search

simple-login / app

The SimpleLogin back-end and web app
https://simplelogin.io
GNU Affero General Public License v3.0
5.17k stars 440 forks source link

Bug: DKIM Failure for Emails with Content-Type: text/html #2165

Open DNCD opened 3 months ago

DNCD commented 3 months ago

Description:

Emails sent with Content-Type: text/html are failing DKIM checks, resulting in a "dkim=fail (body hash mismatch)" error. However, when emails are sent with Content-Type: text/plain, they pass DKIM checks without any issues.

Steps to Reproduce:

Send an email with `Content-Type: text/html`.
Check the DKIM status in the email headers.
Observe the "dkim=fail (body hash mismatch)" error.
Send an email with `Content-Type: text/plain`.
Check the DKIM status in the email headers.
Observe that the email passes DKIM checks.

Expected Behavior:

Emails sent withContent-Type: text/html should pass DKIM checks just like emails sent with Content-Type: text/plain.

Actual Behavior:

Emails with Content-Type: text/html fail DKIM checks with the error "dkim=fail (body hash mismatch)", whereas emails with Content-Type: text/plain pass DKIM checks.

celogeek commented 3 months ago

I've got similar issue. My mail go to spam most of the time (DMARC set to quarantine wrong DKIM). Probably due to encoding issue. I fix the issue by stop using DKIM signature from SL directly.

I use OpenDkim or RSPAMD and let know SL to not doing it:

### ENV FILE
# DKIM_PRIVATE_KEY_PATH=/dkim.key
RSPAMD_SIGN_DKIM=true

It could be great to have that part working without the need of external tools. Or if it's not possible, then explain for self-hosting how to setup it using an external tools.

DNCD commented 3 months ago

I've got similar issue. My mail go to spam most of the time (DMARC set to quarantine wrong DKIM). Probably due to encoding issue. I fix the issue by stop using DKIM signature from SL directly.

I use OpenDkim or RSPAMD and let know SL to not doing it:

### ENV FILE
# DKIM_PRIVATE_KEY_PATH=/dkim.key
RSPAMD_SIGN_DKIM=true

It could be great to have that part working without the need of external tools. Or if it's not possible, then explain for self-hosting how to setup it using an external tools.

Thanks for sharing your solution! It would be beneficial if this could work without relying on external tools. I will work on this this weekend. Thank You. I really appreciate it

DNCD commented 3 months ago

I've got similar issue. My mail go to spam most of the time (DMARC set to quarantine wrong DKIM). Probably due to encoding issue.

I fix the issue by stop using DKIM signature from SL directly.

I use OpenDkim or RSPAMD and let know SL to not doing it:


### ENV FILE

# DKIM_PRIVATE_KEY_PATH=/dkim.key

RSPAMD_SIGN_DKIM=true

It could be great to have that part working without the need of external tools. Or if it's not possible, then explain for self-hosting how to setup it using an external tools.

@celogeek do you have any links to follow the installation? I set it up, but it's not signing outgoing emails for some reason.

celogeek commented 3 months ago

For 1 domain, this one is pretty ok: https://wiki.debian.org/opendkim For multiple domain, then google is your friend. I need to write a tutorial, will try soon.

DNCD commented 3 months ago

For 1 domain, this one is pretty ok: https://wiki.debian.org/opendkim

For multiple domain, then google is your friend.

I need to write a tutorial, will try soon.

Thank you appreciate your help

SwapnilSoni1999 commented 2 weeks ago

i'm still getting dkim fail 

Authentication-Results: mx.google.com;
       dkim=neutral (bad version)