starred/dkim-exchange-Pro
1
0
Fork 0
mirror of https://github.com/Pro/dkim-exchange.git synced 2026-04-25 08:55:52 +03:00
Code Issues 4 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #113] Some messages aren't signed correctly #91

New issue
Closed
opened 2026-02-26 10:35:49 +03:00 by kerem · 30 comments
kerem commented 2026-02-26 10:35:49 +03:00
Owner
Copy link

Originally created by @VictorSvetogor on GitHub (Nov 18, 2015).
Original GitHub issue: https://github.com/Pro/dkim-exchange/issues/113

Hi,

I 've found out that some messages aren't signed correctly. I use 2.1.8 version with Exchange 2010. Sometimes i see on gmail and other mail providers that the mail from my domain has incorrect DKIM.
see here:
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of victor@beloil.by designates 82.209.214.26 as permitted sender) smtp.mailfrom=victor@beloil.by;
dkim=neutral (body hash did not verify) header.i=@beloil.by;
dmarc=pass (p=REJECT dis=NONE) header.from=beloil.by
DKIM-Signature: v=1; a=rsa-sha256; s=corpmail; d=beloil.by; c=simple/simple; q=dns/txt; h=Date : From : Message-ID : Subject : To; bh=EHdx8zaZspFi6uIOK2ZIs8/v4TZnditLkDdpcHL1QII=; b=kpjLFR1jk8UAodbdYVk56o5+iB+mauEv4N+EvUvfGo8qfPYkWWYup58r3iDtoU2J6hN0Prr3VLUmOP517b94n4pC3VWTKw1KeGI5JxMNizvzSElZvSVT/Ww/47D7O9ybqPHxNCylR7YNH//k3ENinnr/aOmleybJKdswAQMpKAM=;

if i remove the attached file (for example) - this message is passes the DKIM test. could you help?

Victor

Originally created by @VictorSvetogor on GitHub (Nov 18, 2015). Original GitHub issue: https://github.com/Pro/dkim-exchange/issues/113 Hi, I 've found out that some messages aren't signed correctly. I use 2.1.8 version with Exchange 2010. Sometimes i see on gmail and other mail providers that the mail from my domain has incorrect DKIM. see here: Authentication-Results: mx.google.com; spf=pass (google.com: domain of victor@beloil.by designates 82.209.214.26 as permitted sender) smtp.mailfrom=victor@beloil.by; dkim=neutral (body hash did not verify) header.i=@beloil.by; dmarc=pass (p=REJECT dis=NONE) header.from=beloil.by DKIM-Signature: v=1; a=rsa-sha256; s=corpmail; d=beloil.by; c=simple/simple; q=dns/txt; h=Date : From : Message-ID : Subject : To; bh=EHdx8zaZspFi6uIOK2ZIs8/v4TZnditLkDdpcHL1QII=; b=kpjLFR1jk8UAodbdYVk56o5+iB+mauEv4N+EvUvfGo8qfPYkWWYup58r3iDtoU2J6hN0Prr3VLUmOP517b94n4pC3VWTKw1KeGI5JxMNizvzSElZvSVT/Ww/47D7O9ybqPHxNCylR7YNH//k3ENinnr/aOmleybJKdswAQMpKAM=; if i remove the attached file (for example) - this message is passes the DKIM test. could you help? Victor
kerem 2026-02-26 10:35:49 +03:00
  • closed this issue
  • added the
    bug
    agent
         labels
kerem commented 2026-02-26 10:35:50 +03:00
Author
Owner
Copy link

@stevemayster commented on GitHub (Nov 18, 2015):

Hello Viktor.
Did you install dkim-exchange on edge server or you have a relay server wich faced to internet?

<!-- gh-comment-id:157816310 --> @stevemayster commented on GitHub (Nov 18, 2015): Hello Viktor. Did you install dkim-exchange on edge server or you have a relay server wich faced to internet?
kerem commented 2026-02-26 10:35:50 +03:00
Author
Owner
Copy link

@VictorSvetogor commented on GitHub (Nov 19, 2015):

Hi, stevemayster

it's installed on edge server.

<!-- gh-comment-id:157954988 --> @VictorSvetogor commented on GitHub (Nov 19, 2015): Hi, stevemayster it's installed on edge server.
kerem commented 2026-02-26 10:35:50 +03:00
Author
Owner
Copy link

@stevemayster commented on GitHub (Nov 19, 2015):

@VictorSvetogor so message going from edge straight to internet?
I'm asking because i have same issue but i thought it's because i have anti-spam system wich relay mail.

