7062 – Mail-DKIM-0.4 seems brokken compared to opendkim testing

Bug 7062 - Mail-DKIM-0.4 seems brokken compared to opendkim testing

Summary: Mail-DKIM-0.4 seems brokken compared to opendkim testing

Status:	RESOLVED INVALID

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Plugins (show other bugs)
Version:	3.3.2
Hardware:	All All

Importance:	P2 normal
Target Milestone:	Undefined
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-06-26 19:46 UTC by Benny Pedersen
Modified:	2014-12-18 00:39 UTC (History)
CC List:	1 user (show)

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Benny Pedersen 2014-06-26 19:46:02 UTC

X-Spam-Rules: TestsScores=(BAYES_95=3,BOGOFILTER_UNSURE=0.1,DIET_1=0.001,
 DKIM_SIGNED=0.1,HTML_IMAGE_RATIO_02=0.437,HTML_MESSAGE=0.001,SPF_PASS=-0.1, T_DKIM_INVALID=0.01)

while opendkim add

Authentication-Results: duggi.junc.org;
	dkim=pass (1024-bit key) header.d=example.com header.i=innocent@example.com header.b=gBP9Uw+x;
	dkim-atps=neutral

is this the same problem as in bug 6462 ?

Comment 1 Mark Martinec 2014-06-30 00:13:59 UTC

(In reply to Benny Pedersen from comment #0)
> X-Spam-Rules: TestsScores=(BAYES_95=3,BOGOFILTER_UNSURE=0.1,DIET_1=0.001,
>  DKIM_SIGNED=0.1,HTML_IMAGE_RATIO_02=0.437,HTML_MESSAGE=0.001,SPF_PASS=-0.1,
> T_DKIM_INVALID=0.01)
> 
> while opendkim add
> 
> Authentication-Results: duggi.junc.org;
> 	dkim=pass (1024-bit key) header.d=example.com header.i=innocent@example.com
> header.b=gBP9Uw+x;
> 	dkim-atps=neutral

I'm not aware of any such issues with Mail::DKIM 0.40
or in a DKIM plugin in SpamAssassin.

If opendkim is used as a before-queue milter and SpamAssassin as
a post-queue content filter, then it is very likely that a message
has been altered inbetween.

> is this the same problem as in bug 6462 ?

Possibly. Sendmail is notorious for changing header fields,
like 'prettyfying' some syntax (like adding a space after colon),
or for canonicalization of addresses in From/To/Cc header fields
(like adding a missing domain name). The more the original message
has a broken or unusual header section, the more likely some
'smart' MTA will try to 'fix' it, breaking a DKIM signature while
doing so.

The best way to find out is to capture the message as it is
seen by opendkim, and comparing it to what is passed on to SpamAssassin.
Sometimes it is possible to guess what the change was by studying
the message as delivered to a recipient.

Comment 2 Mark Martinec 2014-12-18 00:39:28 UTC

Without further evidence, I can only close this as not-a-bug,
at least not in Mail::DKIM nor in SpamAssassin.