opendkim signing vs 8bitmime

[Carl Byington]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I am seeing occasional DKIM signature failures (as seen in DMARC rua=
reports) which I suspect may be caused by sendmail 7 to 8 bit mime
conversions. We receive a message from a client via port 587, and relay
it to comcast.net which advertises 8BITMIME. A small fraction of those
messages are failing the DKIM signature check at comcast.

The opendkim milter is the first milter listed in sendmail.mc. We have
FEATURE(nocanonify) in both sendmail.mc and submit.mc, although I don't
think submit.mc is used in this relay scenario.

Is there a way to prevent sendmail from doing any 7to8 (or 8to7) bit
conversions, and just send the message the way opendkim signed it?


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEAREKAAYFAlkIloIACgkQL6j7milTFsFP6gCeIwlzzaxSADmkDOQAp7glB9xI
L60AnR4hnTgrwbEHqWMyWCDJV+rACPks
=TqjH
-----END PGP SIGNATURE-----

[Claus Aßmann]

Carl Byington wrote:

> Is there a way to prevent sendmail from doing any 7to8 (or 8to7) bit
> conversions, and just send the message the way opendkim signed it?

See the fine docs:

5.4. M -- Define Mailer
...
8 If set, it is acceptable to send eight bit data to
this mailer; the usual attempt to do 8->7 bit MIME
conversions will be bypassed.

9 If set, do limited 7->8 bit MIME conversions.
These conversions are limited to text/plain data.

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.