<!-- gh-comment-id:157967472 --> @stevemayster commented on GitHub (Nov 19, 2015): @VictorSvetogor so message going from edge straight to internet? I'm asking because i have same issue but i thought it's because i have anti-spam system wich relay mail.
kerem commented 2026-02-26 10:35:50 +03:00
Author
Owner
Copy link

@VictorSvetogor commented on GitHub (Nov 19, 2015):

stevemayster,

yes, messages are going to Internet straight from the edge server.
i have installed Forefront Protection for Exchange on the edge server (it's doing antivirus protection also), but the DKIM signer is installed with lower priority (15). I guess it works with messages AFTER all other exchange transport agents.

[PS] C:\Windows\system32>Get-TransportAgent

Identity Enabled Priority
Vamsoft ORF SMTP Receive Agent True 1
Vamsoft ORF Routing Agent True 2
Connection Filtering Agent True 3
Address Rewriting Inbound Agent True 4
Edge Rule Agent True 5
Content Filter Agent False 6
Sender Id Agent True 7
Sender Filter Agent True 8
Recipient Filter Agent True 9
Protocol Analysis Agent True 10
Attachment Filtering Agent True 11
Address Rewriting Outbound Agent True 12
FSE Routing Agent True 13
FSE Connection Filtering Agent True 14
Exchange DkimSigner True 15
<!-- gh-comment-id:157983841 --> @VictorSvetogor commented on GitHub (Nov 19, 2015): stevemayster, yes, messages are going to Internet straight from the edge server. i have installed Forefront Protection for Exchange on the edge server (it's doing antivirus protection also), but the DKIM signer is installed with lower priority (15). I guess it works with messages AFTER all other exchange transport agents. [PS] C:\Windows\system32>Get-TransportAgent | Identity | Enabled | Priority | | --- | --- | --- | | Vamsoft ORF SMTP Receive Agent | True | 1 | | Vamsoft ORF Routing Agent | True | 2 | | Connection Filtering Agent | True | 3 | | Address Rewriting Inbound Agent | True | 4 | | Edge Rule Agent | True | 5 | | Content Filter Agent | False | 6 | | Sender Id Agent | True | 7 | | Sender Filter Agent | True | 8 | | Recipient Filter Agent | True | 9 | | Protocol Analysis Agent | True | 10 | | Attachment Filtering Agent | True | 11 | | Address Rewriting Outbound Agent | True | 12 | | FSE Routing Agent | True | 13 | | FSE Connection Filtering Agent | True | 14 | | Exchange DkimSigner | True | 15 |
kerem commented 2026-02-26 10:35:50 +03:00
Author
Owner
Copy link

@stevemayster commented on GitHub (Nov 19, 2015):

@VictorSvetogor Interesting. I would try to disable FSE on short time and try to send a message.
But, it's your deсision.

<!-- gh-comment-id:158006172 --> @stevemayster commented on GitHub (Nov 19, 2015): @VictorSvetogor Interesting. I would try to disable FSE on short time and try to send a message. But, it's your deсision.
kerem commented 2026-02-26 10:35:50 +03:00
Author
Owner
Copy link

@VictorSvetogor commented on GitHub (Nov 20, 2015):

Hi stevemayster ,

I found that the "Attachment Filtering Agent" prevents the correct DKIM signing a message. Once i disabled it - all is ok. But this is not the right solution....

<!-- gh-comment-id:158382693 --> @VictorSvetogor commented on GitHub (Nov 20, 2015): Hi stevemayster , I found that the "Attachment Filtering Agent" prevents the correct DKIM signing a message. Once i disabled it - all is ok. But this is not the right solution....
kerem commented 2026-02-26 10:35:50 +03:00
Author
Owner
Copy link

@Pro commented on GitHub (Nov 21, 2015):

@VictorSvetogor does this happen to any e-mail with an attachment or is it dependent on the file type or e.g. file size?

<!-- gh-comment-id:158651014 --> @Pro commented on GitHub (Nov 21, 2015): @VictorSvetogor does this happen to any e-mail with an attachment or is it dependent on the file type or e.g. file size?
kerem commented 2026-02-26 10:35:50 +03:00
Author
Owner
Copy link

@VictorSvetogor commented on GitHub (Nov 22, 2015):

@Pro

I found that this happens if I send a message with an attachment that has non- latin name of the file.

