Bad DKIM signatures over various whitespace problems #42

zx2c4 · 2022-11-02T11:54:48Z

Sometimes, emails get an invalid DKIM signature. I wrote about these to [email protected], but perhaps here's a better place. It's a long thread so I'll reproduce highlights of it here:

Using a fairly typical OpenSMTPD+rspamd setup, I'm finding that emails sent that have the ^L escape in them or end with a trailing space and a newline come out with an invalid DKIM signature. Something basic like:

filter rspamd proc-exec "filter-rspamd"
listen on ... filter rspamd

Everything else is otherwise pretty default and vanilla.

Here are two emails that exhibit the issue in mbox format, so you can open these with mutt -f ./file.mbx and then use b to bounce them through opensmtpd+rspamd.

$ base64 -d > naughty-email1.mbx

RnJvbSA5YjM1Mzg5NWViZGUyZDgzZTA5MTk4YTYzZGJjYmVlMmNmNTg5OWQ0IE1vbiBTZXAgMTcg
MDA6MDA6MDAgMjAwMQpGcm9tOiAiSmFzb24gQS4gRG9uZW5mZWxkIiA8SmFzb25AengyYzQuY29t
PgpEYXRlOiBUdWUsIDI2IEp1bCAyMDIyIDAwOjIwOjIxICswMjAwClN1YmplY3Q6IHRlc3QgY29y
cnVwdGlvbiB3aXRoIGEgXkwgbWVzc2FnZQpNSU1FLVZlcnNpb246IDEuMApDb250ZW50LVR5cGU6
IHRleHQvcGxhaW47IGNoYXJzZXQ9VVRGLTgKQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogOGJp
dAoKZGlmZiAtLWdpdCBhL0xJQ0VOU0VTIGIvTElDRU5TRVMKaW5kZXggY2QwNGZiNmU4NC4uNTMw
ODkzYjFkYyAxMDA2NDQKLS0tIGEvTElDRU5TRVMKKysrIGIvTElDRU5TRVMKQEAgLTM4OSwyNiAr
Mzg5LDMgQEAgQ29weXJpZ2h0IDIwMDEgYnkgU3RlcGhlbiBMLiBNb3NoaWVyIDxtb3NoaWVyQG5h
LW5ldC5vcm5sLmdvdj4KICBZb3Ugc2hvdWxkIGhhdmUgcmVjZWl2ZWQgYSBjb3B5IG9mIHRoZSBH
TlUgTGVzc2VyIEdlbmVyYWwgUHVibGljCiAgTGljZW5zZSBhbG9uZyB3aXRoIHRoaXMgbGlicmFy
eTsgaWYgbm90LCBzZWUKICA8aHR0cHM6Ly93d3cuZ251Lm9yZy9saWNlbnNlcy8+LiAgKi8KLQwK
ClRoZSBhYm92ZSBzaG91bGQgY2F1c2UgaXNzdWVzLgo=

$ base64 -d > naughty-email2.mbx

RnJvbSA5YjM1Mzg5NWViZGUyZDgzZTA5MTk4YTYzZGJjYmVlMmNmNTg5OWQ0IE1vbiBTZXAgMTcg
MDA6MDA6MDAgMjAwMQpEYXRlOiBNb24sIDEwIE9jdCAyMDIyIDE2OjE5OjM5ICswMjAwCkZyb206
IGphc29uQHp4MmM0LmNvbQpUbzogamFzb25AengyYzQuY29tClN1YmplY3Q6IG9oIG5vIGFub3Ro
ZXIgb25lIG9mIHRoZXNlIHRlc3RzCk1JTUUtVmVyc2lvbjogMS4wCkNvbnRlbnQtVHlwZTogdGV4
dC9wbGFpbjsgY2hhcnNldD11dGYtOApDb250ZW50LURpc3Bvc2l0aW9uOiBpbmxpbmUKCiAK

Try sending these messages through OpenSMTPD + rspamd, and you'll find that invariably the signature is wrong.

The text was updated successfully, but these errors were encountered:

zx2c4 mentioned this issue Nov 4, 2022

[BUG] Bad DKIM signatures over various whitespace problems with OpenSMTPD rspamd/rspamd#4322

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bad DKIM signatures over various whitespace problems #42

Bad DKIM signatures over various whitespace problems #42

zx2c4 commented Nov 2, 2022 •

edited

Loading

Bad DKIM signatures over various whitespace problems #42

Bad DKIM signatures over various whitespace problems #42

Comments

zx2c4 commented Nov 2, 2022 • edited Loading

zx2c4 commented Nov 2, 2022 •

edited

Loading