Brightmail Gateway DKIM headers generate errors with some other vendors
Last Updated August 25, 2010
After configuring DKIM message signing, authentication with some vendors is failing.
Symptoms Some email vendors (Google, port25.com) return errors when validating the DKIM signatures generated by the SBG appliance.
This is the result of some implementations using a case sensitive match for the canocalization method defined in the c= phrase of the DKIM-Signature header.
This issue is addressed in the 9.0.1-10 software release.
Symantec customers using the Brightmail Gateway products are encouraged to update their software release at their earliest convenience to take advantage of bug fixes and new features.
Technical Information The DKIM RFC is unclear regarding whether the strings used in the header to define canonicalization should be case sensitive or not. The Brightmail Gateway uses upper case but some other implementations appear to expect all lower case:
c=Relaxed/Simple vs c=relaxed/simple.
Imported Document ID: TECH131425
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe