Closed titanism closed 7 months ago
Please provide a reproducible test case, as there is nothing to do based on this information alone. Re-open once you have the test case.
@andris9 can you re-open this? It seems like there's an edge case where if you sign a message with nodemailer/lib/dkim
vs mailauth
it doesn't calculate/verify body hash properly:
test.eml
(only one of these two DKIM signatures should be valid; but it returns the errorbody hash did not verify
and afail
when body hashes matched up)
Received: from 10.197.37.73
by atlas207.free.mail.bf1.yahoo.com pod-id NONE with HTTPS; Sun, 4 Aug 2024 18:30:10 +0000
Return-Path: <SRS0=3b86=PE=forwardemail.net=support@forwardemail.net>
X-Originating-Ip: [104.248.224.170]
Received-SPF: pass (domain of forwardemail.net designates 104.248.224.170 as permitted sender)
Authentication-Results: atlas207.free.mail.bf1.yahoo.com;
dkim=pass header.i=@forwardemail.net header.s=default;
dkim=perm_fail header.i=@forwardemail.net header.s=default;
spf=pass smtp.mailfrom=forwardemail.net;
dmarc=pass(p=REJECT) header.from=forwardemail.net;
X-Apparently-To: ttitesting123@yahoo.com; Sun, 4 Aug 2024 18:30:10 +0000
X-YMailISG: JHsPaNgWLDtzZ0zQsPshI9f2w79JA5cvgIeFH6b2R65OrMV5
W_bisorTIMEfq8EeQnHr1UrGkGMbH9w81T0ekzripNzoSSqpk21O9Su6HPez
Qgn9ZKMRONom2QnPMT2yZ_2Gsq0oz37cA8UbgsqjFU8U27M.wYXa15HGk2DQ
EeyNMqcqhpKBCbqfcs4JdAf6XBp7Roxr.S.v3E5p8JpyplpqvzLpVB5eenuZ
ONYmRKdz_jMIrRwV6OE7HPbdFFYe2SIV4y7O8ALx5JfYLoQetnA3Avu8SIuw
p.LshCc9Fi_LTBfK75HFH8VJ3YX3WaIu46bdsV0DGP5kyOOA9g0dHRaBRHDQ
5Oe72He6PLr.HmHnf2GvsCv11uMkhboev_bzXjHAvijuhdYXPXc_ikj3iSt9
mb1qqQanvASr4sUUWt63C81b6o1Hxln2a.R.dd20sO.SHZoqEew.p9NlEkWv
bbNWq.gbIxbaSbz.AB2q89T2Qwnt8HXMVJCg8OcI_z.4Myh1YDvV57V4P6sb
eQvgvWnBrXedj0GEWW4vfVBH2C4RyP1DEwtp8pvfw7NNfSSaDHA5ZwvcqfpQ
BU__9YTrZUyp18z69n87kvq12I5878uBGYU_tMCso4RCMQTnOXgRRKptrYX.
I1SWTt5Ul0cGQaItB1jxykNkhmGCXdi9_A9E0QTscyD.j5_juYfS.VzG6PZg
XnPk5iDJsRe905MiCfVp1AqIiIVa2ai0_kkdVf1WNLJqKq.x3U35O6gbpqoi
cTrcNmAwft00CDNJPhz_Qbq6xC8GSidvFMilRTefhw2RZjszEtdGP.9_Pq5N
cjMdirzlI8Es2Vy5tRZCmCYhIeOsXyg3aKNWhV9SvrmdDUJGFyl3XFFU6_P7
C2RyKbkmNd6ew4XOzaRgpvzCRYWk7DCfu0uC.l.UBaOTlEX12UKgWxV9Kble
GviBf8Pu.OJLvlDPVxiIo7f_rWpoD5XxJFnpQ6VXezE1PVQBx_En3iYtd4w7
fcCKzFqu8wv2wkIRXMli.0.tqhF45fSahcUJvwm_B1pzfVAs7Mc7faxkxDNU
CllVTm4D6bSWdnO.VySErPBHJQnJVtOm3y3t91wn3sxGkjctOs3W1wE1xPai
XCRda.XTaLfR52hU_gAs.ImveMAl.jtAJWtR97hIjlhZDdZdFvDQBw3HsLfm
WTQHTwD6SwXL2Y9rZG3SpUEceyO7bk3k69txqI76Nn5zn86Omid8laaEvA--
Received: from 104.248.224.170 (EHLO mx2.forwardemail.net)
by 10.197.37.73 with SMTPs
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256);
Sun, 04 Aug 2024 18:30:10 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=forwardemail.net;
q=dns/txt; s=default; bh=vjiH3PIaJqQud3HC0mcP+080MHOASXm0bsV7goQvazM=;
h=from:reply-to:subject:date:message-id:to:mime-version:content-type:content-transfer-encoding;
