nanog mailing list archives
opendkim (was: Re: Gmail (thus Nanog) rejecting ipv6 email)
From: Bjørn Mork <bjorn () mork no>
Date: Mon, 04 Apr 2022 14:58:38 +0200
"John Levine" <johnl () iecc com> writes:
It appears that Michael Thomas <mike () mtcc com> said:On 4/3/22 12:12 PM, Bjørn Mork wrote:On a slightly related subject... This DKIM failure surprised me, but at least I verified that many NANOG subscribers have mailservers returning DMARC failure reports ;-)Oh wow, you should report that to Murray.It's on Github, so you can open an issue and if you're feeling inspired a fork and a patch. There's currently 67 open issues and 15 pull requests so don't hold your breath. https://github.com/trusteddomainproject/OpenDKIM
There is absolutely nothing wrong with opendkim. Sorry for this off-topic noise. opendkim is an excellent tool, which helped me find the real problem with a simple "Diagnostics yes" in the config file. My problem was caused by bad interaction between nullmailer and sendmail. Turns that out nullmailer removes quotes around the display-name unless required, while sendmail adds quotes it consider necessary. The end-result is a Cc header looking exacly like the one I sent. Only problem is that it wasn't that header opendkim got. 1) I submitted this to nullmailer: Cc: John Levine <johnl () iecc com>, "North American Network Operators' Group" <nanog () nanog org> 2) nullmailer forwarded this to sendmail: Cc: John Levine <johnl () iecc com>, North American Network Operators' Group <nanog () nanog org> 3) opendkim signed the mail using the unquoted Cc header 4) sendmail added quotes and forwarded this: Cc: John Levine <johnl () iecc com>, "North American Network Operators' Group" <nanog () nanog org> 5) validation failed since the header signature was based on the unquoted version. The header modifications in transit is the real bug. IMHO neither nullmailer nor sendmail should change the Cc header here. They should rather reject the mail if they don't like the headers. But I can't see any reasons for that. Both the quoted and the unquoted versions are fine according to my understanding of RFC5322. Any hints on how to configure sendmail to avoid this are appreciated. I can always patch nullmailer. But the same problem can be triggerd by any client submitting an unquoted display-name with an apostrophe to sendmail. Possibly also other characters which are allowed in an atom. I do understand why most people just go with gmail... Bjørn
Current thread:
- Re: Gmail (thus Nanog) rejecting ipv6 email, (continued)
- Re: Gmail (thus Nanog) rejecting ipv6 email Niels Bakker (Apr 02)
- Re: [nanog] Re: Gmail (thus Nanog) rejecting ipv6 email Dan Mahoney (Gushi) (Apr 02)
- Re: Gmail (thus Nanog) rejecting ipv6 email from poorly configured senders John Levine (Apr 02)
- Re: Gmail (thus Nanog) rejecting ipv6 email Bjørn Mork (Apr 03)
- Re: Gmail (thus Nanog) rejecting ipv6 email John Levine (Apr 03)
- Re: Gmail (thus Nanog) rejecting ipv6 email Randy Bush (Apr 03)
- Re: Gmail (thus Nanog) rejecting ipv6 email Bjørn Mork (Apr 03)
- Re: Gmail (thus Nanog) rejecting ipv6 email Bjørn Mork (Apr 03)
- Re: Gmail (thus Nanog) rejecting ipv6 email Michael Thomas (Apr 03)
- Re: Gmail (thus Nanog) rejecting ipv6 email John Levine (Apr 03)
- opendkim (was: Re: Gmail (thus Nanog) rejecting ipv6 email) Bjørn Mork (Apr 04)
- Re: opendkim Bjørn Mork (Apr 04)
- Re: [nanog] opendkim (was: Re: Gmail (thus Nanog) rejecting ipv6 email) Dan Mahoney (Gushi) (Apr 04)
- Re: Gmail (thus Nanog) rejecting ipv6 email John Levine (Apr 03)
- Re: Gmail (thus Nanog) rejecting ipv6 email Niels Bakker (Apr 02)
- Re: Gmail (thus Nanog) rejecting ipv6 email nanog (Apr 03)
- Re: Gmail (thus Nanog) rejecting ipv6 email Andy Ringsmuth (Apr 03)
- Re: Gmail (thus Nanog) rejecting ipv6 email Andy Smith (Apr 04)
- Re: Gmail (thus Nanog) rejecting ipv6 email Andy Ringsmuth (Apr 04)
- Re: Gmail (thus Nanog) rejecting ipv6 email Robert Kisteleki (Apr 04)