RE: opendkim body hash did not verify problem

From: Dino Ciuffetti <>
Date: Sat, 24 Apr 2010 01:52:18 +0200 (CEST)

Ok, I found which is the header that create problem in my case.
It's Content-Type.

>> 2) the header called "Content-Type" change its value some way and its
>> position

> The value change might cause a problem even for "relaxed", depending on
> what the change was. If it was simply adding or removing spaces (e.g.
> re-wrapping the value) it should still work. But again, position changes
> don't affect DKIM.

The original header coming from was:
Content-Type: text/plain; charset=ISO-8859-1
(Return from dkim_getresultstr(): Success)

The courier-mta modified version that fails DKIM verification is:
Content-Type: text/plain; charset=iso-8859-1
(Return from dkim_getresultstr(): Bad signature)

I have found that simply changing the value to uppercase fixed the problem
and the verification succeeded.

Should relaxed canonicalization tolerate such case modification into the
header value or not?

Hi, Dino.

Dino Ciuffetti
Linux System Administrator and Architect
TuxWeb S.r.l. -
Received on Fri Apr 23 2010 - 23:52:32 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:19:47 PST