niftylettuce
commented
4 years ago No key for signature was another error received
Closed niftylettuce closed 4 years ago
niftylettuce
commented
4 years ago No key for signature was another error received
niftylettuce
commented
4 years ago 
jhermsmeier
commented
4 years ago https://github.com/jhermsmeier/node-dkim/blob/master/lib/process-header.js#L69-L70
That was fixed in https://github.com/jhermsmeier/node-dkim/pull/13, but the comment remained.
No key for signaturewas another error received
Did you check the DKIM key domain records? Where there keys present that this module didn't recognize? I've had this come up with older emails where the mail provider removed the records in question.
These errors came up frequently from common mail servers (e.g. Yahoo, Earthlink, Mindspring).
Body hash did not verify
Did you check if those errors where legitimate (i.e. the body hash actually didn't verify)? I've seen this countless times with forwarded messages, or messages from mailing lists where the originating mail server manipulates the message to some degree (adding >, or changing newlines, or just encoding it differently) - which I should note, Gmail failed to verify too (so this module was working as intended in those circumstances).
I think there is a bug somewhere with the crypto portion of signature verification. Very tired right now but if I can help more let me know.
That is quite the possible, and I wouldn't be surprised if there was. I'd love some help, especially since I'm not running this module in any stack atm, so don't have much interactions I can draw conclusions out of.
Of great help would be if you can find some reproducible cases where it fails when it shouldn't. Error messages alone do not help with debugging cases like these.
I attempted to use this package in https://forwardemail.net, however I continuously had reports of failures. These errors came up frequently from common mail servers (e.g. Yahoo, Earthlink, Mindspring).
Body hash did not verifyI think there is a bug somewhere with the crypto portion of signature verification. Very tired right now but if I can help more let me know.