dkim body hash fails

[apezio]

🐛 Bugreport

Using the latest code (only one I have tried) emails sent with cypht fail dkim verification. The error is "body hash did not verify"

I think cypht (or one of its libraries) is forgetting the end of the content-type boundary. In my example I am sending as text/plain but the same happens when sending as html or markdown.

Example body of email from cypht (quotes are mine):

"--EEbummS0cqZsZ4jVahUu7l5RWlOhhkRh8dQZC7PRP7RhHV2mfCWQgsiYKPLd
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable

dkim test 25"

and here it is at a destination:

"--EEbummS0cqZsZ4jVahUu7l5RWlOhhkRh8dQZC7PRP7RhHV2mfCWQgsiYKPLd
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable

dkim test 25

--EEbummS0cqZsZ4jVahUu7l5RWlOhhkRh8dQZC7PRP7RhHV2mfCWQgsiYKPLd--"

I am debugging the issue via opendkim's /etc/opendkim.conf options:

KeepTemporaryFiles yes
TemporaryDirectory /tmp/

This saves a copy of the body before and after it is sent.

My theory is that either opendkim or sendail is trying to 'fix' the missing boundary by adding the last "--EEbummS0cqZsZ4jVahUu7l5RWlOhhkRh8dQZC7PRP7RhHV2mfCWQgsiYKPLd--" which invalidates the dkim body hash.

I could be totally wrong and it could be something else. Something to do with CR/LF's, or an encoding / canonicalization issue.

Version & Environment

Rev: [10813]

OS: [cent os 7]

Steps to reproduce

1. Have opendkim running and correctly configured to sign outgoing emails.
2. Send any message to a gmail.com address.
3. View the message on gmail and click 'show original' check the dkim status.
4. Compare the message before it is mailed by cypht and the message at the destination.

[apezio]

An easier way to view the behavior is to compose a message and Save it as a draft. Open the draft and view it with the 'raw' button. Send it, then view it again in the Sent mailbox (or where ever it is). You should see it was missing the closed boundary but then later has one...

still trying to figure this out

[apezio]

Looks like changing line 234 of modules/smtp/hm-mime-message.php from:
$body = sprintf("--%s\r\nContent-Type: text/plain; charset=UTF-8; format=flowed\r\nContent-Transfer-Encoding: quoted-printable\r\n\r\n%s",

to:
$body = sprintf("--%s\r\nContent-Type: text/plain; charset=UTF-8; format=flowed\r\nContent-Transfer-Encoding: quoted-printable\r\n\r\n--".$this->boundary."--",

Adds the missing boundary, and dkim verify passes.

I never have understood the sprintf and %s thing but i think the error is in there and so on line 234 or 235.

[apezio]

FYI - Most likely there are many other places within modules/smtp/hm-mime-message.php with this problem. The above doesn't 'solve' the issue but merely is a placeholder for someone who is more familiar with hm-mime-message.php to realize there's an issue and create a fix.

[marclaporte]

@apezio We are not currently equipped to set up a sandbox to test (We have Cypht sandboxes but not with DNS management for DKIM). Can you coordinate with @kambereBr for a screenshare session about this?

Thanks!

[marclaporte]

@apezio please

[apezio]

I no longer have or use cypht so I dont think I can be of any more help here.

[apezio]

Sorry I accidently marked this as Closed and I don't know how to undo that.

[marclaporte]

I no longer have or use cypht

I hope you come back to Cypht.

We have done a lot of great work and released Cypht 2.0:
https://github.com/cypht-org/cypht/releases/tag/v2.0.0

The stats show the progress:
https://openhub.net/p/cypht

We can supply a server, and we can fix code issues in Cypht, but we need you help for the DKIM aspect.

Thanks!