<!-- gh-comment-id:158759260 --> @VictorSvetogor commented on GitHub (Nov 22, 2015): @Pro I found that this happens if I send a message with an attachment that has non- latin name of the file.
kerem commented 2026-02-26 10:35:51 +03:00
Author
Owner
Copy link

@Pro commented on GitHub (Nov 22, 2015):

I'll try to reproduce this problem on my test server so I can find the part of the code which is causing the problem. This will take some days until I have time. If someone else has time to narrow the problem down I'm happy for any help 👍

<!-- gh-comment-id:158761981 --> @Pro commented on GitHub (Nov 22, 2015): I'll try to reproduce this problem on my test server so I can find the part of the code which is causing the problem. This will take some days until I have time. If someone else has time to narrow the problem down I'm happy for any help :+1:
kerem commented 2026-02-26 10:35:51 +03:00
Author
Owner
Copy link

@stevemayster commented on GitHub (Nov 22, 2015):

@Pro I have same problem too,but my file doesn't have non-latin name of the file.
I think it's happen because my anti-spam filter system wich act as relay server broke signature,but i don't sure because it's happen not with all messages with attachment. How can i help you?

<!-- gh-comment-id:158785888 --> @stevemayster commented on GitHub (Nov 22, 2015): @Pro I have same problem too,but my file doesn't have non-latin name of the file. I think it's happen because my anti-spam filter system wich act as relay server broke signature,but i don't sure because it's happen not with all messages with attachment. How can i help you?
kerem commented 2026-02-26 10:35:51 +03:00
Author
Owner
Copy link

@MikeLabatt commented on GitHub (Nov 25, 2015):

I have a similar "body hash did not verify" issue (tested with Gmail inbox) when sending messages with subject only, no message body. Resending the same message with body, the signature works fine. This is DKIM Signer 2.1.8 on edge Exchange 2007 server going straight to the internet.

Agents are:

Identity Enabled Priority

Connection Filtering Agent True 1
Address Rewriting Inbound Agent True 2
Edge Rule Agent True 3
Content Filter Agent True 4
Sender Id Agent True 5
Sender Filter Agent True 6
Recipient Filter Agent True 7
Protocol Analysis Agent True 8
Attachment Filtering Agent True 9
Address Rewriting Outbound Agent True 10
Exchange DkimSigner True 11

Tried different priorities, like 3 vs. 11, with same result: with body it signs OK, without body it fails.

dkim-signature: v=1; a=rsa-sha256; s=mail; d=example.com; c=relaxed/relaxed; q=dns/txt; h=Date:From:Message-ID:Subject:To; bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=; b=FDo7CfwA4jj1mQtEb7bR9K+kAvnnD4BTnff5iiIFxEg5ox9ofRNINoO25yAqdFsNu6euUKC5RqyPjAqJhfQcFNGAxG7qDG7TQvvtbabTDv7ayTVOxpjM4eqYEraODKvlre+Cn06aBEL3JcN2ZhEhl9rgczo+PN84WpY6jQA51dA=;

Also, what looks like a minor bugglet: when the configuration tool opens, it does not re-select the radio button associated to RsaSha256.

<!-- gh-comment-id:159483739 --> @MikeLabatt commented on GitHub (Nov 25, 2015): I have a similar "body hash did not verify" issue (tested with Gmail inbox) when sending messages with subject only, no message body. Resending the same message with body, the signature works fine. This is DKIM Signer 2.1.8 on edge Exchange 2007 server going straight to the internet. Agents are: Identity Enabled Priority --- Connection Filtering Agent True 1 Address Rewriting Inbound Agent True 2 Edge Rule Agent True 3 Content Filter Agent True 4 Sender Id Agent True 5 Sender Filter Agent True 6 Recipient Filter Agent True 7 Protocol Analysis Agent True 8 Attachment Filtering Agent True 9 Address Rewriting Outbound Agent True 10 Exchange DkimSigner True 11 Tried different priorities, like 3 vs. 11, with same result: with body it signs OK, without body it fails. dkim-signature: v=1; a=rsa-sha256; s=mail; d=example.com; c=relaxed/relaxed; q=dns/txt; h=Date:From:Message-ID:Subject:To; bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=; b=FDo7CfwA4jj1mQtEb7bR9K+kAvnnD4BTnff5iiIFxEg5ox9ofRNINoO25yAqdFsNu6euUKC5RqyPjAqJhfQcFNGAxG7qDG7TQvvtbabTDv7ayTVOxpjM4eqYEraODKvlre+Cn06aBEL3JcN2ZhEhl9rgczo+PN84WpY6jQA51dA=; Also, what looks like a minor bugglet: when the configuration tool opens, it does not re-select the radio button associated to <SigningAlgorithm>RsaSha256</SigningAlgorithm>.
kerem commented 2026-02-26 10:35:51 +03:00
Author
Owner
Copy link

