If the last character of the footer is a DOT, then DKIM FAILS... WHY?

Hello,

I made tests from a brand new installation of PHPList and it appears that when I change the default value of the footer, the DKIM validation changes from “pass” to “neutral (body hash did not verify)”. Here are some explicit examples :

DKIM passes with :

<div class="footer" style="text-align:left; font-size: 75%;">
  <p>Ce message vous a été envoyé à l'adresse [EMAIL] car nous pensons qu'il vous intéresse. Si ce n'est pas le cas, veuillez nous excuser. Pour voir et peut-être modifier les informations que vous recevez de notre part, vous pouvez visiter <a href="[PREFERENCESURL]">cette adresse</a>. Pour vous désinscrire, un clic suffit ici.</p>
</div>

BUT I got dkim=neutral (body hash did not verify) with

<div class="footer" style="text-align:left; font-size: 75%;">
      <p>Ce message vous a été envoyé à l'adresse [EMAIL] car nous pensons qu'il vous intéresse. Si ce n'est pas le cas, veuillez nous excuser. Pour voir et peut-être modifier les informations que vous recevez de notre part, vous pouvez visiter <a href="[PREFERENCESURL]">cette adresse</a>. Pour vous désinscrire, un clic suffit <a href="[UNSUBSCRIBEURL]">ici</a>.</p>
    </div>

The only thing I changed is the word ici, changed to <a href="[UNSUBSCRIBEURL]">ici</a>. And that tiny change breaks DKIM validation !!

Actually, changing ici to <a>ici</a> does not break DKIM validation, but changing ici to <a href="test">ici</a> breaks DKIM validation (I got body hash did not verify). And reversing the change makes DKIM pass again.

WHY ??? What’s the problem here ??

T.

Hi.

Does a single/double quote in the anchor “” block matter

Single quotes does not change anything.

I found that DKIM pass with the following footer :

test <a href="[PREFERENCESURL]">cette adresse</a>

BUT FAILS (neutral - body hash did not verify) with :

test <a href="[PREFERENCESURL]">cette adresse</a>.

Yes : the only difference is the DOT at the end and it is that dot that brokes DKIM ! And it appears to be a problem only when the dot is at the end because DKIM passes again with the following footer :

test <a href="[PREFERENCESURL]">cette adresse</a>. test

and DKIM passes again with

test <a href="[PREFERENCESURL]">cette adresse</a>.

where I put a single SPACE after the final dot…

I opened a bug tracking here to describe precisely the problem : https://mantis.phplist.org/view.php?id=19727
I can reproduce the problem with fresh installation of 3.3.8 and it’s very simple to see how a simple dot in the footer makes DKIM fails.

Could somebody help with this issue ? @duncanc ? @samtuke ? @michiel ?

1 Like

@trucmuche2005 Can you explain whereabouts DKIM is being added to emails generated by phplist?

The reason for this problem is that the dot character is special within SMTP and somewhere there is a bug that when a line of the email contains only the dot character then the DKIM signature is not calculated correctly.

In your example, a placeholder followed by a dot, the dot is being moved to a new line in the plain text version of the email. I’m not sure where in phplist that happens though.

1 Like

Hello @duncanc,
You ask me to explain where DKIM is added to PHPList emails ? I don’t have any idea of that. I’m not an expert in email sending nor authentification… If you precise a bit your question, I can maybe make some tests or look after something precise, but here, I don’t know what you want me to do/say…
If you ask me to find where the bug is, I tell you that I don’t know and I don’t have technical skills to do that. All I can do is report the problem and I’m ok to report to PHPMailer if you think that useful, to CentOS, to CPanel / WHM, to whatever you want… What else ? :slight_smile:

@trucmuche2005 What I wanted you to confirm was whether DKIM is added by the mail server, which it probably is. If your Cpanel has an option to enable DKIM then that is probably the case.
Can you look at one of the emails sent by phplist to see what the mail server software is? For example one of my emails has

Received: from host109-149-16-75.range109-149.btcentralplus.com ([109.149.16.75]:52270 helo=[192.168.1.73]) by artemis.krystal.co.uk with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91) (envelope-from <xxxxxx@dcameron.me.uk>) id 1glyyg-0006KI-IR; Tue, 22 Jan 2019 16:32:42 +0000

From this I can see that the mail server is Exim version 4.91.

1 Like

I can do that :slight_smile: It’s EXIM 4.91 too :

Received: from [xxx.xxx.xxx.xxx] (port=53272 helo=mydomain.com) by www.myserver.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91) (envelope-from <noreply@mydomain.com>) id 1gluLH-0008G7-AT for myname@mydomain.com; Tue, 22 Jan 2019 12:35:43 +0100

1 Like

I found that : https://bugs.exim.org/show_bug.cgi?id=2284 but If I understand correctly, it seems to be fixed in Exim 4.92 but it is not exactly the same bug (double dot)… (and Exim 4.92 is not released yet)

EDIT. I tried using the body suggested by Erwane B who submits the bug : I opened SquirrelMail on my server and sent simple messages to Gmail addresses, and checked DKIM validity. Those bodies makes DKIM fails :

My body start here
…this line fail the dkim body hash
thanks for the bug report
.

My body start here
…this line fail the dkim body hash
thanks for the bug report
.

My body start here
.this line fail the dkim body hash
thanks for the bug report
.

My body start here
this line fail the dkim body hash
thanks for the bug report
.

And this one makes DKIM PASS :

My body start here
this line fail the dkim body hash
thanks for the bug report

So I think that the bug I’m facing to is the same and I think that the only thing I need to do is to try EXIM 4.92. But it’s not released… :frowning: :frowning:

1 Like

@trucmuche2005 I think that you have identified the source of the problem. I too can repeat the problem by using the webmailer through CPanel.

One cause of the problem is when phpmailer breaks long lines. The trailing dot character is moved to a new line on its own. You could try increasing the maximum line length for text format messages to a much higher value, say 200, to try to ensure that the dot character is not moved to a new line.

image

1 Like

I’d be happy to have identified the source of the problem. But what can I do to make the things better ? I think that changing that parameter will affect only my web mailer, which I never use…
Should I ask for the next EXIM 4.92 update fixing that bug (if I understand correctly) ?
What can we/I do ? Because that bug affects many users which send soooo much emails and maybe a big part of them are wrongly classified as spam because of this bug…

No, that is a phplist setting.

Ok but as I demonstrated, I think it’s not the right way to fix this issue… It’s maybe a workaround (but I don’t understand why I should write 200 instead of 100 or 5000 and what are consequences of such choices) but It’s not a solution…

From your great research it seems that the issue is with Exim. Exim is a separate application to phpList; it’s very useful for other users to know about the issue, but we in the phpList community cannot fix the issue as it lays upstream.

Updating Exim should solve your problem, and therefore I shall mark this topic as solved.

yes, so I will wait for an update of Exim…