starred/cypht

Fork 0

mirror of https://github.com/cypht-org/cypht.git synced 2026-04-25 21:15:56 +03:00

[GH-ISSUE #796] dkim body hash fails #481

New issue

Closed

opened 2026-02-25 21:35:08 +03:00 by kerem · 14 comments

kerem commented

2026-02-25 21:35:08 +03:00

Owner

Originally created by @apezio on GitHub (Oct 20, 2023).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/796

Originally assigned to: @kambereBr on GitHub.

🐛 Bugreport

Using the latest code (only one I have tried) emails sent with cypht fail dkim verification. The error is "body hash did not verify"

I think cypht (or one of its libraries) is forgetting the end of the content-type boundary. In my example I am sending as text/plain but the same happens when sending as html or markdown.

Example body of email from cypht (quotes are mine):

"--EEbummS0cqZsZ4jVahUu7l5RWlOhhkRh8dQZC7PRP7RhHV2mfCWQgsiYKPLd
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable

dkim test 25"

and here it is at a destination:

"--EEbummS0cqZsZ4jVahUu7l5RWlOhhkRh8dQZC7PRP7RhHV2mfCWQgsiYKPLd
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable

dkim test 25

--EEbummS0cqZsZ4jVahUu7l5RWlOhhkRh8dQZC7PRP7RhHV2mfCWQgsiYKPLd--"

I am debugging the issue via opendkim's /etc/opendkim.conf options:

KeepTemporaryFiles yes
TemporaryDirectory /tmp/

This saves a copy of the body before and after it is sent.

My theory is that either opendkim or sendail is trying to 'fix' the missing boundary by adding the last "--EEbummS0cqZsZ4jVahUu7l5RWlOhhkRh8dQZC7PRP7RhHV2mfCWQgsiYKPLd--" which invalidates the dkim body hash.

I could be totally wrong and it could be something else. Something to do with CR/LF's, or an encoding / canonicalization issue.

Version & Environment

Rev: [10813]

OS: [cent os 7]

Steps to reproduce

Have opendkim running and correctly configured to sign outgoing emails.
Send any message to a gmail.com address.
View the message on gmail and click 'show original' check the dkim status.
Compare the message before it is mailed by cypht and the message at the destination.

Originally created by @apezio on GitHub (Oct 20, 2023). Original GitHub issue: https://github.com/cypht-org/cypht/issues/796 Originally assigned to: @kambereBr on GitHub. ## 🐛 Bugreport Using the latest code (only one I have tried) emails sent with cypht fail dkim verification. The error is "body hash did not verify" I think cypht (or one of its libraries) is forgetting the end of the content-type boundary. In my example I am sending as text/plain but the same happens when sending as html or markdown. Example body of email from cypht (quotes are mine): "--EEbummS0cqZsZ4jVahUu7l5RWlOhhkRh8dQZC7PRP7RhHV2mfCWQgsiYKPLd Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable dkim test 25" and here it is at a destination: "--EEbummS0cqZsZ4jVahUu7l5RWlOhhkRh8dQZC7PRP7RhHV2mfCWQgsiYKPLd Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable dkim test 25 --EEbummS0cqZsZ4jVahUu7l5RWlOhhkRh8dQZC7PRP7RhHV2mfCWQgsiYKPLd--" I am debugging the issue via opendkim's /etc/opendkim.conf options: KeepTemporaryFiles yes TemporaryDirectory /tmp/ This saves a copy of the body before and after it is sent. My theory is that either opendkim or sendail is trying to 'fix' the missing boundary by adding the last "--EEbummS0cqZsZ4jVahUu7l5RWlOhhkRh8dQZC7PRP7RhHV2mfCWQgsiYKPLd--" which invalidates the dkim body hash. I could be totally wrong and it could be something else. Something to do with CR/LF's, or an encoding / canonicalization issue. ### Version & Environment  Rev: [10813]  OS: [cent os 7] ### Steps to reproduce 1. Have opendkim running and correctly configured to sign outgoing emails. 2. Send any message to a gmail.com address. 3. View the message on gmail and click 'show original' check the dkim status. 4. Compare the message before it is mailed by cypht and the message at the destination.