b=X2p04rI1TMa6KBNm38qxEDkVcOFfxKwDwu8TReqX2eOdGaFN2ciWg0eTzPfNWE1n7Nff7SaZB
5bg1PFgWKfxCyhdXkaVjORwPenxhWeKG8Ugr85yX0hTUo/xVruIK6SESaikC+jFkW1RlvHjfvbx
npvKpkDoC4ej5/Iuk2JPm+I=
ARC-Seal: a=rsa-sha256; t=1722796209; cv=none; d=forwardemail.net;
s=default;
b=bc8AW4q7fjAG67HZSH4i20lbhn/K//1vJ606GKH1qu33x9yMB8Bt78xjBReBP4/49ftUAwrcj
83Tb/xLMbmev82U40aGRpT39zAR3HBwHYcSAJjjuQLpEfAt1oar3UB1Mfii69JYYmM+wAP/okfk
lKgKSj70T56qmHTBFwm0kaU=
ARC-Message-Signature: a=rsa-sha256; c=relaxed/relaxed; d=forwardemail.net;
h=Content-Transfer-Encoding: Content-Type: Subject: Message-ID: From: To:
MIME-Version: Date: Reply-To; q=dns/txt; s=default; t=1722796209;
bh=vjiH3PIaJqQud3HC0mcP+080MHOASXm0bsV7goQvazM=;
b=LAmTrUAEq4CIZFN3VNyeCnhlLbXXoOHCtP+HNRMbPUmi1r3gVPBGSaYvCfWWledc3RSOGg65A
VjUB8JFEDM1UMnP6in1Y88Psykt7J8uhE/CI4wWifvPgmf40m40pl6lhXtYgQ01djAv26mgka8Q
Ej4THoh1oshq9f3c45v7fTM=
ARC-Authentication-Results: i=undefined; mx2.forwardemail.net;
dkim=neutral (body hash did not verify) header.i=@forwardemail.net header.s=default header.a=rsa-sha256 header.b="C/TeYDU7";
spf=pass (mx2.forwardemail.net: domain of support@forwardemail.net designates 164.92.70.200 as permitted sender) smtp.mailfrom=support@forwardemail.net
smtp.helo=smtp.forwardemail.net;
dmarc=pass (p=REJECT arc=none) header.from=forwardemail.net header.d=forwardemail.net;
bimi=none
Reply-To: support@forwardemail.net
X-Original-From: support@forwardemail.net
Received: from smtp.forwardemail.net ([164.92.70.200]
smtp.forwardemail.net) by mx2.forwardemail.net (Forward Email) with ESMTPS
for <tti-y@forwardemail.net> (version=TLSv1.3
cipher=TLS_AES_256_GCM_SHA384); Sun, 04 Aug 2024 18:30:01 +0000
X-Original-To: tti-y@forwardemail.net
X-Complaints-To: abuse@forwardemail.net
X-Report-Abuse-To: abuse@forwardemail.net
X-Report-Abuse: abuse@forwardemail.net
X-ForwardEmail-Sender: rfc822; support@forwardemail.net,
smtp.forwardemail.net, 164.92.70.200
X-ForwardEmail-Version: 10.0.0-alpha
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=forwardemail.net;
q=dns/txt; s=default; bh=92SgvpXJy6ZDP2l5o0xVEd1mmiSTS2pcMDqaWyi8img=;
h=from:subject:date:message-id:to:mime-version:content-type:content-transfer-encoding;
b=C/TeYDU7xNpZnhHhKu2Yq5g6nrFZYco7AIO5RHrRvmnS7zOMZ7XQtaZbWfMtRiAIy5Uj+pJIP
DaX4Y6eohsZjS52X4p4aipLfA8mSQsNjBCCx1yNR1Ds17Yz0K6SnsWQTX9nT4fYPuk7GEOlSpit
H2/Jnbbq6ETlY1E9MZtsHIo=
Date: Sun, 04 Aug 2024 18:30:00 +0000
MIME-Version: 1.0
Content-Language: en-US
To: tti-y@forwardemail.net
From: "support@forwardemail.net" <no-reply@forwardemail.net>
Message-ID: <me676703ie@forwardemail.net>
Subject: Forward: 🇨🇷 Re-engineered upward-trending standardization
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Length: 260
Hi there,
Ea aut aut sit. Incidunt ut quisquam laborum molestiae temporibus aut quam non. Voluptatibus quia laudantium et et quis quae voluptas accusantium. Doloremque in ab. Illo alias aut.
