thunderbird / postfix / dkim / invalid body hash
Mozilla Thunderbird uses an odd max line length of 999 + CRLF: 1001 characters. When using DKIM preprocessing, this can result in DKIM validation failure.
To reproduce, we would send a mail that didn’t wrap well with line
lengths in excess of 999 characters. Like this mail with 1000
Thunderbird splits that into 999 times
'x', and CRLF and another
line with a single
'x'. However, that first line gets split again.
Turns out Postfix resumed splitting up the lines some more (even though the CRLFs got translated to bare LFs at the end).
In our case, we were using the following setup:
smtpd_milters = inet:127.0.0.1:54321,
non_smtpd_milters = inet:127.0.0.1:54321
and on localhost, on port
54321 we have:
smtp_line_length_limit = 1001
Now the 1000
'x' mail looks like this:
Valid is good!
P.S. That validator is the Thunderbird DKIM Verifier extension.