DKIM still fails in 6.1.2

[odysseuscm]

I went back to 6.0.7 before where DKIM is valid and now tested again with 6.1.2 - still the same problem with invalid DKIM.
Does 6.1.x need some additional configuration or is it a bug?

Sent with 6.0.7:
X-Mailer: PHPMailer 6.0.7 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_KjlYtTgeEOdl1qvch7y5awwrfGICJ5RThTBUeyrQ"
Content-Transfer-Encoding: 8bit
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=1790; s=fda;
t=1573676928; c=relaxed/simple;
h=From:To:Date:Subject;
d=mydomain.de; i=xxx@mydomain.de;
bh=uMhFirT2E90PLxh5pYwoKsmqrzPEJigVlFrRVfzCAVM=;
b=LU4p9Ut5kc64X0AGfT/AFMwdAbI58SpfVCiZhV6j4bSntfs28+4PemkjLpdaJ6NafXX69bKBvJIF+tZz6Upy3JyxxC8kwf0GyUtgEDfJ1UMkkbyJhOdCjKW/YOPTkeoI4Fy/KuKuKRpDtR1cTLqyvAg3/eOHv/+dgFbv/8cKv+xFcZmBJJwFKVvn6kD7vRuUxzMtywBJT3AmkEqibZKe+eNPiXhAFBWwzcX/G/tn6qoSjJ0QDrYeQnIOBvGzPNBN6MbhXMG17ZPpC7QRjp2q3V6Gq44PInSBjGcdJJ8N326cNnGQI2RYazcisrg0jA1vbUNP346Iemrjz6ony4pAJQ==
X-bounce-key: webpack.hosteurope.de;xxx@mydomain.de;1573676928;32484aaf;
X-HE-SMSGID: 1iUzFw-0001A1-Mh
X-HE-Virus-Scanned: Yes
X-HE-Spam-Level: /
X-HE-Spam-Score: 0.9
X-HE-Spam-Report: Content analysis details: (0.9 points)
pts rule name description

---

1.0 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of
words
0.1 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.0 TVD_SPACE_RATIO No description available.
X-HE-SPF: PASSED
Envelope-to: XYZ@mydomain.de

This is a multi-part message in MIME format.
--b1_KjlYtTgeEOdl1qvch7y5awwrfGICJ5RThTBUeyrQ
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Sent with 6.1.2:
X-Mailer: PHPMailer 6.1.2 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_E9l25jGUbOVahJT0PYIOhAZcIrDhOd9BhBxl48Zx2lI"
Content-Transfer-Encoding: 8bit
DKIM-Signature: v=1; d=mydomain.de; s=fda;
a=rsa-sha256; q=dns/txt; l=1799; t=1573677099; c=relaxed/simple;
h=Date:To:From:Subject:Message-ID:X-Mailer:Content-Type;
i=xxx@mydomain.de;
bh=fQAADVDszXOQ7442hTEKYhWcS63JV23RY7VKLT0ctgU=;
b=xY/kIxAeseCFJy9zw/e3m6ldnZpUOam3B7F7/xPi3353T3n76Hd3GsvqwleJ1TmokUyECM22W
xYe7UxfaopaB2T4cZg6yuyb7h799qDW79RoN/NZ2knEjTXCqMlomfZMNdTEDu68cbfohvdfST
b+xXEfa1Vx/mpxmrdI1NKAycc/AuuB1IMzlz8pehxN2UQFlk6s0klCEQXy3qpYw5TglHpsjsP
w7wKWSQB16vwuodpKHFTmpONMdOWjIRtD+K8vHqwawPBVjBs2OPTbDDRXbIr89yTSbebCyMQU
7m2GWRBjKuNwWIYdRPyqCGlzeDz5jlr8QplkqqaDzRwSpk954Q==
X-bounce-key: webpack.hosteurope.de;xxx@mydomain.de;1573677099;19ed546b;
X-HE-SMSGID: 1iUzIh-0001eG-BS
X-HE-Virus-Scanned: Yes
X-HE-Spam-Level: +++
X-HE-Spam-Score: 3.8
X-HE-Spam-Report: Content analysis details: (3.8 points)
pts rule name description

---

0.1 HTML_MESSAGE BODY: HTML included in message
1.0 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of
words
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
0.0 TVD_SPACE_RATIO No description available.
2.5 TVD_SPACE_RATIO_MINFP Space ratio
X-HE-SPF: PASSED
Envelope-to: XYZ@mydomain.de

