You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Trần Tiến Đức (Jira)" <se...@james.apache.org> on 2020/01/17 13:19:00 UTC
[jira] [Comment Edited] (JAMES-3016) Remote delivery modifies
message breaking DKIM signature
[ https://issues.apache.org/jira/browse/JAMES-3016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17017993#comment-17017993 ]
Trần Tiến Đức edited comment on JAMES-3016 at 1/17/20 1:18 PM:
---------------------------------------------------------------
Hi [~sergey-b] I saw you put a ConvertTo7Bit mailet before the DKIMSign. As the consequence, mails are transformed into 7bit mode or relevants to "quotable-print"/"base64".
In the other hand, the default SMTPTransport used in RemoteDelivery allows 8 bit. Two uncorrelated configurations break DKIM signature.
My suggestion is removing the ConvertTo7Bit mailet if it's not neccesary - If I remember well 8bitExtension is the default capability of James SMTP server. All incomming smtp messages are supposed to be represented in 8bit. And the default behavior of James smtp remote delivery is matched with it.
Another idea, like you suggested, disable allow8bitmine but It should be considered as an your own configuration change. Not the default in James IMO
How do you think?
Dear,
was (Author: trantienduchn):
Hi [~sergey-b] I saw you put a ConvertTo7Bit mailet before the DKIMSign. As the consequence, mails are transformed into 7bit mode or relevants to "quotable-print"/"base64".
In the other hand, the default SMTPTransport used in RemoteDelivery allows 8 bit. Two uncorrelated configurations break DKIM signature.
My suggestion is removing the ConvertTo7Bit mailet if it's not neccesary - If I remember well 8bitExtension is the default capability of James SMTP server. All incomming smtp messages are supposed to be represented in 8bit. And the default behavior of James smtp remote delivery is matched with it.
Another idea, like you suggested, disable allow8bitmine but It should be considered as an your own configuration change. Not the default in James.
How do you think?
Dear,
> Remote delivery modifies message breaking DKIM signature
> --------------------------------------------------------
>
> Key: JAMES-3016
> URL: https://issues.apache.org/jira/browse/JAMES-3016
> Project: James Server
> Issue Type: Bug
> Affects Versions: 3.3.0
> Reporter: Sergey B.
> Priority: Major
>
> Remote delivery modifies message and breaks its DKIM signature. This happens when Content-Type is 'text/plain; charset=UTF-8' and body contains non-ascii symbols.
> Here is an example. This message was about to be sent.
> {code:java}
> Date: Sun, 22 Dec 2019 12:42:43 +0000 (GMT)
> From: mysender@example.com
> To: myreceiver@example.org
> Message-ID: <10...@19084506dd1d>
> Subject: MySender email notification test
> MIME-Version: 1.0
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
> {code}
> This is how it looked like at receiver side.
> {code:java}
> MIME-Version: 1.0
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: 8bit
> DKIM-Signature: a=rsa-sha256; b=DKIMSIGNATURE=; s=mail; c=relaxed/relaxed; d=example.com; v=1; bh=BHDATA=; h=Message-ID:Date:Subject:From:To:MIME-Version:Content-Type;
> Date: Sun, 22 Dec 2019 12:42:43 +0000 (GMT)
> From: mysender@example.com
> To: myreceiver@example.org
> Message-ID: <10...@19084506dd1d>
> Subject: MySender email notification test{code}
> Mailet configuration is like this
> {code:java}
> <mailet match="All" class="org.apache.james.jdkim.mailets.ConvertTo7Bit"/>
> <mailet match="All" class="org.apache.james.jdkim.mailets.DKIMSign">
> <signatureTemplate>v=1; s=mail; d=example.com; h=Message-ID:Date:Subject:From:To:MIME-Version:Content-Type; a=rsa-sha256; bh=; b=; c=relaxed/relaxed;</signatureTemplate>
> <forceCRLF>true</forceCRLF>
> <privateKey><![CDATA[
> -----BEGIN RSA PRIVATE KEY-----
> -----END RSA PRIVATE KEY-----
> ]]></privateKey>
> </mailet>
> <mailet match="All" class="RemoteDelivery">
> <sslEnable>false</sslEnable>
> <startTLS>false</startTLS>
> </mailet>{code}
> Adding property mail.smtp.allow8bitmime=false to configuration of RemoteDelivery mailet solves the problem effectively.
> Disabling 8bit MIME extension, when DKIM signature is present, seems to be the right solution.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org