--
Thank you,
Forward Email
"Persevering encompassing middleware"
❯ mailauth report test.eml
{
"dkim": {
"headerFrom": [
"no-reply@forwardemail.net"
],
"envelopeFrom": "SRS0=3b86=PE=forwardemail.net=support@forwardemail.net",
"results": [
{
"signingDomain": "forwardemail.net",
"selector": "default",
"signature": "X2p04rI1TMa6KBNm38qxEDkVcOFfxKwDwu8TReqX2eOdGaFN2ciWg0eTzPfNWE1n7Nff7SaZB5bg1PFgWKfxCyhdXkaVjORwPenxhWeKG8Ugr85yX0hTUo/xVruIK6SESaikC+jFkW1RlvHjfvbxnpvKpkDoC4ej5/Iuk2JPm+I=",
"algo": "rsa-sha256",
"format": "relaxed/relaxed",
"bodyHash": "vjiH3PIaJqQud3HC0mcP+080MHOASXm0bsV7goQvazM=",
"bodyHashExpecting": "vjiH3PIaJqQud3HC0mcP+080MHOASXm0bsV7goQvazM=",
"signingHeaders": {
"keys": "From: Reply-To: Subject: Date: Message-ID: To: MIME-Version: Content-Type: Content-Transfer-Encoding",
"headers": [
"From: \"support@forwardemail.net\" <no-reply@forwardemail.net>",
"Reply-To: support@forwardemail.net",
"Subject: Forward: 🇨🇷 Re-engineered upward-trending standardization",
"Date: Sun, 04 Aug 2024 18:30:00 +0000",
"Message-ID: <me676703ie@forwardemail.net>",
"To: tti-y@forwardemail.net",
"MIME-Version: 1.0",
"Content-Type: text/plain; charset=UTF-8; format=flowed",
"Content-Transfer-Encoding: 7bit"
]
},
"status": {
"result": "fail",
"header": {
"i": "@forwardemail.net",
"s": "default",
"a": "rsa-sha256",
"b": "X2p04rI1"
},
"aligned": "forwardemail.net"
},
"canonBodyLength": 269,
"publicKey": "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCojharU7eJW+eaLulQygsc/AHx\n2A0gyLnSU2fPGs8mI3Fhs3EVIIRP01euHg+IljMmXz9YtU+XMfZuYdSCa9NY16Xj\noIgub2+lkeiHHNpURIpwQJSeHxviMOfMAZ5/xSTDDoaYY2vcKytheZeLAVK2V1Su\nTdTp+C6B9E6AUSu1TwIDAQAB\n-----END PUBLIC KEY-----",
"modulusLength": 1024,
"rr": "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCojharU7eJW+eaLulQygsc/AHx2A0gyLnSU2fPGs8mI3Fhs3EVIIRP01euHg+IljMmXz9YtU+XMfZuYdSCa9NY16XjoIgub2+lkeiHHNpURIpwQJSeHxviMOfMAZ5/xSTDDoaYY2vcKytheZeLAVK2V1SuTdTp+C6B9E6AUSu1TwIDAQAB",
"info": "dkim=fail header.i=@forwardemail.net header.s=default header.a=rsa-sha256 header.b=X2p04rI1"
},
{
"signingDomain": "forwardemail.net",
"selector": "default",
"signature": "C/TeYDU7xNpZnhHhKu2Yq5g6nrFZYco7AIO5RHrRvmnS7zOMZ7XQtaZbWfMtRiAIy5Uj+pJIPDaX4Y6eohsZjS52X4p4aipLfA8mSQsNjBCCx1yNR1Ds17Yz0K6SnsWQTX9nT4fYPuk7GEOlSpitH2/Jnbbq6ETlY1E9MZtsHIo=",
"algo": "rsa-sha256",
"format": "relaxed/relaxed",
"bodyHash": "vjiH3PIaJqQud3HC0mcP+080MHOASXm0bsV7goQvazM=",
"bodyHashExpecting": "92SgvpXJy6ZDP2l5o0xVEd1mmiSTS2pcMDqaWyi8img=",
"signingHeaders": {
"keys": "From: Subject: Date: Message-ID: To: MIME-Version: Content-Type: Content-Transfer-Encoding",
"headers": [
"From: \"support@forwardemail.net\" <no-reply@forwardemail.net>",
"Subject: Forward: 🇨🇷 Re-engineered upward-trending standardization",
"Date: Sun, 04 Aug 2024 18:30:00 +0000",
"Message-ID: <me676703ie@forwardemail.net>",
"To: tti-y@forwardemail.net",
"MIME-Version: 1.0",
"Content-Type: text/plain; charset=UTF-8; format=flowed",
"Content-Transfer-Encoding: 7bit"
]
},
"status": {
"result": "neutral",
"comment": "body hash did not verify",
"header": {
"i": "@forwardemail.net",
"s": "default",
"a": "rsa-sha256",
"b": "C/TeYDU7"
