body has been altered failure on DKIM validation

3
votes

I'm using PHPMailer to send mails and like to append a DKIM-signature to mails. I had problems before I applied this patch. Now I'm able to send a successfull signed message to isnotspam.com.

I have successfully signed a message with less than 1500 characters in the body. If increase the character count (even with simple a's) The signature fails.

I've correctly set up a TXT domain record.

I guess it's because of the email's body cause if I use this service I always get a "wrong body hash" error.

Signature in the email header looks like this one:

DKIM-Signature: v=1; a=rsa-sha1; q=dns/txt; l=641; s=mymail;
    t=1354285494; c=relaxed/simple;
    h=From:To:Subject;
    d=revaxarts.com;
    z=From:=20"WP=203.4"=20<[email protected]>
    |To:[email protected]
    |Subject:=20DKIM=20Test;
    bh=Sx1Rj3c65v2Hk0fmg2j5XNIDi14=;
    b=n4OGAwl3i[...]AOkfUglp6iiYZ6B2M3ZKlGW5gDfE=
2
phpmailerdkim

2 Answers

4
votes

I had the same problem here with a Perl script and wrong body hash.

I used \n for newline (example end of header line). But you have to use \r\n. This solved it for me!

EDIT: Thanks to ArtemGr for the comment and url to the following information (copied from http://permalink.gmane.org/gmane.mail.postfix.user/223780 to prevent link rot):

A likely cause of breakage is that the sending application generates email that is incompatible with RFC 5322 or RFC 5321 in some respect.

  • Lines longer than 990.

    The Postfix SMTP client keeps the line length below the SMTP protocol limit of 1000 bytes including . Since this change happens after signing, it will definitely break DKIM signatures.

    To avoid long-line curruption problems send mail in quoted-printable or base64 encoding, with lines of at most 80 characters long.

  • Malformed line endings.

    SMTP requires line endings, and does not allow or characters in any other context.

    The Postfix sendmail commands expects UNIX-style <LF> [line-feed] line endings. It will also accept lines ending in <CR><LF> [carriage-return line-feed] but you can't use mixed line ending styles in the same message.

And so on. If you want to ensure that DKIM signatures survive, you need to send email that is within the protocol specs of RFC 5322 or RFC 5321;

0
votes

My case was unicode apostrophe and hypen chars. After replacing them with ascii ones, the DKIM validation is passed.