This is a multi-part message in MIME format.
--b1_E9l25jGUbOVahJT0PYIOhAZcIrDhOd9BhBxl48Zx2lI
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Thanks for taking a look
Chris

[XL-2000]

[EDITED] OOPS... misread opening post, see new post below

[odysseuscm]

Hi XL,

that's because you looked at the example from 6.0.7. Below it I posted the result from the same message sent with 6.1.2. and that's not valid:

0.1 HTML_MESSAGE BODY: HTML included in message
1.0 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of words
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
0.0 TVD_SPACE_RATIO No description available.
2.5 TVD_SPACE_RATIO_MINFP Space ratio
X-HE-SPF: PASSED
Envelope-to: XYZ@mydomain.de

[XL-2000]

Sorry Chris,
What is the debugging / logging state? I am running 6.1.2 without any problems....
Are your paths fully quantified and settings correct?

My local run testing against SpamAssissin resulted in:

            [report] =>  pts rule                   description                                       
---- ---------------------- --------------------------------------------------
-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1% [score:   
                            0.0000]                                           
-0.0 NO_RELAYS              Informational: message was not relayed via SMTP   
 0.0 HTML_MESSAGE           BODY: HTML included in message                    
-0.1 DKIM_VALID             Message has at least one valid DKIM or DK         
                            signature                                         
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not           
                            necessarily valid                                 
-0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from     
                            author's domain                                   
-0.0 NO_RECEIVED            Informational: message has no Received headers  

[odysseuscm]

Hi,
I'm running these tests an a live web server; I assume that everything is configured fine if it works in 6.0.7; I did not change the configuration, just upgraded/downgraded PHPMailer. That's why I asked if additional configuration is needed for 6.1.2.
Sorry, I do not know how to do debugging/logging for DKIM problems. I'm only aware of how to debug SMTP - and I don't use SMTP for sending.
I'm grateful for any help.
Best
Chris

[Synchro]

Can you give it a try using SMTP to localhost? All it requires is adding $mail->isSMTP(); - the default settings should be OK if mail() is working for you and you have a local mail server.

[odysseuscm]

No, I do not have a local mail server (it's a simple webspace from Host Europe).
But I can change the configuration to smtp, I just have to change the email setup first. I'll report later.
P.S. I'm currently using sendmail()

[odysseuscm]

Yep, sending via SMTP works, DKIM is valid.
So why does it work with sendmail in 6.0.7 but not in 6.1.2?

[Synchro]

That's good. There were many other problems with DKIM in 6.0.7 - see #1860 and related issues in #1525. mail() can be very tricky to deal with because it alters messages after submission (in particular it adds a subject line and removes BCC header), exactly the kind of thing that DKIM is looking to detect. In future versions of PHPMailer I'm pretty much sold on removing support for sending via mail() altogether since the inherent security issues it has are still not solved, and it's slower than SMTP to localhost.

I'm not sure exactly what is breaking DKIM with mail(), but I'm not too concerned as in the vast majority of uses of it (mail server installed locally), it's easily replaced with SMTP. Overall it's a symptom of PHPMailer's internal design, or lack thereof - the way that headers are stored and formatted is extremely messy and inconsistent, so it's very hard to trace this kind of issue. I am considering a rewrite!

[odysseuscm]

Thanks for the information. So I'll try to use SMTP whenever possible.

[angerits]

@Synchro , not really sure that mine is the same issue, as 6.1.1 is working for me. But fixing the whole DKIM thing might be good enough for now ;-)

[ghost]

@Synchro

DKIM signature does not work when static::$LE=="\n"
It appends when $this->Mailer!='smtp' AND PHP_OS!="WIN".

Here are the messages I got, using PHPMailer/DKIMValidator:

Computed body hash does not match signature body hash
DKIM signature did not verify

I spent a whole day to understand and track the issue in the code.

My pull request #1962

I tested locally using "mail" on MacOS, using PHPMailer/DKIMValidator, and it works just fine.

[Synchro]

Can everyone in this thread please give the version in the master branch a try - thanks to @F10CH and others these DKIM issues should be resolved, but it would be good to have further confirmation.

[odysseuscm]

Hi, I can confirm it now works with Sendmail and SMTP!

[zdenekvecera]

Hi, I tested it with Sendmail. It works now! Thanks.