Menu
▾
▴
4 Attachments
#137 Chokes on OpenDKIM `Authentication-Results` headers
OpenDKIM can produce inconsistent Authentication-Results headers in the header.b field. When there are two preceeding DKIM-Signature headers OpenDKIM will copy only the first 8 bytes of the header.b in Authentication-Results if the DKIM-Signature headers differ but will copy the entire 174 bytes if they are the same. Note, that the DKIM-Signature headers can differ when the time changes. For example:
Authentication-Results: cauldrondevelopment.com;
dkim=pass (1024-bit key) header.d=cauldrondevelopment.com header.i=@cauldrondevelopment.com header.b=Zcq7EP68;
dkim=pass (1024-bit key) header.d=cauldrondevelopment.com header.i=@cauldrondevelopment.com header.b=M5Gfb4ll
vs.
Authentication-Results: cauldrondevelopment.com;
dkim=pass (1024-bit key) header.d=cauldrondevelopment.com header.i=@cauldrondevelopment.com header.b=qJVneN34hw2tMOy6++jymzgWxLStNSFp5jsZq6CX5JRYQL9H2nCxmAPwUa/tN2nK2NdaWbfnzlYYLJ6Mrdg3iDvBPmyY6b6IimgPnNnyrB9l1UFZX05xlJJvHPBOx0PFMgkUhMY8zADwTZY1nEXqCs2foIKhlfQF2DBFEOlPIAE=;
dkim=pass (1024-bit key) header.d=cauldrondevelopment.com header.i=@cauldrondevelopment.com header.b=qJVneN34hw2tMOy6++jymzgWxLStNSFp5jsZq6CX5JRYQL9H2nCxmAPwUa/tN2nK2NdaWbfnzlYYLJ6Mrdg3iDvBPmyY6b6IimgPnNnyrB9l1UFZX05xlJJvHPBOx0PFMgkUhMY8zADwTZY1nEXqCs2foIKhlfQF2DBFEOlPIAE=
I'm not sure if the spec allows either format but OpenDMARC chokes on the longer headers. I tested this with OpenDMARC versions 1.3.0 and 1.3.1.
The attached files show complete mail headers for both OpenDKIM versions 2.9.2 and 2.10.3.
Will review this after 1.3.2 ships.
It looks like the Authentication-Results code in 1.3.2 fails to parse both the long and short forms. It can't handle two differnet results in the same header field.
What's confusing it is the "=" that appears (quite legally) in the header at the end of a "header.b" tag.
Fixed for 1.4.0.