@AlexLaroche commented on GitHub (Nov 25, 2015):

What canonicalization to do you use?
What are the value of field in your message?
content-Type and content-transfer-encoding

<!-- gh-comment-id:159746284 --> @AlexLaroche commented on GitHub (Nov 25, 2015): What canonicalization to do you use? What are the value of field in your message? content-Type and content-transfer-encoding
kerem commented 2026-02-26 10:35:51 +03:00
Author
Owner
Copy link

@MikeLabatt commented on GitHub (Nov 26, 2015):

Canonicalization of header/body: relaxed/relaxed
Key size: 1024
Hash: SHA-256
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
If the body is empty, Gmail headers indicate "body hash did not verify".
If the body contains text, GMail indicates dkim=pass. Content-Type and Content-Transfer-Encoding are the same.

The above two variations were also retried with an empty subject, with the same result (empty message failed body hash, empty subject with body passed).

Yahoo mail gives the same results: email without body gives "dkim=permerror (bad sig)", while email with body results in "dkim=pass (ok)".

<!-- gh-comment-id:159772800 --> @MikeLabatt commented on GitHub (Nov 26, 2015): Canonicalization of header/body: relaxed/relaxed Key size: 1024 Hash: SHA-256 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable If the body is empty, Gmail headers indicate "body hash did not verify". If the body contains text, GMail indicates dkim=pass. Content-Type and Content-Transfer-Encoding are the same. The above two variations were also retried with an empty subject, with the same result (empty message failed body hash, empty subject with body passed). Yahoo mail gives the same results: email without body gives "dkim=permerror (bad sig)", while email with body results in "dkim=pass (ok)".
kerem commented 2026-02-26 10:35:51 +03:00
Author
Owner
Copy link

@Pro commented on GitHub (Nov 26, 2015):

@MikeLabatt the small bug with the radio button is now fixed, see: github.com/Pro/dkim-exchange@6cd52a755d (thanks @AlexLaroche)

Regarding the other problem of invalid signature: I'll try to find some time in the weekend to debug the problem.

<!-- gh-comment-id:159985993 --> @Pro commented on GitHub (Nov 26, 2015): @MikeLabatt the small bug with the radio button is now fixed, see: https://github.com/Pro/dkim-exchange/commit/6cd52a755d3f2190f7ef44f16679448841852dd3 (thanks @AlexLaroche) Regarding the other problem of invalid signature: I'll try to find some time in the weekend to debug the problem.
kerem commented 2026-02-26 10:35:51 +03:00
Author
Owner
Copy link

@VictorSvetogor commented on GitHub (Nov 27, 2015):

@Pro ,

i've sent the email to you.

<!-- gh-comment-id:160049895 --> @VictorSvetogor commented on GitHub (Nov 27, 2015): @Pro , i've sent the email to you.
kerem commented 2026-02-26 10:35:51 +03:00
Author
Owner
Copy link

@MikeLabatt commented on GitHub (Nov 27, 2015):

@Pro: sent you two emails around 20:03 UTC (one with body, one without body, as per issue)

<!-- gh-comment-id:160134812 --> @MikeLabatt commented on GitHub (Nov 27, 2015): @Pro: sent you two emails around 20:03 UTC (one with body, one without body, as per issue)
kerem commented 2026-02-26 10:35:51 +03:00
Author
Owner
Copy link

@MikeLabatt commented on GitHub (Nov 28, 2015):

@Pro: Just sent you another mail, concerning a similar body hash failure, but this time with emails that have an attachment (and a message body).

<!-- gh-comment-id:160330426 --> @MikeLabatt commented on GitHub (Nov 28, 2015): @Pro: Just sent you another mail, concerning a similar body hash failure, but this time with emails that have an attachment (and a message body).
kerem commented 2026-02-26 10:35:51 +03:00
Author
Owner
Copy link

@Pro commented on GitHub (Nov 29, 2015):

@MikeLabatt, @VictorSvetogor I looked at your emails and also tried to reproduce the error, but with no success. Can you please send first a mail where the DKIM signature should be OK to the E-Mail address indicated below. And then each mail which failed signing separately to this e-mail address:
check-auth-git=s.profanter.me@verifier.port25.com

Using this E-mail address I get the full content of the mail and all the required info (see https://www.port25.com/support/authentication-center/email-verification/ for more info).

