OpenDKIM icon indicating copy to clipboard operation
OpenDKIM copied to clipboard

Published 20 hours ago verified publisher icon trusteddomainproject

Headers with leading CRLF canonicalized incorrectly

Open wttw opened this issue 6 years ago • 8 comments

If a header is wrapped immediately after the field name then it's (relaxed) canonicalized form will have a space between the field name and field value.

e.g.

List-Unsubscribe:
   =?us-ascii?q?long_meaningless_value...

will canonicalize to

list-unsubscribe: =?us-ascii?q?long_meaningless_value...

instead of

list-unsubscribe:=?us-ascii?q?long_meaningless_value...

which causes validation to fail.

The RFC says that any whitespace after the colon should be deleted.

wttw avatar Mar 22 '19 15:03 wttw

This and other bugs are fixed on the develop branch.

dilyanpalauzov avatar May 02 '19 18:05 dilyanpalauzov

FYI: The emails sent from twitter.com have this bug.

tomop-tg avatar May 19 '19 05:05 tomop-tg

Use the code from the develop branch.

dilyanpalauzov avatar May 19 '19 06:05 dilyanpalauzov

I've already used development branch.

twitter.com sends bad signature (using old OpenDKIM?). Then my MTA gets "dkim=fail". I reported this failure to twitter.com but rejected.

tomop-tg avatar May 19 '19 15:05 tomop-tg

What do you expect to happen, when you write here?

dilyanpalauzov avatar May 19 '19 16:05 dilyanpalauzov

What I would like is:

  • I hope this bugfix is released as stable early.
  • Please announce broadly to stop using the buggy version.

tomop-tg avatar May 19 '19 23:05 tomop-tg

I asked the author of the software to release a new version of OpenDKIM, where all known problems are fixed. You can write him, too.

dilyanpalauzov avatar May 20 '19 06:05 dilyanpalauzov

We obviously can't compel Twitter to fix their DKIM implementation, but I'll cut a release of this shortly in case that's the blocker.

mskucherawy avatar Jul 24 '19 18:07 mskucherawy