我可以在接收端对 Exim 做些什么来允许 Microsft Exchange 导致 DKIM bodyhash 不匹配吗?

tag-icon tag-icon email exchange exim dkim
我可以在接收端对 Exim 做些什么来允许 Microsft Exchange 导致 DKIM bodyhash 不匹配吗?

我注意到,自从我们将 DKIM 设置为拒绝 Exim(v4.95)上的失败后,我们的服务器上有大量真正的电子邮件被拒绝。

查看 Exim 拒绝日志我们发现,如果这些电子邮件由 Microsoft Exchange/OutlookProtection 服务器处理,它们就会持续被拒绝:

Exim 拒绝日志:

2022-06-27 11:36:33 1o5m5d-0006bD-82 H=mail-eopbgr20129.outbound.protection.outlook.com (EUR02-VE1-obe.outbound.protection.outlook.com) [42.107.2.129]:54704 X=TLS1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256 CV=no rejected DKIM : 
DKIM: encountered the following problem validating 01473280699.onmicrosoft.com: bodyhash_mismatch
Envelope-from: <******@######.co.uk>
Envelope-to: <******@_!_!_!_!_!_.co.uk>
P Received: from mail-eopbgr20129.outbound.protection.outlook.com ([42.107.2.129]:54704 helo=EUR02-VE1-obe.outbound.protection.outlook.com)
    by base.ourServer.co.uk with esmtps  (TLS1.2) tls TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    (Exim 4.95)
    (envelope-from <******@######.co.uk>)
    id 1o5m5d-0006bD-82
    for ******@_!_!_!_!_!_.co.uk;
    Mon, 27 Jun 2022 11:36:33 +0100
  ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=fail;

看:

DKIM:验证 01473280699.onmicrosoft.com 时遇到以下问题:bodyhash_mismatch

这种情况仅发生在来自通过outbound.protection.outlook.com或类似变体的地址的消息中。

另一个类似但不完全相同的例子:

Exim 拒绝日志:

2022-06-17 12:29:04 1o14hL-0005Jq-Jy H=mail12.rbs.com (remlvdmzma04.rbs.com) [159.136.80.93]:56531 X=TLS1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256 CV=no rejected DKIM : DKIM: encountered the following problem validating rbsworkspace.onmicrosoft.com: bodyhash_mismatch
Envelope-from: <[email protected]>
Envelope-to: <******@_!_!_!_!_!_.co.uk>
P Received: from mail12.rbs.com ([159.136.80.93]:56531 helo=remlvdmzma04.rbs.com)
    by base.ourServer.co.uk with esmtps  (TLS1.2) tls TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    (Exim 4.95)
    (envelope-from <[email protected]>)
    id 1o14hL-0005Jq-Jy
    for ******@_!_!_!_!_!_.co.uk;
    Fri, 17 Jun 2022 12:29:04 +0100
  DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
  d=domain.com; [email protected]; q=dns/txt; s=mail;
  t=1655206023; x=1686742023;
  h=from:to:subject:date:message-id:mime-version;
  bh=3k6znbu3nEVhMGEdZiqBMSTBU7K2v4atTAzapxLvBCU=;
  b=YzXTzO3up95x48MLGbmJPHw5k7nAeWwYzPKK5rJMX1LG7EjERZjRw/vQ
   +H50m8i3SDz0DuGrK5EvvzzSjhfgMlxJLqulwcuZw4Bp9v9lH5tgWS7Pv
   PFHQtkSIvK/TdVQj4x9jGkbBwfHVHu/qgGuyf0TJZ6CN9gHY/HFzA5t3d
   c=;
  IronPort-SDR: K+m4jq9fjUdFtsVbXA4w4YGnRoyY21aiv3bXAqTxQjy8TsSiXwdkT0lOHAASchcRl0oaoR3Fgk
 u2Bcyi5/macn4gIof7lWGxgasR0Ct/xTY=
  X-IronPort-AV: E=Sophos;i="5.91,300,1647302400"; 
   d="png'150?scan'150,208,217,150";a="34252307"

看:

DKIM:验证 rbsworkspace.onmicrosoft.com 时遇到以下问题:bodyhash_mismatch

我读过各种帖子在这堆栈溢出, 和微软(有趣的是,他得出的结论是,问题出在接收方,而不是他们错误地设置了电子邮件服务器)并且别处别处

所以,我的问题是:

我可以在接收端对 Exim 做些什么来允许 Microsft Exchange 导致 DKIM bodyhash 不匹配吗?

否则,Exim 永远无法拒绝 DKIM 故障....

限定符:我推测原因是 MS Exchange,因为该outlook.com域名出现在拒绝日志中的所有正文哈希不匹配电子邮件中,但我不熟悉微软的架构,所以我在心理上将上述所有问题归为“Exchange 服务器”问题,因为这是我的看法。我可能错了。

相关内容