<!-- gh-comment-id:160397621 --> @Pro commented on GitHub (Nov 29, 2015): @MikeLabatt, @VictorSvetogor I looked at your emails and also tried to reproduce the error, but with no success. Can you please send first a mail where the DKIM signature should be OK to the E-Mail address indicated below. And then each mail which failed signing separately to this e-mail address: `check-auth-git=s.profanter.me@verifier.port25.com` Using this E-mail address I get the full content of the mail and all the required info (see https://www.port25.com/support/authentication-center/email-verification/ for more info).
kerem commented 2026-02-26 10:35:51 +03:00
Author
Owner
Copy link

@MikeLabatt commented on GitHub (Dec 2, 2015):

@Pro: done (all three emails resent in the same order).

<!-- gh-comment-id:161321186 --> @MikeLabatt commented on GitHub (Dec 2, 2015): @Pro: done (all three emails resent in the same order).
kerem commented 2026-02-26 10:35:51 +03:00
Author
Owner
Copy link

@avoidik commented on GitHub (Dec 11, 2015):

Same problem with Exchange 2010 UR11 no matter of canonicalization algorithms. Body contains cyrillic symbols without attachments. If i remove my email signature dkim passed. Is this encoding problem?

Test email


test

-- 
С уважением, Вася Пупкин
Старший помощник главного дворника
8(495)555-05-05

Result from port25 with specified signature

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         fail (wrong body hash: expected jyd/c+ILEe9+8WW6blVnTI3WYj4=)
ID(s) verified: 
Canonicalized Headers:
    Date:'20'Fri,'20'11'20'Dec'20'2015'20'11:23:28'20'+0300'0D''0A'
    From:'20'removed@private.data'0D''0A'
    '09'<removed@private.data>'0D''0A'
    Message-ID:'20'<removed@private.data>'0D''0A'
    Subject:'20'test'0D''0A'
    To:'20'<check-auth2@verifier.port25.com>'0D''0A'
    DKIM-Signature:'20'v=1;'20'a=rsa-sha1;'20's=selector_removed;'20'd=domain_removed;'20'c=simple/simple;'20'q=dns/txt;'20'h=Date'20':'20'From'20':'20'Message-ID'20':'20'Subject'20':'20'To;'20'bh=88/Es1HWcf3uWK1WWaakly0DiB0=;'20'b=;

Canonicalized Body:
    test'0D''0A'
    '0D''0A'
    --'20''0D''0A'
    'D0''A1''20''D1''83''D0''B2''D0''B0''D0''B6''D0''B5''D0''BD''D0''B8''D0''B5''D0''BC','20''D0''92''D0''B0''D1''81''D1''8F''20''D0''9F''D1''83''D0''BF''D0''BA''D0''B8''D0''BD''0D''0A'
    'D0''A1''D1''82''D0''B0''D1''80''D1''88''D0''B8''D0''B9''20''D0''BF''D0''BE''D0''BC''D0''BE''D1''89''D0''BD''D0''B8''D0''BA''20''D0''B3''D0''BB''D0''B0''D0''B2''D0''BD''D0''BE''D0''B3''D0''BE''20''D0''B4''D0''B2''D0''BE''D1''80''D0''BD''D0''B8''D0''BA''D0''B0''0D''0A'
    8(495)555-05-05'0D''0A'

Result from port25 without specified signature

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         pass (matches From: removed@private.data)
ID(s) verified: header.d=domain_removed
Canonicalized Headers:
    Date:'20'Fri,'20'11'20'Dec'20'2015'20'11:27:31'20'+0300'0D''0A'
    From:'20'removed@private.data'0D''0A'
    '09'<removed@private.data>'0D''0A'
    Message-ID:'20'<removed@private.data>'0D''0A'
    Subject:'20'test'0D''0A'
    To:'20'<check-auth2@verifier.port25.com>'0D''0A'
    DKIM-Signature:'20'v=1;'20'a=rsa-sha1;'20's=selector_removed;'20'd=domain_removed;'20'c=simple/simple;'20'q=dns/txt;'20'h=Date'20':'20'From'20':'20'Message-ID'20':'20'Subject'20':'20'To;'20'bh=/edzoYuyn17WXm8KeqcX/R+khdQ=;'20'b=;

Canonicalized Body:
    test'0D''0A'

If we check email inside google email, the difference in one line.
Content-Transfer-Encoding: 7bit <- passed
Content-Transfer-Encoding: 8bit <- not passed

<!-- gh-comment-id:163867913 --> @avoidik commented on GitHub (Dec 11, 2015): Same problem with Exchange 2010 UR11 no matter of canonicalization algorithms. Body contains cyrillic symbols without attachments. If i remove my email signature dkim passed. Is this encoding problem? Test email ``` test -- С уважением, Вася Пупкин Старший помощник главного дворника 8(495)555-05-05 ``` Result from port25 with specified signature ``` ---------------------------------------------------------- DKIM check details: ---------------------------------------------------------- Result: fail (wrong body hash: expected jyd/c+ILEe9+8WW6blVnTI3WYj4=) ID(s) verified: Canonicalized Headers: Date:'20'Fri,'20'11'20'Dec'20'2015'20'11:23:28'20'+0300'0D''0A' From:'20'removed@private.data'0D''0A' '09'<removed@private.data>'0D''0A' Message-ID:'20'<removed@private.data>'0D''0A' Subject:'20'test'0D''0A' To:'20'<check-auth2@verifier.port25.com>'0D''0A' DKIM-Signature:'20'v=1;'20'a=rsa-sha1;'20's=selector_removed;'20'd=domain_removed;'20'c=simple/simple;'20'q=dns/txt;'20'h=Date'20':'20'From'20':'20'Message-ID'20':'20'Subject'20':'20'To;'20'bh=88/Es1HWcf3uWK1WWaakly0DiB0=;'20'b=; Canonicalized Body: test'0D''0A' '0D''0A' --'20''0D''0A' 'D0''A1''20''D1''83''D0''B2''D0''B0''D0''B6''D0''B5''D0''BD''D0''B8''D0''B5''D0''BC','20''D0''92''D0''B0''D1''81''D1''8F''20''D0''9F''D1''83''D0''BF''D0''BA''D0''B8''D0''BD''0D''0A' 'D0''A1''D1''82''D0''B0''D1''80''D1''88''D0''B8''D0''B9''20''D0''BF''D0''BE''D0''BC''D0''BE''D1''89''D0''BD''D0''B8''D0''BA''20''D0''B3''D0''BB''D0''B0''D0''B2''D0''BD''D0''BE''D0''B3''D0''BE''20''D0''B4''D0''B2''D0''BE''D1''80''D0''BD''D0''B8''D0''BA''D0''B0''0D''0A' 8(495)555-05-05'0D''0A' ``` Result from port25 without specified signature ``` ---------------------------------------------------------- DKIM check details: ---------------------------------------------------------- Result: pass (matches From: removed@private.data) ID(s) verified: header.d=domain_removed Canonicalized Headers: Date:'20'Fri,'20'11'20'Dec'20'2015'20'11:27:31'20'+0300'0D''0A' From:'20'removed@private.data'0D''0A' '09'<removed@private.data>'0D''0A' Message-ID:'20'<removed@private.data>'0D''0A' Subject:'20'test'0D''0A' To:'20'<check-auth2@verifier.port25.com>'0D''0A' DKIM-Signature:'20'v=1;'20'a=rsa-sha1;'20's=selector_removed;'20'd=domain_removed;'20'c=simple/simple;'20'q=dns/txt;'20'h=Date'20':'20'From'20':'20'Message-ID'20':'20'Subject'20':'20'To;'20'bh=/edzoYuyn17WXm8KeqcX/R+khdQ=;'20'b=; Canonicalized Body: test'0D''0A' ``` If we check email inside google email, the difference in one line. Content-Transfer-Encoding: 7bit <- passed Content-Transfer-Encoding: 8bit <- not passed
kerem commented 2026-02-26 10:35:51 +03:00
Author
Owner
Copy link

@avoidik commented on GitHub (Dec 11, 2015):

And the answer is this:
http://stbuehler.de/blog/article/2011/05/19/dkim_fails_at_content-transfer-encoding.html

It turns out the DKIM rfc says you SHOULD always convert your messages to 7bit / quoted-printable encodings…
<!-- gh-comment-id:163874753 --> @avoidik commented on GitHub (Dec 11, 2015): And the answer is this: http://stbuehler.de/blog/article/2011/05/19/dkim_fails_at_content-transfer-encoding.html ``` It turns out the DKIM rfc says you SHOULD always convert your messages to 7bit / quoted-printable encodings… ```
kerem commented 2026-02-26 10:35:52 +03:00
Author
Owner
Copy link

@Pro commented on GitHub (Dec 11, 2015):

@avoidik Thanks for your further analysis. It seems that the problem is related to #86
I'll try to debug the problem next sunday and hopefully come up with a solution

<!-- gh-comment-id:163881518 --> @Pro commented on GitHub (Dec 11, 2015): @avoidik Thanks for your further analysis. It seems that the problem is related to #86 I'll try to debug the problem next sunday and hopefully come up with a solution
kerem commented 2026-02-26 10:35:52 +03:00
Author
Owner
Copy link

@Pro commented on GitHub (Dec 14, 2015):

I've found MimeKit (https://github.com/jstedfast/MimeKit) which also provides a better implementation for DKIM signing. We will integrate it into this agent and release it as version 3.0.0 (see https://github.com/Pro/dkim-exchange/tree/mime_kit). This will probably reduce the number of problems regarding wrongly signed mails. It will take some days, hopefully it is ready in January.

