Closed Bug 1528832 Opened 7 years ago Closed 6 years ago

email signature DKIM

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: mathias.muehlbacher, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0

Steps to reproduce:

Send email to check-auth@verifier.port25.com to check if DKIM & SPF is setup correctly.
Send seperate email with and without email signature (Kind regards, ....) to mentioned email address.

Actual results:

With email sigatnure DKIM fails ->
DKIM check details:

Result: fail (wrong body hash: expected nB974htKuKgw8RWtJPDjKg8NYimRUZNFtS5k9GymMX0=)
ID(s) verified:

Canonicalized Headers:
to:check-auth@verifier.port25.com'0D''0A'
from:=?UTF-8?Q?Mathias_M=c3=bchlbacher?='20'<mathias.muehlbacher@hks-projekt.at>'0D''0A'
message-id:<bf07b3c9-0546-188c-c3ed-e1396b5aabe2@hks-projekt.at>'0D''0A'
date:Mon,'20'18'20'Feb'20'2019'20'21:45:25'20'+0100'0D''0A'
mime-version:1.0'0D''0A'
dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/relaxed;'20'd=hks-projekt.at;'20's=81BFB7CE-CC86-11E8-8DC4-91CA4D724663;'20't=1550522724;'20'bh=tgr1rswYA0l0ch4xWU7bqn+ZULXwUTUt68J50doUUH4=;'20'h=To:From:Message-ID:Date:MIME-Version;'20'b=

Canonicalized Body:
'0D''0A'
'0D''0A'
--=20'0D''0A'
Freundliche'20'Gr=C3=BC=C3=9Fe,'20'Mathias'20'M=C3=BChlbacher'0D''0A'

DNS record(s):

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

Without email signature it works.

Expected results:

DKIM should also work when enabled email signature

Sorry about the late reply. DKIM is not really a function of Thunderbird. So what do you think we should fix here?

I don't think this can be a bug in Thunderbird.

Most likely, this is either a bug in
(a) the server software that sends out the message and adds the DKIM signature
or
(b) a bug on the server that performs the verification

I just sent email using Thunderbird, S/MIME signed, using my own kuix.de server which adds a DKIM record, to a gmail account.

Using the instructions here, you can check if the DKIM record is correct. It was correct in my scenario.

Then, I used the same dropdown menu in gmail to download the message, which was sent to a file with .eml extension. In Thunderbird, I used file / open /saved message, to open that .eml file, and Thunderbird showed it with a valid digital signature.

I'm closing this for now. Please feel free to add additional comments, if you have more information demonstrating your claim, then we can reopen the bug.

Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.