RE: opendkim body hash did not verify problem

From: Murray S. Kucherawy <>
Date: Thu, 22 Apr 2010 12:41:04 -0700 (PDT)

On Thu, 22 Apr 2010, Dino Ciuffetti wrote:
> In my case courier-mta ( is rewriting some
> headers on mails coming from "":

I'll check out the thread soon, but here's a quick reply to the examples
you gave:

> 1) the header called "MIME-Version" become "Mime-Version" and it also
> change position

"relaxed" header canonicalization would tolerate the case change, and DKIM
is not affected by header position changes. "simple" header
canonicalization though would fail because of the case change. Did you
try "relaxed" in your tests?

> 2) the header called "Content-Type" change its value some way and its
> position

The value change might cause a problem even for "relaxed", depending on
what the change was. If it was simply adding or removing spaces (e.g.
re-wrapping the value) it should still work. But again, position changes
don't affect DKIM.

> 3) a non existent header called "Content-Transfer-Encoding" get added by
> courier

New header fields generally don't affect DKIM unless the signer arranged
for verification to fail if that header field gets added. That is, the
signer could have specified "this signature must fail if
Content-Transfer-Encoding gets added", in which case the verifier was
acting correctly by failing the signature.
Received on Thu Apr 22 2010 - 19:41:30 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:19:47 PST