<!-- gh-comment-id:164423757 --> @Pro commented on GitHub (Dec 14, 2015): I've found MimeKit (https://github.com/jstedfast/MimeKit) which also provides a better implementation for DKIM signing. We will integrate it into this agent and release it as version 3.0.0 (see https://github.com/Pro/dkim-exchange/tree/mime_kit). This will probably reduce the number of problems regarding wrongly signed mails. It will take some days, hopefully it is ready in January.
kerem commented 2026-02-26 10:35:52 +03:00
Author
Owner
Copy link

@Pro commented on GitHub (Jan 1, 2016):

v3.0.0 beta is now released. This should fix the 8bit issue:
https://github.com/Pro/dkim-exchange/releases/tag/v3.0.0-beta

<!-- gh-comment-id:168315068 --> @Pro commented on GitHub (Jan 1, 2016): v3.0.0 beta is now released. This should fix the 8bit issue: https://github.com/Pro/dkim-exchange/releases/tag/v3.0.0-beta
kerem commented 2026-02-26 10:35:52 +03:00
Author
Owner
Copy link

@VictorSvetogor commented on GitHub (Feb 22, 2016):

i've installed 3.0.1, but it didn't help

<!-- gh-comment-id:187067162 --> @VictorSvetogor commented on GitHub (Feb 22, 2016): i've installed 3.0.1, but it didn't help
kerem commented 2026-02-26 10:35:52 +03:00
Author
Owner
Copy link

@Pro commented on GitHub (Feb 22, 2016):

Ok, then maybe this is fixed in the new Mime Kit version 1.2.21 (https://github.com/jstedfast/MimeKit/blob/master/ReleaseNotes.md)
It mentiones 'Fixed MimeMessage.DkimSign() to not enforce 7bit encoding of the body. (issue #224)'

This version will be included in the next dkim signer release.

<!-- gh-comment-id:187079023 --> @Pro commented on GitHub (Feb 22, 2016): Ok, then maybe this is fixed in the new Mime Kit version 1.2.21 (https://github.com/jstedfast/MimeKit/blob/master/ReleaseNotes.md) It mentiones 'Fixed MimeMessage.DkimSign() to not enforce 7bit encoding of the body. (issue #224)' This version will be included in the next dkim signer release.
kerem commented 2026-02-26 10:35:52 +03:00
Author
Owner
Copy link

@Pro commented on GitHub (Feb 27, 2016):

Please check the new version:
https://github.com/Pro/dkim-exchange/releases/tag/v3.0.2.
If there's still an issue with 8-bit signing, please open an issue on the MimeKit repo: https://github.com/jstedfast/MimeKit/issues and link it here.

<!-- gh-comment-id:189652217 --> @Pro commented on GitHub (Feb 27, 2016): Please check the new version: https://github.com/Pro/dkim-exchange/releases/tag/v3.0.2. If there's still an issue with 8-bit signing, please open an issue on the MimeKit repo: https://github.com/jstedfast/MimeKit/issues and link it here.
kerem commented 2026-02-26 10:35:52 +03:00
Author
Owner
Copy link

@wish01 commented on GitHub (Feb 17, 2017):

Hello, I installed version 3.0.8 and mimekit 1.2.21. Error signed letters with the name in Russian investments, dkim Error signature continues. Message gmail: DKIM: NEUTRAL, domain null

<!-- gh-comment-id:280543803 --> @wish01 commented on GitHub (Feb 17, 2017): Hello, I installed version 3.0.8 and mimekit 1.2.21. Error signed letters with the name in Russian investments, dkim Error signature continues. Message gmail: DKIM: NEUTRAL, domain null
kerem commented 2026-02-26 10:35:52 +03:00
Author
Owner
Copy link

@avoidik commented on GitHub (Feb 17, 2017):

Did you configured SPF/TXT records for your MX-domain?

