Can We Avoid Specific Types of Header "rewriting", Should the Message Contain a DKIM Signature?
(Doc ID 2111045.1)
Last updated on MAY 30, 2018
Applies to:Oracle Communications Messaging Server - Version 7.0.5 and later
Information in this document applies to any platform.
We have a DKIM signer that uses our mail system as a relay, and they reported DKIM failures at recipient systems, even with messages with the most trivial of plain text body content. After we investigated, we found:
1) the signer was using simple/simple header/body canonicalization (ie - the most strict)
2) the signer was specifying Message-ID as one of the headers to sign
Changing to relaxed/simple canonicalization works around the header names being changed, however slightly, but since this was a customer using our server for relay, we were hoping to be as agnostic as possible when relaying their mail.
We know that Messaging Server can and will rewrite certain header names it "knows about" to a different letter case arrangement than what the MUA/client originally submitted. See: Names Of Headers Being Changed Subtly (case-wise) By Messaging Server (Doc ID 2111043.1)
It looks like there isn't a way to turn this off for specific headers, or globally/per channel. We also think that the passthrough and relay options feel a bit dangerous.
Q1. Would the dkimpreserve source channel option help in this situation, to avoid this specific type of header "rewriting" should the message contain a DKIM signature? We can see from the doc that we would also have to ensure that the dkim_preserve_domains and dkim_ignore_domains MTA options were present for this to work.
Q2. Is there any obvious reason why the communication system would modify the message in a way that would cause them to fail a DKIM check?
Q3. It looks like the mta is rewriting some of the header names during cannonicalization?
Q4. Can this rewriting be turned off?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!