[Mimedefang] Mimedefang breaks DKIM signing of single-part, plain text emails

Thu Jan 22 12:38:53 EST 2015

On 1/15/2015 2:55 PM, David F. Skoll wrote:
> On Thu, 15 Jan 2015 10:41:14 -0700
> Peter Nagel <pbnagel at rmi.net> wrote:
>
> [Some very good comments]
>
> Yes, I can see how MIMEDefang misbehaves if you're trying to sign
> something.  I'll definitely look at fixing the behaviour.

We've been experimenting with making sure DKIM verification is working 
so we've added a verification loop to test all of the DKIM signed 
messages to see if we can identify any edge cases that are failing.

To do this, we added an add_recipient call to our DKIM routine for 
signature.  Perhaps some others might like to do the same so we can 
identify more edge cases.

We then run the emails through a small script that uses 
Mail::DKIM::Verifier to check the signature using procmail. Here's call 
to the script using procmail:

# RUN MESSAGES NOT DIRECTLY TO DKIM_CHECK THROUGH THE SCRIPT
:0 fw
* !^(To|Cc|Bcc|From): check_the_dkim at pccc.com.*
| perl /usr/local/check_the_dkim.pl

# DISCARD ANY MESSAGES THAT SAY DISCARD FROM THE SCRIPT
:0:
* ^X-Status: D.*
/dev/null

And here's the small script:

#Written by PCCC to test edge cases of DKIM signing
#Released to Public Domain
use Mail::DKIM::Verifier;

our ($original_message);
&main();

sub main {
   my ($message, $result);

   $result = &get_result();

   if (uc($result) ne 'PASS') {

     $message .= "A message signed by mimedefang has failed the DKIM 
verification.<br><br>";
     $message .= "<b>Result:</b> $result<br><br>";
     $message .= "<b>Original Message:</b><br><br>";
     $message .= "<pre>$original_message</pre>";

     # email message here

     # keep email in inbox for inspection
     print $original_message;

   } else {
     my $printed_delete = 0;

     # ADD X-Status: D TO MARK EMAIL DELETED
     foreach my $line (split("\n", $original_message)) {
       if ($printed_delete < 1 and $line =~ /^$/) {
         print "X-Status: D\n";
         $printed_delete++;
       }

       print $line."\n";
     }
   }

   # KEEP EMAIL IN INBOX FOR CHECKING LATER
   exit 0;
}

# USE THE VERIFIER TO CHECK THE DKIM SIGNATURE
sub get_result {
   my ($FORM, %params) = @_;
   my ($result, $dkim);

   # create a verifier object
   $dkim = Mail::DKIM::Verifier->new();

   while (<STDIN>)
   {
       # keep original message to be saved later
       $original_message .= $_;

       # remove local line terminators
       chomp;
       s/\015$//;

       # use SMTP line terminators
       $dkim->PRINT("$_\015\012");
   }
   $dkim->CLOSE;

   # what is the result of the verify?
   $result = $dkim->result_detail;

   return $result;
}

Regards,
KAM