Many of my incoming mails have broken DKIM signatures (and rejected DMARC), that I'm sure are valid. Looking back, this has been going on for a while. I suspect Amavis, re-encoding the body to quoted printable.
This is the check result on such mails:
When I send myself a test like this:
Upon receiving, and showing the original, the mail ends with:
So, both have a content type of UTF-8, but to Gmail it's encoded 8bit, and to Zimbra quoted-printable.
This is happening on mail from various origins and senders.
Because the DKIM validation says the body was altered, this looks like something in Zimbra is re-encoding it. This is confirmed by sniffing with tcpdump with TLS disabled. The mail is delivered properly (no quoted printable) on the Zimbra server with:
But, when I sniff TCP port 10032, where Amavis listens, I see it's quoted printable there:
Any idea how to fix or work around this? I already tried this:
And rebooted. But that didn't work.
How can I make sure this is removed from '/opt/zimbra/common/conf/master.cf' ?:
Zimra: 10.1.4.GA.4200000.UBUNTU22.64 UBUNTU22_64 FOSS edition, obtained from https://maldua.github.io/zimbra-foss-bu ... loads.html
This is the check result on such mails:
Code:
X-Spam-Status: No, score=6.289 required=6.6 tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, DMARC_FAIL_REJECT=9, SPF_HELO_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=no autolearn_force=noAuthentication-Results: meel.halfgaar.net (amavis); dkim=fail (2048-bit key) reason="fail (body has been altered)" header.d=halfgaar.net header.b="htFvdak6"; dkim=fail (2048-bit key) reason="fail (body has been altered)" header.d=halfgaar.net header.b="mPDukiCS"When I send myself a test like this:
Code:
echo "This is a test with utf8: é" | mail -s "$RANDOM UTF8 asdf test" wiebe@myzimbraserver.comUpon receiving, and showing the original, the mail ends with:
Code:
To: wiebe@myzimbraserver.comSubject: 11694 UTF8 asdf testMIME-Version: 1.0Content-Type: text/plain; charset="UTF-8"Message-Id: <20250308155002.BC0BB1017B7@removed.halfgaar.net>Date: Sat, 8 Mar 2025 16:50:02 +0100 (CET)From: root <root@mydomain.net>Content-Transfer-Encoding: quoted-printableThis is a test with utf8: =C3=A9[/quote]But, when I send it to gmail the same way, it ends with (and DKIM passes):[code]To: wiebe@somegmaildomain.comSubject: 30156 UTF8 asdf testMIME-Version: 1.0Content-Type: text/plain; charset="UTF-8"Content-Transfer-Encoding: 8bitMessage-Id: <20250308155314.A55CF1017B7@removed.halfgaar.net>Date: Sat, 8 Mar 2025 16:53:14 +0100 (CET)From: root <root@mydomain.net>This is a test with utf8: éThis is happening on mail from various origins and senders.
Because the DKIM validation says the body was altered, this looks like something in Zimbra is re-encoding it. This is confirmed by sniffing with tcpdump with TLS disabled. The mail is delivered properly (no quoted printable) on the Zimbra server with:
Code:
To: wiebe@myzimbraserver.comSubject: 8567 UTF8 asdf testMIME-Version: 1.0Content-Type: text/plain; charset="UTF-8"Content-Transfer-Encoding: 8bitMessage-Id: <20250308160932.C73841017B7@removed.halfgaar.net>Date: Sat, 8 Mar 2025 17:09:32 +0100 (CET)From: root <root@mydomain.net>This is a test with utf8: éCode:
To: wiebe@myzimbraserver.comSubject: 16304 UTF8 asdf testMIME-Version: 1.0Content-Type: text/plain; charset="UTF-8"Message-Id: <20250308161626.B6CD91017B7@removed.halfgaar.net>Date: Sat, 8 Mar 2025 17:16:26 +0100 (CET)From: root <root@halfgaar.net>Content-Transfer-Encoding: quoted-printableThis is a test with utf8: =C3=A9.QUIT[m�gT�BE4��@@E:'0��PӬ�*0���(�[h��[h�[m�gj��E���@@D�'0��PӬ�*0��▒�y�[i��[h�250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5AAE5182119Any idea how to fix or work around this? I already tried this:
Code:
zmprov ms `zmhostname` -zimbraServiceEnabled amaviszmprov ms `zmhostname` -zimbraServiceEnabled antivirusHow can I make sure this is removed from '/opt/zimbra/common/conf/master.cf' ?:
Code:
-o content_filter=smtp-amavis:[127.0.0.1]:10032Statistics: Posted by halfgaar — Sat Mar 08, 2025 4:27 pm