kerem closed this issue

2026-02-25 21:35:08 +03:00

kerem commented

2026-02-25 21:35:09 +03:00

Author

Owner

@apezio commented on GitHub (Oct 20, 2023):

An easier way to view the behavior is to compose a message and Save it as a draft. Open the draft and view it with the 'raw' button. Send it, then view it again in the Sent mailbox (or where ever it is). You should see it was missing the closed boundary but then later has one...

still trying to figure this out

@apezio commented on GitHub (Oct 20, 2023): An easier way to view the behavior is to compose a message and Save it as a draft. Open the draft and view it with the 'raw' button. Send it, then view it again in the Sent mailbox (or where ever it is). You should see it was missing the closed boundary but then later has one... still trying to figure this out

kerem commented

2026-02-25 21:35:09 +03:00

Author

Owner

@apezio commented on GitHub (Oct 20, 2023):

Looks like changing line 234 of modules/smtp/hm-mime-message.php from:
$body = sprintf("--%s\r\nContent-Type: text/plain; charset=UTF-8; format=flowed\r\nContent-Transfer-Encoding: quoted-printable\r\n\r\n%s",

to:
$body = sprintf("--%s\r\nContent-Type: text/plain; charset=UTF-8; format=flowed\r\nContent-Transfer-Encoding: quoted-printable\r\n\r\n--".$this->boundary."--",

Adds the missing boundary, and dkim verify passes.

I never have understood the sprintf and %s thing but i think the error is in there and so on line 234 or 235.

@apezio commented on GitHub (Oct 20, 2023): Looks like changing line 234 of modules/smtp/hm-mime-message.php from: ` $body = sprintf("--%s\r\nContent-Type: text/plain; charset=UTF-8; format=flowed\r\nContent-Transfer-Encoding: quoted-printable\r\n\r\n%s", ` to: ` $body = sprintf("--%s\r\nContent-Type: text/plain; charset=UTF-8; format=flowed\r\nContent-Transfer-Encoding: quoted-printable\r\n\r\n--".$this->boundary."--", ` Adds the missing boundary, and dkim verify passes. I never have understood the sprintf and %s thing but i think the error is in there and so on line 234 or 235.

kerem commented

2026-02-25 21:35:09 +03:00

Author

Owner

@apezio commented on GitHub (Oct 22, 2023):

FYI - Most likely there are many other places within modules/smtp/hm-mime-message.php with this problem. The above doesn't 'solve' the issue but merely is a placeholder for someone who is more familiar with hm-mime-message.php to realize there's an issue and create a fix.

@apezio commented on GitHub (Oct 22, 2023): FYI - Most likely there are many other places within modules/smtp/hm-mime-message.php with this problem. The above doesn't 'solve' the issue but merely is a placeholder for someone who is more familiar with hm-mime-message.php to realize there's an issue and create a fix.

kerem commented

2026-02-25 21:35:09 +03:00

Author

Owner

@marclaporte commented on GitHub (Mar 9, 2024):

@apezio We are not currently equipped to set up a sandbox to test (We have Cypht sandboxes but not with DNS management for DKIM). Can you coordinate with @kambereBr for a screenshare session about this?

Thanks!

@marclaporte commented on GitHub (Mar 9, 2024): @apezio We are not currently equipped to set up a sandbox to test (We have Cypht sandboxes but not with DNS management for DKIM). Can you coordinate with @kambereBr for a screenshare session about this? Thanks!

kerem commented

2026-02-25 21:35:09 +03:00

Author

Owner

@marclaporte commented on GitHub (May 6, 2024):

@apezio please

@marclaporte commented on GitHub (May 6, 2024): @apezio please

kerem commented

2026-02-25 21:35:09 +03:00

Author

Owner

@apezio commented on GitHub (May 6, 2024):

I no longer have or use cypht so I dont think I can be of any more help here.

@apezio commented on GitHub (May 6, 2024): I no longer have or use cypht so I dont think I can be of any more help here.

kerem commented

2026-02-25 21:35:09 +03:00

Author

Owner

@apezio commented on GitHub (May 6, 2024):

Sorry I accidently marked this as Closed and I don't know how to undo that.

@apezio commented on GitHub (May 6, 2024): Sorry I accidently marked this as Closed and I don't know how to undo that.

kerem commented

2026-02-25 21:35:09 +03:00

Author

Owner

@marclaporte commented on GitHub (May 6, 2024):

I no longer have or use cypht

I hope you come back to Cypht.

We have done a lot of great work and released Cypht 2.0:
https://github.com/cypht-org/cypht/releases/tag/v2.0.0

The stats show the progress:
https://openhub.net/p/cypht

We can supply a server, and we can fix code issues in Cypht, but we need you help for the DKIM aspect.

Thanks!

@marclaporte commented on GitHub (May 6, 2024): > I no longer have or use cypht I hope you come back to Cypht. We have done a lot of great work and released Cypht 2.0: https://github.com/cypht-org/cypht/releases/tag/v2.0.0 The stats show the progress: https://openhub.net/p/cypht We can supply a server, and we can fix code issues in Cypht, but we need you help for the DKIM aspect. Thanks!

kerem commented

2026-02-25 21:35:09 +03:00

Author

Owner

@marclaporte commented on GitHub (Sep 28, 2024):

The Cypht 2.x series is getting quite good. The latest is:
https://github.com/cypht-org/cypht/releases/tag/v2.4.0 is

@marclaporte commented on GitHub (Sep 28, 2024): The Cypht 2.x series is getting quite good. The latest is: https://github.com/cypht-org/cypht/releases/tag/v2.4.0 is

kerem commented

2026-02-25 21:35:09 +03:00

Author

Owner

@marclaporte commented on GitHub (Aug 20, 2025):

@JohnXLivingston Do we have a server with DKIM that @kambereBr could use to test?

@marclaporte commented on GitHub (Aug 20, 2025): @JohnXLivingston Do we have a server with DKIM that @kambereBr could use to test?

kerem commented

2026-02-25 21:35:09 +03:00

Author

Owner

@JohnXLivingston commented on GitHub (Aug 20, 2025):

@JohnXLivingston Do we have a server with DKIM that @kambereBr could use to test?

It should be possible to test using any email account from our usual mail provider. DKIM signature happens on the outgoing SMTP server.

@JohnXLivingston commented on GitHub (Aug 20, 2025): > [@JohnXLivingston](https://github.com/JohnXLivingston) Do we have a server with DKIM that [@kambereBr](https://github.com/kambereBr) could use to test? It should be possible to test using any email account from our usual mail provider. DKIM signature happens on the outgoing SMTP server.

kerem commented

2026-02-25 21:35:09 +03:00

Author

Owner

@kambereBr commented on GitHub (Aug 20, 2025):

@JohnXLivingston Do we have a server with DKIM that @kambereBr could use to test?

It should be possible to test using any email account from our usual mail provider. DKIM signature happens on the outgoing SMTP server.

Thanks, @JohnXLivingston. I’ll give this another try and see if I can reproduce it.

@kambereBr commented on GitHub (Aug 20, 2025): > > [@JohnXLivingston](https://github.com/JohnXLivingston) Do we have a server with DKIM that [@kambereBr](https://github.com/kambereBr) could use to test? > > It should be possible to test using any email account from our usual mail provider. DKIM signature happens on the outgoing SMTP server. Thanks, @JohnXLivingston. I’ll give this another try and see if I can reproduce it.

kerem commented

2026-02-25 21:35:09 +03:00

Author

Owner

@kambereBr commented on GitHub (Aug 24, 2025):

Issue reproduced and here is the PR: https://github.com/cypht-org/cypht/pull/1631

This issue has already been addressed in Cypht 2.x, so this PR backports the fix to the 1.4.x branch.

@kambereBr commented on GitHub (Aug 24, 2025): Issue reproduced and here is the PR: https://github.com/cypht-org/cypht/pull/1631 This issue has already been addressed in Cypht 2.x, so this PR backports the fix to the 1.4.x branch.

kerem commented

2026-02-25 21:35:09 +03:00

Author

Owner

@kambereBr commented on GitHub (Aug 25, 2025):

The PR has been merged, so this issue is now resolved and will be closed.

@kambereBr commented on GitHub (Aug 25, 2025): The PR has been merged, so this issue is now resolved and will be closed.

kerem referenced this issue

2026-02-25 21:36:24 +03:00

[PR #481] [MERGED] Remove Hm_Ajax.abort when checkboxes are checked #842