3

The Problem:

I am using OpenDKIM with Postfix. The mail is generated in PHP using the following code and then sent with mail():

// message
$message  = "--$hash".PHP_EOL;
$message .= "Content-Type: text/plain; charset=\"iso-8859-1\"".PHP_EOL;
$message .= "Content-Transfer-Encoding: base64".PHP_EOL.PHP_EOL;
$message .= base64_encode($body).PHP_EOL.PHP_EOL;
$message .= "--$hash".PHP_EOL;

OpenDKIM works fine for any messages that are under 742 characters in length, but if the message is 742 characters or more, Google reports that the DKIM "body hash did not verify".

Looking at DKIM and Google, I can't find any information on what would cause this. I have tried multiple messages that are 741 characters (all pass) and multiple that are 742 characters (all fail).

Errors:

The only error is in Google's receipt of the email (which it says it can't authenticate): 

dkim=neutral (body hash did not verify) header.i=@mailer.example.com;

/var/log/maillog has the following (or something similar) on successful and unsuccessful emails:

Nov  5 00:58:57 ip-XX-XX-XX-XX opendkim[3953]: 7D2946081A: DKIM-Signature field added (s=default, d=mailer.example.com)

Solution:

As per @Adrien Lebner's solution below, it was a simple change from

base64_encode($body)

to

chunk_split(base64_encode($body), 76, PHP_EOL)

that fixed the issue.

Kittsil
  • 1,909
  • 9
  • 18

1 Answers1

2

What if you send the same content on mutiple lines ?

DKIM may break if line length is too long :

2.1.1. Line Length Limits

There are two limits that this specification places on the number of characters in a line. Each line of characters MUST be no more than 998 characters, and SHOULD be no more than 78 characters, excluding the CRLF.

JazZ
  • 4,062
  • 2
  • 15
  • 36
  • This is almost definitely it. The emails are being encoded in base64 and are therefore sent as one line. Thanks! – Kittsil Nov 05 '16 at 02:42