},
"aligned": "forwardemail.net"
},
"canonBodyLength": 269,
"info": "dkim=neutral (body hash did not verify) header.i=@forwardemail.net header.s=default header.a=rsa-sha256 header.b=\"C/TeYDU7\""
}
]
},
"spf": {
"domain": "forwardemail.net",
"helo": "[10.197.37.73]",
"envelope-from": "SRS0=3b86=PE=forwardemail.net=support@forwardemail.net",
"status": {
"result": "neutral",
"comment": "oem.local: undefined is neither permitted nor denied by domain of SRS0=3b86=PE=forwardemail.net=support@forwardemail.net",
"smtp": {
"mailfrom": "SRS0=3b86=PE=forwardemail.net=support@forwardemail.net",
"helo": "[10.197.37.73]"
}
},
"header": "Received-SPF: neutral (oem.local: undefined is neither permitted nor denied by domain of SRS0=3b86=PE=forwardemail.net=support@forwardemail.net)\r\n client-ip=undefined;",
"info": "spf=neutral (oem.local: undefined is neither permitted nor denied by domain of SRS0=3b86=PE=forwardemail.net=support@forwardemail.net) smtp.mailfrom=\"SRS0=3b86=PE=forwardemail.net=support@forwardemail.net\" smtp.helo=\"[10.197.37.73]\""
},
"dmarc": {
"status": {
"result": "fail",
"comment": "p=REJECT arc=none",
"header": {
"from": "forwardemail.net",
"d": "forwardemail.net"
}
},
"domain": "forwardemail.net",
"policy": "reject",
"p": "reject",
"sp": "reject",
"pct": 100,
"rr": "v=DMARC1; p=reject; pct=100; rua=mailto:dmarc-646d8d480dd3cc2c671633e2@forwardemail.net;",
"alignment": {
"spf": {
"result": false,
"strict": false
},
"dkim": {
"result": false,
"strict": false
}
},
"info": "dmarc=fail (p=REJECT arc=none) header.from=forwardemail.net header.d=forwardemail.net"
},
"arc": {
"status": {
"result": "none"
},
"i": 0,
"authResults": "oem.local;\r\n dkim=fail header.i=@forwardemail.net header.s=default header.a=rsa-sha256 header.b=X2p04rI1;\r\n dkim=neutral (body hash did not verify) header.i=@forwardemail.net header.s=default header.a=rsa-sha256 header.b=\"C/TeYDU7\";\r\n spf=neutral (oem.local: undefined is neither permitted nor denied by domain of SRS0=3b86=PE=forwardemail.net=support@forwardemail.net)\r\n smtp.mailfrom=\"SRS0=3b86=PE=forwardemail.net=support@forwardemail.net\" smtp.helo=\"[10.197.37.73]\";\r\n dmarc=fail (p=REJECT arc=none) header.from=forwardemail.net header.d=forwardemail.net;\r\n bimi=skipped (message failed DMARC)"
},
"bimi": {
"status": {
"header": {},
"result": "skipped",
"comment": "message failed DMARC"
},
"info": "bimi=skipped (message failed DMARC)"
},
"receivedChain": [
{
"from": {
"value": "10.197.37.73"
},
"by": {
"value": "atlas207.free.mail.bf1.yahoo.com pod-id NONE"
},
"with": {
"value": "HTTPS"
},
"timestamp": "Sun, 4 Aug 2024 18:30:10 +0000",
"full": "Received: from 10.197.37.73 by atlas207.free.mail.bf1.yahoo.com pod-id NONE with HTTPS; Sun, 4 Aug 2024 18:30:10 +0000"
},
{
"from": {
"value": "104.248.224.170",
"comment": "EHLO mx2.forwardemail.net"
},
"by": {
"value": "10.197.37.73"
},
"tls": {
"value": "",
"comment": "version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256"
},
"with": {
"value": "SMTPs"
},
"timestamp": "Sun, 04 Aug 2024 18:30:10 +0000",
