DKIM fail if WHM adds Message-ID, should be Message-Id

[Tom Hendrikx]

On 12-10-2020 10:16, Robert Martin wrote:
>
> I created a client library to send emails for a webapp.
>
> After connecting to the SMTP server with credential setup in CPANEL, 
> and then do NOT add Message-Id header, the DKIM signature 'h' record 
> created by dovecot/WHM is wrong, and a Message-ID (with a capital D) 
> header is added, invalidating the generated DKIM signature value.
>
> This causes outlook, yahoo, gmail and other email recipients to add 
> 'dkim:fail' to the message, and thus relegate it to junk or spam.
>
> The work around is to add to the message a Message-Id with a  little 
> ‘d’ header.  Then the SMTP server processes the email with the correct 
> generated DKIM, correct DKIM ‘h’ record and does not add a Message-ID 
> header.
>
> My SMTP hosting providers that run the WHM/dovecot/CPANEL software are 
> refusing to raise this as a bug and have requested that I do it.
>
Hi Robert,

Dovecot does not add DKIM headers, Dovecot doesn't even send email. 
Aside from that:

- The RFC states that "Message-ID" is the actual spelling: 
https://tools.ietf.org/html/rfc5322#section-3.6.4

- The DKIM signer implementation in CPANEL/WHM seems to do the right 
thing: It adds a Message-ID header if it's missing, and creates a DKIM 
signature. It seems unlikely that the CPANEL/WHM DKIM implementation 
generates invalid DKIM signatures for all Message-ID headers it 
generates, as lots of people would have issues with that.

It's unclear from your inital message what's wrong with the generated 
DKIM signature, and it's also unclear where the "Message-Id" header 
(with lowercase 'd') comes from. Could you please explain? Can you show 
full headers for a message with the broken DKIM and all the relevant 
headers?

Kind regards,

Tom

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20201012/187263cf/attachment.html>