviour. Also sending a plain text email using the browser passes the DKIM signature validation.

    So the question is: what is App Suite modifying (I assume the bold text below) and why?

    Below the output of dkimvalidator.com

    Code:
    Received: from  (xx.xx.xx [xx.xx.xx.xx])
    	by relay-6.us-west-2.relay-prod (Postfix) with ESMTPS id 72A1C4602D3
    	for <SOd3Q73lgQ68MG@dkimvalidator.com>; Wed,  4 Apr 2018 13:21:58 +0000 (UTC)
    DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xx.xx; s=x;
    	h=Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Message-ID:To:From:Date; bh=BlRU/qV0gCahvmOMcaCPoX/COkmMOSka4cLG/PQ+zjM=;
    	b=HSLWZDQj7mz6vZNblRig0j/EcU1JFrkuVQNZUFLa1gztOL6XxRU69qhGmooMcbCH1aBp6g4VBp1JUhpwIrgOn2vjCDBBYtbDL3kgt4EIZqKD2jfOLQLcXw823i6tjVKIYldD4cr8FLkoefdqrvK41NQU4sRschBO53dz8Gjn4d9Q3OLSQiFwwxSQT0R3fKA5dPz08nNtoXh0Vg4qRTRMaa7X7h42Kb+pLC7sbK8obMDOp2P5SxSjFa/TlRTfUxsi1k5OX4vRJWWZnJcmgreKgJ2xg+M4P5dxJFtatz3/IfCtDHXdlkXLB2AlyvDI41gNE+XTM1wRLKkTsoIPx/FYrA==;
    Received: from localhost ([127.0.0.1] helo=null)
    	by xx.xx.xx with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256)
    	(Exim 4.84_2)
    	(envelope-from <xx@xx.xx>)
    	id 1f3iMM-000Etp-MG
    	for SOd3Q73lgQ68MG@dkimvalidator.com; Wed, 04 Apr 2018 15:21:56 +0200
    Date: Wed, 4 Apr 2018 15:21:54 +0200 (CEST)
    From: xx xx <xx@xx.xx>
    To: SOd3Q73lgQ68MG@dkimvalidator.com
    Message-ID: <1037496807.51.1522848114492@xx.xx>
    Subject: [No Subject]
    MIME-Version: 1.0
    Content-Type: text/html; charset=UTF-8
    Content-Transfer-Encoding: 7bit
    X-Priority: 3
    Importance: Medium
    X-Mailer: Open-Xchange Mailer v7.8.4-Rev25
    X-Originating-Client: open-xchange-appsuite
    X-Spam_score: 0.1
    X-Spam_score_int: 1
    X-Spam_bar: /
    X-Spam_report: Spam detection software, running on the system "xx.xx.xx",
     has NOT identified this incoming email as spam.  The original
     message has been attached to this so you can view it or label
     similar future email.  If you have any questions, see
     the administrator of that system for details.
     
     Content preview:  [...] 
     
     Content analysis details:   (0.1 points, 5.0 required)
     
      pts rule name              description
     ---- ---------------------- --------------------------------------------------
     -1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
      1.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
      0.0 HTML_MESSAGE           BODY: HTML included in message
      0.0 TVD_SPACE_RATIO        No description available.
    
    [B]<!DOCTYPE html>
    <html><head>
        <meta charset="UTF-8">
    </head><body></body></html>[/B]
    
    Message contains this DKIM Signature:
    DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xx.xx; s=x;
    	h=Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Message-ID:To:From:Date; bh=BlRU/qV0gCahvmOMcaCPoX/COkmMOSka4cLG/PQ+zjM=;
    	b=HSLWZDQj7mz6vZNblRig0j/EcU1JFrkuVQNZUFLa1gztOL6XxRU69qhGmooMcbCH1aBp6g4VBp1JUhpwIrgOn2vjCDBBYtbDL3kgt4EIZqKD2jfOLQLcXw823i6tjVKIYldD4cr8FLkoefdqrvK41NQU4sRschBO53dz8Gjn4d9Q3OLSQiFwwxSQT0R3fKA5dPz08nNtoXh0Vg4qRTRMaa7X7h42Kb+pLC7sbK8obMDOp2P5SxSjFa/TlRTfUxsi1k5OX4vRJWWZnJcmgreKgJ2xg+M4P5dxJFtatz3/IfCtDHXdlkXLB2AlyvDI41gNE+XTM1wRLKkTsoIPx/FYrA==;
    
    
    Signature Information:
    v= Version:         1
    a= Algorithm:       rsa-sha256
    c= Method:          relaxed/relaxed
    d= Domain:          xx
    s= Selector:        x
    q= Protocol:        dns/txt
    bh=                 BlRU/qV0gCahvmOMcaCPoX/COkmMOSka4cLG/PQ+zjM=
    h= Signed Headers:  Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Message-ID:To:From:Date
    b= Data:            HSLWZDQj7mz6vZNblRig0j/EcU1JFrkuVQNZUFLa1gztOL6XxRU69qhGmooMcbCH1aBp6g4VBp1JUhpwIrgOn2vjCDBBYtbDL3kgt4EIZqKD2jfOLQLcXw823i6tjVKIYldD4cr8FLkoefdqrvK41NQU4sRschBO53dz8Gjn4d9Q3OLSQiFwwxSQT0R3fKA5dPz08nNtoXh0Vg4qRTRMaa7X7h42Kb+pLC7sbK8obMDOp2P5SxSjFa/TlRTfUxsi1k5OX4vRJWWZnJcmgreKgJ2xg+M4P5dxJFtatz3/IfCtDHXdlkXLB2AlyvDI41gNE+XTM1wRLKkTsoIPx/FYrA==
    Public Key DNS Lookup
    
    Building DNS Query for x._domainkey.xx.xx
    Retrieved this publickey from DNS: v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqWwWj0icI3OYy8xuFlSrAWR/nexz2xHDUmdUaJYOBjMyNs3lblzYXNCOpmCuROZL7QstAvZSF0MBS5rxYZasdFHhT1Bc4g4OVaNtVZI/I8wYcp0D6eGoGSX5qOXQc7ruvTiqed9jnG3X3rS0hdcF8PLVb1WSi00W+mqzvSzMSVXuE9jd1Fqk5L+/0RIZfmuDD+yNf4Z3TZ3j/soKN4fbt5QiVYWYozumv4g7Sk0wbPB1ekUSwIc3DbjbI7lAqMVqbKyImeNyRxt78B3g4d4LRMDL03Ug7PM3OFgP4m+kDiOiRTw5wJKhEzLjPv6IR0RXZKTtr/cM7J7CNrLZxCI5wIDAQAB
    Validating Signature
    
    result = fail
    Details: body has been altered
    Thank you in advance.

  • #2
    I don't fully get what you have tested.
    DKIM signature is typically added by the MTA after the mail is sent out from App Suite. So how would App Suite modify the content after the relaying MTA?
    Or what did I misunderstand?

    Comment

    Working...
    X