"full": "Received: from 104.248.224.170 (EHLO mx2.forwardemail.net) by 10.197.37.73 with SMTPs (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256); Sun, 04 Aug 2024 18:30:10 +0000"
},
{
"from": {
"value": "smtp.forwardemail.net",
"comment": "[164.92.70.200] smtp.forwardemail.net"
},
"by": {
"value": "mx2.forwardemail.net",
"comment": "Forward Email"
},
"with": {
"value": "ESMTPS"
},
"tls": {
"value": "",
"comment": "version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384"
},
"for": {
"value": "<tti-y@forwardemail.net>"
},
"timestamp": "Sun, 04 Aug 2024 18:30:01 +0000",
"full": "Received: from smtp.forwardemail.net ([164.92.70.200] smtp.forwardemail.net) by mx2.forwardemail.net (Forward Email) with ESMTPS for <tti-y@forwardemail.net> (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384); Sun, 04 Aug 2024 18:30:01 +0000"
}
],
"headers": "Received-SPF: neutral (oem.local: undefined is neither permitted nor denied by domain of SRS0=3b86=PE=forwardemail.net=support@forwardemail.net)\r\n client-ip=undefined;\r\nAuthentication-Results: oem.local;\r\n dkim=fail header.i=@forwardemail.net header.s=default header.a=rsa-sha256 header.b=X2p04rI1;\r\n dkim=neutral (body hash did not verify) header.i=@forwardemail.net header.s=default header.a=rsa-sha256 header.b=\"C/TeYDU7\";\r\n spf=neutral (oem.local: undefined is neither permitted nor denied by domain of SRS0=3b86=PE=forwardemail.net=support@forwardemail.net)\r\n smtp.mailfrom=\"SRS0=3b86=PE=forwardemail.net=support@forwardemail.net\" smtp.helo=\"[10.197.37.73]\";\r\n dmarc=fail (p=REJECT arc=none) header.from=forwardemail.net header.d=forwardemail.net;\r\n bimi=skipped (message failed DMARC)\r\n"
}
I think the culprit may be that dkim.sign
in Nodemailer is not properly signing the message. I could be wrong. Still investigating.
I've updated to latest mailauth
CLI and here's the latest:
{
"dkim": {
"headerFrom": [
"no-reply@forwardemail.net"
],
"envelopeFrom": "SRS0=3b86=PE=forwardemail.net=support@forwardemail.net",
"results": [
{
"id": "c501ddf4c549c694258fe4f92de53a933a49b4eed7b4e9438bc66ec6592f0aec",
"signingDomain": "forwardemail.net",
"selector": "default",
"signature": "X2p04rI1TMa6KBNm38qxEDkVcOFfxKwDwu8TReqX2eOdGaFN2ciWg0eTzPfNWE1n7Nff7SaZB5bg1PFgWKfxCyhdXkaVjORwPenxhWeKG8Ugr85yX0hTUo/xVruIK6SESaikC+jFkW1RlvHjfvbxnpvKpkDoC4ej5/Iuk2JPm+I=",
"algo": "rsa-sha256",
"format": "relaxed/relaxed",
"bodyHash": "vjiH3PIaJqQud3HC0mcP+080MHOASXm0bsV7goQvazM=",
"bodyHashExpecting": "vjiH3PIaJqQud3HC0mcP+080MHOASXm0bsV7goQvazM=",
"signingHeaders": {
"keys": "From: Reply-To: Subject: Date: Message-ID: To: MIME-Version: Content-Type: Content-Transfer-Encoding",
"headers": [
"From: \"support@forwardemail.net\" <no-reply@forwardemail.net>",
"Reply-To: support@forwardemail.net",
"Subject: Forward: 🇨🇷 Re-engineered upward-trending standardization",
"Date: Sun, 04 Aug 2024 18:30:00 +0000",
"Message-ID: <me676703ie@forwardemail.net>",
"To: tti-y@forwardemail.net",
"MIME-Version: 1.0",
"Content-Type: text/plain; charset=UTF-8; format=flowed",
"Content-Transfer-Encoding: 7bit"
],
