Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DKIM failing for few content #36

Closed
err-him opened this issue Nov 5, 2020 · 6 comments
Closed

DKIM failing for few content #36

err-him opened this issue Nov 5, 2020 · 6 comments

Comments

@err-him
Copy link

err-him commented Nov 5, 2020
edited
Loading

Hi, I am using go-msgauth for DKIM signing, great work congratulations !!!
I have problems with DKIM Signature in Gmail for a few email contents, for these content DKIM signature keep getting failed.

for an example :

ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sendinblue.com header.s=mail header.b=T6i602+P;
       spf=softfail (google.com: domain of transitioning bounces-q8f58wqygj-himanshu.gupta=sendinblue.com@af.d.mailin.fr does not designate 35.205.54.170 as permitted sender) smtp.mailfrom="bounces-q8f58wqygj-himanshu.gupta=sendinblue.com@af.d.mailin.fr";
       dmarc=fail (p=QUARANTINE sp=REJECT dis=QUARANTINE) header.from=sendinblue.com
Return-Path: <bounces-q8f58wqygj-himanshu.gupta=sendinblue.com@af.d.mailin.fr>
Received: from af.d.mailin.fr (170.54.205.35.bc.googleusercontent.com. [35.205.54.170])
        by mx.google.com with ESMTPS id s9si2177413wrw.217.2020.11.04.06.51.40
        for <himanshu.gupta@sendinblue.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 04 Nov 2020 06:51:40 -0800 (PST)
Received-SPF: softfail (google.com: domain of transitioning bounces-q8f58wqygj-himanshu.gupta=sendinblue.com@af.d.mailin.fr does not designate 35.205.54.170 as permitted sender) client-ip=35.205.54.170;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sendinblue.com header.s=mail header.b=T6i602+P;
       spf=softfail (google.com: domain of transitioning bounces-q8f58wqygj-himanshu.gupta=sendinblue.com@af.d.mailin.fr does not designate 35.205.54.170 as permitted sender) smtp.mailfrom="bounces-q8f58wqygj-himanshu.gupta=sendinblue.com@af.d.mailin.fr";
       dmarc=fail (p=QUARANTINE sp=REJECT dis=QUARANTINE) header.from=sendinblue.com
DKIM-Signature: a=rsa-sha256; bh=tsJuZ3BBjTNiYd1Pko8h9O45UrrLuZSBfAKIytHhm2o=; c=relaxed/relaxed; d=sendinblue.com; h=to:cc:from:reply-to:subject:date:mime-version:content-type:list-id:list-unsubscribe:x-csa-complaints:list-unsubscribe-post:message-id:sender:x-sib-id:x-mailin-client:x-mailin-campaign:feedback-id; q=dns/txt; s=mail; t=1604501499; v=1; b=T6i602+P7mdrFC4aPd9dKM/58FXn60O9mj6x+7LdlvBQrUQIrPUOL4yjhtkn7fUAqxvs30Vt DihM3qpitLU+zh8aMOQQT/WNoThsxwJC/QRzWxdilJxVKj6Sni6ekbrbWhzsPTD02sSZgaLq9Cg xydC4YDTgmYjGTxh43Qu1Na8=

complete headers are:

DKIM-Signature: a=rsa-sha256; bh=tsJuZ3BBjTNiYd1Pko8h9O45UrrLuZSBfAKIytHhm2o=; c=relaxed/relaxed; d=sendinblue.com; h=to:cc:from:reply-to:subject:date:mime-version:content-type:list-id:list-unsubscribe:x-csa-complaints:list-unsubscribe-post:message-id:sender:x-sib-id:x-mailin-client:x-mailin-campaign:feedback-id; q=dns/txt; s=mail; t=1604501499; v=1; b=T6i602+P7mdrFC4aPd9dKM/58FXn60O9mj6x+7LdlvBQrUQIrPUOL4yjhtkn7fUAqxvs30Vt DihM3qpitLU+zh8aMOQQT/WNoThsxwJC/QRzWxdilJxVKj6Sni6ekbrbWhzsPTD02sSZgaLq9Cg xydC4YDTgmYjGTxh43Qu1Na8=
To: <himanshu.gupta@sendinblue.com>
Subject: TEST - TOKEN
Content-Type: multipart/related; boundary="-------?=_15190-7781879174214"
Date: Wed, 04 Nov 2020 14:51:39 +0000
Feedback-ID: 185.41.28.6:2039507_20:2039507:Sendinblue
From: SendInBlue <himanshu.gupta+222@sendinblue.com>
List-Id: MjAzOTUwNy05LTA= <MjAzOTUwNy05LTA=.list-id.mailin.fr>
List-Unsubscribe: <mailto:unsubscribe@af.d.mailin.fr?subject=unsub-q8f58wqygj&body=q8f58wqygj>,<https://r-auto-staging.51b.tech:4443/mk/un/li/OzndvdDOLEokf1e4v6_EcvlIfdLOPM7UEIkT8y2Qz1Is0lAlpXwDqIP4tUB8nJm_TLLR2QXxcNP05U-aEMZIHTue_kleNlwVhy9c8oKzw4WJUqThT71cCUtifsq_iXF-fnktEkUy1Jnj4si5kohK6zOUzxyJTTgZ>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
MIME-Version: 1.0
Message-Id: <202004111451.q8f58wqygj@af.d.mailin.fr>
Precedence: bulk
Reply-To: himanshu.gupta+222@sendinblue.com
X-Mailer: Sendinblue
X-Mailin-Campaign: 20
X-Mailin-Client: 2039507
X-sib-id: _YOHDLQjhQ2BrGXt57vL3A4UFIAMU8R9CSPxtOoJn865p0B2RADz3R3oIYC5c-YWGG_JPVf9N917KoSGd0PbI1Ol45-lALTkOTh5YmjUucT_Gtn8cUX4s4agq_KPIXaJ4EJFvkFYcGSeVYfdVuoxxrtVwP6VotoAoN0XhflPUB2FDQ

PS: DKIM is not failing for every email and for every domain. for few contents it keeps failing
Any Idea? Thanks
@emersion
Copy link
Owner

emersion commented Nov 5, 2020

Can you try to compare emails which fail and emails which don't? Kind of hard to tell what's up without full email bodies.

mschneider82 added a commit to mschneider82/go-msgauth that referenced this issue Nov 19, 2020
@mschneider82
fix body hash issue in relaxe mode emersion#36
f51edc4
@mschneider82 mschneider82 mentioned this issue Nov 19, 2020
Closed
mschneider82 added a commit to mschneider82/go-msgauth that referenced this issue Nov 19, 2020
@mschneider82
Merge pull request #1 from mschneider82/fix-bodychecksum
6526e06 
fix body hash issue in relaxe mode emersion#36
@mschneider82

This comment has been minimized.

Sign in to view
@foxcpp
Copy link
Contributor

foxcpp commented Nov 20, 2020

Since body hash computation is used in both signing and verification, it is probably a good idea to keep that as one issue affecting both verify & signing.

@mschneider82
Copy link

@foxcpp so the relaxedCanonicalizer is also used for signing? I havnt checked this, but my fix works for my examples. If you have an better approach to fix this issue I can test it

@emersion
Copy link
Owner

Can you try master now that #39 has been merged?

foxcpp added a commit to foxcpp/maddy that referenced this issue Nov 27, 2020
@foxcpp
Bump go-msgauth version
c906002 
See emersion/go-msgauth#36

allow_body_subset directive for check.dkim is removed since
signatures with BodyLength are no longer supported by upstream.
@err-him
Copy link
Author

err-him commented Dec 3, 2020

Yes it does fix the issue, I implemented the custom solution but seems it does better now.Thanks

@emersion emersion closed this as completed Dec 3, 2020
@emersion emersion mentioned this issue Jan 11, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@emersion @mschneider82 @foxcpp @err-him