thunderbird / postfix / dkim / invalid body hash

thunderbird / postfix / dkim / invalid body hash

  • Written by Walter Doekes

  • Published on: 2013-09-04

Mozilla Thunderbird uses an odd max line length of 999 + CRLF: 1001 characters. When using DKIM preprocessing, this can result in DKIM validation failure.

To reproduce, we would send a mail that didn’t wrap well with line lengths in excess of 999 characters. Like this mail with 1000 'x' characters:
DKIM Invalid (Wrong bodyhash)
Thunderbird splits that into 999 times 'x', and CRLF and another line with a single 'x'. However, that first line gets split again.

Turns out Postfix resumed splitting up the lines some more (even though the CRLFs got translated to bare LFs at the end).

In our case, we were using the following setup:
postfix 2.9.6-1~12.04.1
with smtpd_milters = inet:,
non_smtpd_milters = inet:
and on localhost, on port 54321 we have:
opendkim 2.6.8-0ubuntu1.0.1

The workaround:
smtp_line_length_limit = 1001

Now the 1000 'x' mail looks like this:
DKIM Valid\

Valid is good!

P.S. That validator is the Thunderbird DKIM Verifier extension.

Back to overview Newer post: mysql / datetime / indexes Older post: virtualenv / pil pillow mess