"canonicalizedHeader": "ZnJvbToic3VwcG9ydEBmb3J3YXJkZW1haWwubmV0IiA8bm8tcmVwbHlAZm9yd2FyZGVtYWlsLm5ldD4NCnJlcGx5LXRvOnN1cHBvcnRAZm9yd2FyZGVtYWlsLm5ldA0Kc3ViamVjdDpGb3J3YXJkOiDDsMW44oChwqjDsMW44oChwrcgUmUtZW5naW5lZXJlZCB1cHdhcmQtdHJlbmRpbmcgc3RhbmRhcmRpemF0aW9uDQpkYXRlOlN1biwgMDQgQXVnIDIwMjQgMTg6MzA6MDAgKzAwMDANCm1lc3NhZ2UtaWQ6PG1lNjc2NzAzaWVAZm9yd2FyZGVtYWlsLm5ldD4NCnRvOnR0aS15QGZvcndhcmRlbWFpbC5uZXQNCm1pbWUtdmVyc2lvbjoxLjANCmNvbnRlbnQtdHlwZTp0ZXh0L3BsYWluOyBjaGFyc2V0PVVURi04OyBmb3JtYXQ9Zmxvd2VkDQpjb250ZW50LXRyYW5zZmVyLWVuY29kaW5nOjdiaXQNCmRraW0tc2lnbmF0dXJlOnY9MTsgYT1yc2Etc2hhMjU2OyBjPXJlbGF4ZWQvcmVsYXhlZDsgZD1mb3J3YXJkZW1haWwubmV0OyBxPWRucy90eHQ7IHM9ZGVmYXVsdDsgYmg9dmppSDNQSWFKcVF1ZDNIQzBtY1ArMDgwTUhPQVNYbTBic1Y3Z29RdmF6TT07IGg9ZnJvbTpyZXBseS10bzpzdWJqZWN0OmRhdGU6bWVzc2FnZS1pZDp0bzptaW1lLXZlcnNpb246Y29udGVudC10eXBlOmNvbnRlbnQtdHJhbnNmZXItZW5jb2Rpbmc7IGI9"
},
"status": {
"result": "fail",
"comment": "bad signature",
"header": {
"i": "@forwardemail.net",
"s": "default",
"a": "rsa-sha256",
"b": "X2p04rI1"
},
"aligned": "forwardemail.net"
},
"sourceBodyLength": 269,
"canonBodyLength": 269,
"canonBodyLengthTotal": 269,
"canonBodyLengthLimited": false,
"mimeStructureStart": 0,
"publicKey": "-----BEGIN RSA PUBLIC KEY-----\nMIGJAoGBAKiOFqtTt4lb55ou6VDKCxz8AfHYDSDIudJTZ88azyYjcWGzcRUghE/T\nV64eD4iWMyZfP1i1T5cx9m5h1IJr01jXpeOgiC5vb6WR6Icc2lREinBAlJ4fG+Iw\n58wBnn/FJMMOhphja9wrK2F5l4sBUrZXVK5N1On4LoH0ToBRK7VPAgMBAAE=\n-----END RSA PUBLIC KEY-----\n",
"modulusLength": 1024,
"rr": "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCojharU7eJW+eaLulQygsc/AHx2A0gyLnSU2fPGs8mI3Fhs3EVIIRP01euHg+IljMmXz9YtU+XMfZuYdSCa9NY16XjoIgub2+lkeiHHNpURIpwQJSeHxviMOfMAZ5/xSTDDoaYY2vcKytheZeLAVK2V1SuTdTp+C6B9E6AUSu1TwIDAQAB",
"info": "dkim=fail (bad signature) header.i=@forwardemail.net header.s=default header.a=rsa-sha256 header.b=X2p04rI1"
},
{
"id": "7339cd02f3b3ab0a51222ab8740c28736d3a0fccf3e24c982f0a67d8fd8fd78a",
"signingDomain": "forwardemail.net",
"selector": "default",
"signature": "C/TeYDU7xNpZnhHhKu2Yq5g6nrFZYco7AIO5RHrRvmnS7zOMZ7XQtaZbWfMtRiAIy5Uj+pJIPDaX4Y6eohsZjS52X4p4aipLfA8mSQsNjBCCx1yNR1Ds17Yz0K6SnsWQTX9nT4fYPuk7GEOlSpitH2/Jnbbq6ETlY1E9MZtsHIo=",
"algo": "rsa-sha256",
"format": "relaxed/relaxed",
"bodyHash": "vjiH3PIaJqQud3HC0mcP+080MHOASXm0bsV7goQvazM=",
"bodyHashExpecting": "92SgvpXJy6ZDP2l5o0xVEd1mmiSTS2pcMDqaWyi8img=",
"signingHeaders": {
"keys": "From: Subject: Date: Message-ID: To: MIME-Version: Content-Type: Content-Transfer-Encoding",
"headers": [
"From: \"support@forwardemail.net\" <no-reply@forwardemail.net>",
"Subject: Forward: 🇨🇷 Re-engineered upward-trending standardization",
"Date: Sun, 04 Aug 2024 18:30:00 +0000",
"Message-ID: <me676703ie@forwardemail.net>",
"To: tti-y@forwardemail.net",
"MIME-Version: 1.0",
"Content-Type: text/plain; charset=UTF-8; format=flowed",
"Content-Transfer-Encoding: 7bit"
],
"canonicalizedHeader": "ZnJvbToic3VwcG9ydEBmb3J3YXJkZW1haWwubmV0IiA8bm8tcmVwbHlAZm9yd2FyZGVtYWlsLm5ldD4NCnN1YmplY3Q6Rm9yd2FyZDogw7DFuOKAocKow7DFuOKAocK3IFJlLWVuZ2luZWVyZWQgdXB3YXJkLXRyZW5kaW5nIHN0YW5kYXJkaXphdGlvbg0KZGF0ZTpTdW4sIDA0IEF1ZyAyMDI0IDE4OjMwOjAwICswMDAwDQptZXNzYWdlLWlkOjxtZTY3NjcwM2llQGZvcndhcmRlbWFpbC5uZXQ+DQp0bzp0dGkteUBmb3J3YXJkZW1haWwubmV0DQptaW1lLXZlcnNpb246MS4wDQpjb250ZW50LXR5cGU6dGV4dC9wbGFpbjsgY2hhcnNldD1VVEYtODsgZm9ybWF0PWZsb3dlZA0KY29udGVudC10cmFuc2Zlci1lbmNvZGluZzo3Yml0DQpka2ltLXNpZ25hdHVyZTp2PTE7IGE9cnNhLXNoYTI1NjsgYz1yZWxheGVkL3JlbGF4ZWQ7IGQ9Zm9yd2FyZGVtYWlsLm5ldDsgcT1kbnMvdHh0OyBzPWRlZmF1bHQ7IGJoPTkyU2d2cFhKeTZaRFAybDVvMHhWRWQxbW1pU1RTMnBjTURxYVd5aThpbWc9OyBoPWZyb206c3ViamVjdDpkYXRlOm1lc3NhZ2UtaWQ6dG86bWltZS12ZXJzaW9uOmNvbnRlbnQtdHlwZTpjb250ZW50LXRyYW5zZmVyLWVuY29kaW5nOyBiPQ=="
