Mailing List Archive

1 2  View All
Re: dkim=fail (body hash mismatch; body probably modified in transit) [ In reply to ]
Slavko via Exim-users wrote:

[dd]
>
> You can try to send messages to two recipients (target hosts)
> at once, then get message file from both and compare them to
> find difference.

This is actually how I started the thread, by sending one message to
two recipients at once, on FreeBSD and on Debian. I even wrote that I
had compared md5 sums of the bodies and found them identical.

> You can try to test the file from other host with
> -bh option, to see results...

Did not quite get the idea, sorry.
>
> You can install some software/tool to do DKIM verify from shell
> to see/compare result with exim's, if they differ, there will be
> something wrong, with one or other. I never used any...

I have a Thunderbird DKIM checker plugin installed and it reports
"DKIM valid" on the messages where Debian Exim's check reports a body
hash mismatch.


--
Victor Sudakov VAS4-RIPE
http://vas.tomsk.ru/
2:5005/49@fidonet

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: dkim=fail (body hash mismatch; body probably modified in transit) [ In reply to ]
Jeremy Harris via Exim-users wrote:
> On 12/12/2022 09:21, Victor Sudakov via Exim-users wrote:
> > acl_check_dkim:
> > accept add_header = :at_start:${authresults {$primary_hostname}}
>
> It's generally better to use ${authresults } in the data ACL, so that it
> can pick up other results even when the message wasn't DKIM-signed.
> Also, the DKIM ACL can get called more than once (when there are multiple
> signatures in a message) which would, with the header added here,
> give you multiple results headers -
> and can *modify* the result for a signature (yours doesn't, obviously).

So I just leave acl_check_dkim with a single "accept" and move the
"add_header" to the data ACL? Or do I omit the acl_check_dkim
altogether?


--
Victor Sudakov VAS4-RIPE
http://vas.tomsk.ru/
2:5005/49@fidonet

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

1 2  View All