search

jhermsmeier / node-dkim

DomainKeys Identified Mail
MIT License
10 stars 11 forks source link

Error: Unknown field name "darn" #19

Open BrianWalczak opened 1 month ago

BrianWalczak commented 1 month ago

When utilizing the dkim.verify() method after receiving an email that was sent by Gmail, the following error is received:

Error: Unknown field name "darn"
    at Signature.parse (/root/EmailServer/node_modules/dkim-signature/lib/signature.js:141:15)
    at Signature.parse (/root/EmailServer/node_modules/dkim-signature/lib/signature.js:87:26)
    at Object.verifySignature (/root/EmailServer/node_modules/dkim/lib/verify-signature.js:27:51)
    at verifyNextSignature (/root/EmailServer/node_modules/dkim/lib/verify.js:50:10)
    at /root/EmailServer/node_modules/dkim/lib/verify.js:53:7
    at /root/EmailServer/node_modules/dkim/lib/verify-signature.js:86:5
    at QueryReqWrap.callback (/root/EmailServer/node_modules/dkim/lib/get-key.js:80:5)
    at QueryReqWrap.onresolve [as oncomplete] (node:internal/dns/callback_resolver:47:10) {
  code: 'PERMFAIL'
}

This type of error does not occur, however, when you attempt to verify an email from Zoho Mail, Outlook, etc.

BrianWalczak commented 1 month ago

For now, a temporary solution would be to remove the darn field from the email data (in text format), and then convert it back to a Buffer.

const email = `Received: by mail-il1-f180.google.com with SMTP id...`; // Replace with your email data
const modifiedEmail = email.replace(/darn=[^;]+;/g, ''); // Replace occurrence of `darn` field
const emailBuffer = Buffer.from(modifiedEmail, 'utf-8'); // Turn email string back into Buffer

await dkim.verify(emailBuffer); // Continue as usual...
jhermsmeier commented 1 month ago

Hi Brian, yeah Google started implementing a draft spec of Replay Resistant Authenticated Receiver Chain, which adds dara and darn tags to DKIM signatures or ARC seals.

This has recently been fixed in https://github.com/jhermsmeier/node-dkim-signature/pull/3, but not incorporated into this module yet, because I found a slew of bugs when I did, and started rewriting this (and dkim-key and dkim-signature in the process).

Not too far from done now, I can put up an alpha, if you'd like to try it out? It should fix header & body canonicalization, as well as verification with multiple signatures and a bunch of other stuff, but also has quite a few breaking changes.