},
"status": {
"result": "neutral",
"comment": "body hash did not verify",
"header": {
"i": "@forwardemail.net",
"s": "default",
"a": "rsa-sha256",
"b": "C/TeYDU7"
},
"aligned": "forwardemail.net"
},
"sourceBodyLength": 269,
"canonBodyLength": 269,
"canonBodyLengthTotal": 269,
"canonBodyLengthLimited": false,
"mimeStructureStart": 0,
"info": "dkim=neutral (body hash did not verify) header.i=@forwardemail.net header.s=default header.a=rsa-sha256 header.b=\"C/TeYDU7\""
}
]
},
"spf": {
"domain": "forwardemail.net",
"helo": "[10.197.37.73]",
"envelope-from": "SRS0=3b86=PE=forwardemail.net=support@forwardemail.net",
"status": {
"result": "neutral",
"comment": "oem.local: undefined is neither permitted nor denied by domain of SRS0=3b86=PE=forwardemail.net=support@forwardemail.net",
"smtp": {
"mailfrom": "SRS0=3b86=PE=forwardemail.net=support@forwardemail.net",
"helo": "[10.197.37.73]"
}
},
"header": "Received-SPF: neutral (oem.local: undefined is neither permitted nor denied by domain of SRS0=3b86=PE=forwardemail.net=support@forwardemail.net)\r\n client-ip=undefined;",
"info": "spf=neutral (oem.local: undefined is neither permitted nor denied by domain of SRS0=3b86=PE=forwardemail.net=support@forwardemail.net) smtp.mailfrom=\"SRS0=3b86=PE=forwardemail.net=support@forwardemail.net\" smtp.helo=\"[10.197.37.73]\""
},
"dmarc": {
"status": {
"result": "fail",
"comment": "p=REJECT arc=none",
"header": {
"from": "forwardemail.net",
"d": "forwardemail.net"
}
},
"domain": "forwardemail.net",
"policy": "reject",
"p": "reject",
"sp": "reject",
"pct": 100,
"rr": "v=DMARC1; p=reject; pct=100; rua=mailto:dmarc-646d8d480dd3cc2c671633e2@forwardemail.net;",
"alignment": {
"spf": {
"strict": false
},
"dkim": {
"strict": false
}
},
"info": "dmarc=fail (p=REJECT arc=none) header.from=forwardemail.net header.d=forwardemail.net"
},
"arc": {
"status": {
"result": "none"
},
"i": 0,
"authResults": "oem.local;\r\n dkim=fail (bad signature) header.i=@forwardemail.net header.s=default header.a=rsa-sha256 header.b=X2p04rI1;\r\n dkim=neutral (body hash did not verify) header.i=@forwardemail.net header.s=default header.a=rsa-sha256 header.b=\"C/TeYDU7\";\r\n spf=neutral (oem.local: undefined is neither permitted nor denied by domain of SRS0=3b86=PE=forwardemail.net=support@forwardemail.net)\r\n smtp.mailfrom=\"SRS0=3b86=PE=forwardemail.net=support@forwardemail.net\" smtp.helo=\"[10.197.37.73]\";\r\n dmarc=fail (p=REJECT arc=none) header.from=forwardemail.net header.d=forwardemail.net;\r\n bimi=skipped (message failed DMARC)"
},
"bimi": {
"status": {
"header": {},
"result": "skipped",
"comment": "message failed DMARC"
},
"info": "bimi=skipped (message failed DMARC)"
},
"receivedChain": [
{
"from": {
"value": "10.197.37.73"
},
"by": {
