ares_parse() fails on outlook.com/alum.mit.edu added header #73
Comments
|
The mail is being received for alum.mit.edu by Office365, which adds the malformed AR header, and keeps it there when forwarded to its final destination. |
|
@mskucherawy and I will review. |
|
It fails because outlook.com/Office 365 is not including it's own host name as the first item in the header, as it should. I don't know why that is, but when I see the message delivered also into the outlook.com mailbox, it has the added AR header without the host name as the first item. |
|
jstedfast/MimeKit#490 notes the same problem. |
|
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/email-validation-and-authentication?view=o365-worldwide describes their creation of the header. No authserv-id is ever shown. |
|
This looks like a duplicate of #48. |
|
OpenDKIM header read failures with emails from Microsoft services has been a problem for me for a very long time, I keep hoping to see a project update or at least a patch for the issue. But to be honest, I'm beginning to wonder if the project has been abandoned |
|
This happens with all o365 signed emails. They omit the ADMD on DKIM signatures. Arbitrary example : Authentication-Results: OpenDKIM only understands AR headers with the ADMD; in place. For DKIM the ADMR seems optional out in the world. Authentication-Results: thefunkychecken.com; Its a bit hard to follow, but it seems like the parser in opendkim-ar.c assumes there will always be an ADMD present Google etc., accept the Authentication-Results from o365 without an error, as do o365 instances. For DKIM at least, seems like the starting "something;" token(s) after the header name, should be optional. |
opendkim 2.11.0-Beta2 reports in maillog:
failed to parse Authentication-Results: header field
I patched it to include the offending header content in the syslog to find it:
Authentication-Results: spf=pass (sender IP is 209.85.219.172)#12 smtp.mailfrom=example.org; alum.mit.edu; dkim=pass (signature was verified)#12 header.d=example.org;alum.mit.edu; dmarc=pass action=none#012 header.from=example.org;compauth=pass reason=100
This header is being added by MX alum-mit-edu.mail.protection.outlook.com which receives mail on behalf of the MIT alum.mit.edu email forwarding service, before forwarding on to the true destination address. At that true destination, opendkim reports its inability to parse this header.
When mail is sent directly from example.org to the true destination address (not going through the alum.mit.edu forwarder), the above header is not added, and opendkim works as expected.
The text was updated successfully, but these errors were encountered: