I was investigating a case of a broken mail message with lots of empty lines in the body. It turns out that once the number of empty lines exceeds about 32k lines, the dkim-milter-2.8.2 claims the signature is not valid, while Mail::DKIM claims the signature is still valid. To test the hypothesis, I prepared and signed (with Mail::DKIM) two messages, which differ only in the number of empty lines - one has slightly less than 32k empty lines, the other has 33000 empty lines. The signature on the shorter message validates, while the longer one fails, as can be seen by the Authentication-Results header field.
I suspect the problem lies in the canonicalization code, although I haven't investigated the details.
Attached is a tar with both test message.
Log in to post a comment.