17 февр. 2017 г. 5:55 пользователь "wish01" notifications@github.com
написал:

Hello, I installed version 3.0.8 and mimekit 1.2.21. Error signed letters
with the name in Russian investments, dkim Error signature continues.
Message gmail: DKIM: NEUTRAL, domain null


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/Pro/dkim-exchange/issues/113#issuecomment-280543803,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AGI0XEC3YpRz64ppBmeOrFv4H7-ntqQuks5rdRoogaJpZM4GknAO
.

<!-- gh-comment-id:280581910 --> @avoidik commented on GitHub (Feb 17, 2017): Did you configured SPF/TXT records for your MX-domain? 17 февр. 2017 г. 5:55 пользователь "wish01" <notifications@github.com> написал: > Hello, I installed version 3.0.8 and mimekit 1.2.21. Error signed letters > with the name in Russian investments, dkim Error signature continues. > Message gmail: DKIM: NEUTRAL, domain null > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <https://github.com/Pro/dkim-exchange/issues/113#issuecomment-280543803>, > or mute the thread > <https://github.com/notifications/unsubscribe-auth/AGI0XEC3YpRz64ppBmeOrFv4H7-ntqQuks5rdRoogaJpZM4GknAO> > . >
kerem commented 2026-02-26 10:35:52 +03:00
Author
Owner
Copy link

@wish01 commented on GitHub (Feb 17, 2017):

If the name of the attachment in a letter in English, the DKIM record is correct. One and the same attachment with different names in Russian not being tested on English test passes.

Content-Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet; name= "Сервера добавленные в МОМ за последние 2 месяца Qwe.xlsx"
Content-Description: "Сервера добавленные в МОМ за последние 2 меся""ца Qwe.xlsx"
Content-Disposition: attachment; filename= "Сервера добавленные в МОМ за последние 2 месяца Qwe.xlsx"; size=9302; creation-date="Fri, 17 Feb 2017 09:11:32 GMT"; modification-date="Tue, 17 Jul 2012 06:32:13 GMT"
Content-Transfer-Encoding: base64

<!-- gh-comment-id:280583843 --> @wish01 commented on GitHub (Feb 17, 2017): If the name of the attachment in a letter in English, the DKIM record is correct. One and the same attachment with different names in Russian not being tested on English test passes. Content-Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet; name= "Сервера добавленные в МОМ за последние 2 месяца Qwe.xlsx" Content-Description: "Сервера добавленные в МОМ за последние 2 меся""ца Qwe.xlsx" Content-Disposition: attachment; filename= "Сервера добавленные в МОМ за последние 2 месяца Qwe.xlsx"; size=9302; creation-date="Fri, 17 Feb 2017 09:11:32 GMT"; modification-date="Tue, 17 Jul 2012 06:32:13 GMT" Content-Transfer-Encoding: base64
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dependabot/nuget/Src/Configuration.DkimSigner/MimeKit-4.7.1
Ed25519-SHA256
feature/dkim-verify
coverity_scan
v3.4.1.2
v3.4.2
v3.4.1.1
v3.4.1
v3.4.0
v3.3.4
v3.3.3
v3.3.2
v3.3.1
v3.2.9
v3.2.8
v3.2.7
3.2.6
v3.2.5
v3.2.4
v3.2.4-alpha
v3.2.3.1
v3.2.3
v3.2.2
v3.2.0
v3.1.0
v3.0.13
v3.0.12
v3.0.11
v3.0.10
v3.0.9
v3.0.8
v3.0.7
v3.0.6
v3.0.5
v3.0.4
v3.0.3
v3.0.2
v3.0.1
v3.0.0
v3.0.0-beta.2
v3.0.0-beta
v2.1.8
v2.1.7
v2.1.6
v2.1.5
v2.1.5-beta.2
v2.1.5-beta
v2.1.4
v2.1.3
v.2.1.2
v2.1.1
v2.1.0
v2.0.3
v2.0.2
v2.0.1
v2.0.0-beta.4
v2.0.0-rc.1
v2.0.0-beta.3
v2.0.0-beta.2
v2.0.0-beta
v2.0.0-alpha.1
v2.0.0-alpha
v1.8.3
1.8.2
v1.8.1
v1.8.0
v1.7.0
v1.6.0
v1.5.2
Labels
Clear labels   
agent

   
agent

   
bug

   
bug

   
enhancement

   
gui

   
invalid

   
need-info

   
question

   
wontfix
No labels
agent
agent
bug
bug
enhancement
gui
invalid
need-info
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/dkim-exchange-Pro#91
No description provided.