search

emersion / go-msgauth

🔏 A Go library and tools for DKIM, DMARC and Authentication-Results
MIT License
162 stars 51 forks source link

DKIM failing for few content #36

Closed err-him closed 3 years ago

err-him commented 3 years ago

Hi, I am using go-msgauth for DKIM signing, great work congratulations !!! I have problems with DKIM Signature in Gmail for a few email contents, for these content DKIM signature keep getting failed.

for an example :

ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sendinblue.com header.s=mail header.b=T6i602+P;
       spf=softfail (google.com: domain of transitioning bounces-q8f58wqygj-himanshu.gupta=sendinblue.com@af.d.mailin.fr does not designate 35.205.54.170 as permitted sender) smtp.mailfrom="bounces-q8f58wqygj-himanshu.gupta=sendinblue.com@af.d.mailin.fr";
       dmarc=fail (p=QUARANTINE sp=REJECT dis=QUARANTINE) header.from=sendinblue.com
Return-Path: <bounces-q8f58wqygj-himanshu.gupta=sendinblue.com@af.d.mailin.fr>
Received: from af.d.mailin.fr (170.54.205.35.bc.googleusercontent.com. [35.205.54.170])
        by mx.google.com with ESMTPS id s9si2177413wrw.217.2020.11.04.06.51.40
        for <himanshu.gupta@sendinblue.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 04 Nov 2020 06:51:40 -0800 (PST)
Received-SPF: softfail (google.com: domain of transitioning bounces-q8f58wqygj-himanshu.gupta=sendinblue.com@af.d.mailin.fr does not designate 35.205.54.170 as permitted sender) client-ip=35.205.54.170;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sendinblue.com header.s=mail header.b=T6i602+P;
       spf=softfail (google.com: domain of transitioning bounces-q8f58wqygj-himanshu.gupta=sendinblue.com@af.d.mailin.fr does not designate 35.205.54.170 as permitted sender) smtp.mailfrom="bounces-q8f58wqygj-himanshu.gupta=sendinblue.com@af.d.mailin.fr";
       dmarc=fail (p=QUARANTINE sp=REJECT dis=QUARANTINE) header.from=sendinblue.com
DKIM-Signature: a=rsa-sha256; bh=tsJuZ3BBjTNiYd1Pko8h9O45UrrLuZSBfAKIytHhm2o=; c=relaxed/relaxed; d=sendinblue.com; h=to:cc:from:reply-to:subject:date:mime-version:content-type:list-id:list-unsubscribe:x-csa-complaints:list-unsubscribe-post:message-id:sender:x-sib-id:x-mailin-client:x-mailin-campaign:feedback-id; q=dns/txt; s=mail; t=1604501499; v=1; b=T6i602+P7mdrFC4aPd9dKM/58FXn60O9mj6x+7LdlvBQrUQIrPUOL4yjhtkn7fUAqxvs30Vt DihM3qpitLU+zh8aMOQQT/WNoThsxwJC/QRzWxdilJxVKj6Sni6ekbrbWhzsPTD02sSZgaLq9Cg xydC4YDTgmYjGTxh43Qu1Na8=

complete headers are: 

DKIM-Signature: a=rsa-sha256; bh=tsJuZ3BBjTNiYd1Pko8h9O45UrrLuZSBfAKIytHhm2o=; c=relaxed/relaxed; d=sendinblue.com; h=to:cc:from:reply-to:subject:date:mime-version:content-type:list-id:list-unsubscribe:x-csa-complaints:list-unsubscribe-post:message-id:sender:x-sib-id:x-mailin-client:x-mailin-campaign:feedback-id; q=dns/txt; s=mail; t=1604501499; v=1; b=T6i602+P7mdrFC4aPd9dKM/58FXn60O9mj6x+7LdlvBQrUQIrPUOL4yjhtkn7fUAqxvs30Vt DihM3qpitLU+zh8aMOQQT/WNoThsxwJC/QRzWxdilJxVKj6Sni6ekbrbWhzsPTD02sSZgaLq9Cg xydC4YDTgmYjGTxh43Qu1Na8=
To: <himanshu.gupta@sendinblue.com>
Subject: TEST - TOKEN
Content-Type: multipart/related; boundary="-------?=_15190-7781879174214"
Date: Wed, 04 Nov 2020 14:51:39 +0000
Feedback-ID: 185.41.28.6:2039507_20:2039507:Sendinblue
From: SendInBlue <himanshu.gupta+222@sendinblue.com>
List-Id: MjAzOTUwNy05LTA= <MjAzOTUwNy05LTA=.list-id.mailin.fr>
List-Unsubscribe: <mailto:unsubscribe@af.d.mailin.fr?subject=unsub-q8f58wqygj&body=q8f58wqygj>,<https://r-auto-staging.51b.tech:4443/mk/un/li/OzndvdDOLEokf1e4v6_EcvlIfdLOPM7UEIkT8y2Qz1Is0lAlpXwDqIP4tUB8nJm_TLLR2QXxcNP05U-aEMZIHTue_kleNlwVhy9c8oKzw4WJUqThT71cCUtifsq_iXF-fnktEkUy1Jnj4si5kohK6zOUzxyJTTgZ>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
MIME-Version: 1.0
Message-Id: <202004111451.q8f58wqygj@af.d.mailin.fr>
Precedence: bulk
Reply-To: himanshu.gupta+222@sendinblue.com
X-Mailer: Sendinblue
X-Mailin-Campaign: 20
X-Mailin-Client: 2039507
X-sib-id: _YOHDLQjhQ2BrGXt57vL3A4UFIAMU8R9CSPxtOoJn865p0B2RADz3R3oIYC5c-YWGG_JPVf9N917KoSGd0PbI1Ol45-lALTkOTh5YmjUucT_Gtn8cUX4s4agq_KPIXaJ4EJFvkFYcGSeVYfdVuoxxrtVwP6VotoAoN0XhflPUB2FDQ

PS: DKIM is not failing for every email and for every domain. for few contents it keeps failing Any Idea? Thanks

emersion commented 3 years ago

Can you try to compare emails which fail and emails which don't? Kind of hard to tell what's up without full email bodies.

mschneider82 commented 3 years ago

sorry i havnt read the issue fully, i see that this issue is about signing, i had issues with verify. my fix is only to fix the verify issue, what happend sometimes when gmail sends mails with attachments. i have created #38 and copyed my research about my issue

foxcpp commented 3 years ago

Since body hash computation is used in both signing and verification, it is probably a good idea to keep that as one issue affecting both verify & signing.

mschneider82 commented 3 years ago

@foxcpp so the relaxedCanonicalizer is also used for signing? I havnt checked this, but my fix works for my examples. If you have an better approach to fix this issue I can test it

emersion commented 3 years ago

Can you try master now that https://github.com/emersion/go-msgauth/pull/39 has been merged?

err-him commented 3 years ago

Yes it does fix the issue, I implemented the custom solution but seems it does better now.Thanks