"value": "atlas207.free.mail.bf1.yahoo.com pod-id NONE"
},
"with": {
"value": "HTTPS"
},
"timestamp": "Sun, 4 Aug 2024 18:30:10 +0000",
"full": "Received: from 10.197.37.73 by atlas207.free.mail.bf1.yahoo.com pod-id NONE with HTTPS; Sun, 4 Aug 2024 18:30:10 +0000"
},
{
"from": {
"value": "104.248.224.170",
"comment": "EHLO mx2.forwardemail.net"
},
"by": {
"value": "10.197.37.73"
},
"tls": {
"value": "",
"comment": "version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256"
},
"with": {
"value": "SMTPs"
},
"timestamp": "Sun, 04 Aug 2024 18:30:10 +0000",
"full": "Received: from 104.248.224.170 (EHLO mx2.forwardemail.net) by 10.197.37.73 with SMTPs (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256); Sun, 04 Aug 2024 18:30:10 +0000"
},
{
"from": {
"value": "smtp.forwardemail.net",
"comment": "[164.92.70.200] smtp.forwardemail.net"
},
"by": {
"value": "mx2.forwardemail.net",
"comment": "Forward Email"
},
"with": {
"value": "ESMTPS"
},
"tls": {
"value": "",
"comment": "version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384"
},
"for": {
"value": "<tti-y@forwardemail.net>"
},
"timestamp": "Sun, 04 Aug 2024 18:30:01 +0000",
"full": "Received: from smtp.forwardemail.net ([164.92.70.200] smtp.forwardemail.net) by mx2.forwardemail.net (Forward Email) with ESMTPS for <tti-y@forwardemail.net> (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384); Sun, 04 Aug 2024 18:30:01 +0000"
}
],
"headers": "Received-SPF: neutral (oem.local: undefined is neither permitted nor denied by domain of SRS0=3b86=PE=forwardemail.net=support@forwardemail.net)\r\n client-ip=undefined;\r\nAuthentication-Results: oem.local;\r\n dkim=fail (bad signature) header.i=@forwardemail.net header.s=default header.a=rsa-sha256 header.b=X2p04rI1;\r\n dkim=neutral (body hash did not verify) header.i=@forwardemail.net header.s=default header.a=rsa-sha256 header.b=\"C/TeYDU7\";\r\n spf=neutral (oem.local: undefined is neither permitted nor denied by domain of SRS0=3b86=PE=forwardemail.net=support@forwardemail.net)\r\n smtp.mailfrom=\"SRS0=3b86=PE=forwardemail.net=support@forwardemail.net\" smtp.helo=\"[10.197.37.73]\";\r\n dmarc=fail (p=REJECT arc=none) header.from=forwardemail.net header.d=forwardemail.net;\r\n bimi=skipped (message failed DMARC)\r\n"
}
Now we have comment
which is useful in newer version of mailauth CLI. The one with the correct body hash has the comment "bad signature"
.
Curious if this is due to Subject: Forward: 🇨🇷 Re-engineered upward-trending standardization
. Going to swap out dkim.sign
with mailauth
sign and see if this fixes it.
Yep, that fixed it. There is a bug in nodemailer/dkim
.
I think that this might only occur with large bodies (e.g. messages that get forwarded/replied to etc).
Our usage is here, and we apply and verify a signature from our side (not dependent on a third party).
Here's where we use
mailauth
to sign and then verify:https://github.com/forwardemail/forwardemail.net/blob/2c5db33457ab33b1439516eca5e17a3158924f1e/helpers/process-email.js#L454-L574
Any idea what might be wrong @andris9?
Here's what
dkim
variable output is from above linked code for this case wherebody hash did not verify
occurs: