Still on Drupal 7? Security support for Drupal 7 ended on 5 January 2025. Please visit our Drupal 7 End of Life resources page to review all of your options.Problem/Motivation
DKIM fails because the mail body gets altered, in more detail:
- During the conversion of HTML to Plain Text (drupal_html_to_text), the h3 and h4 tags are prefixed by ".... " and ".. " respectively.
- SMTP uses dot-stuffing (see https://tools.ietf.org/html/rfc5321#section-4.5.2 for details) which alters the prefixes of the h3 and h4 plain text conversions.
- By altering these prefixes, the mail body gets altered and consequently, DKIM verification fails.
I haven't tested it, but I expect the same issue exists in Drupal 8 with the MailFormatHelper in Drupal\Core\Mail.
Context:
SMTP uses a single period (dot) at the beginning of a separate line to denote the end of a mail message. Because users are not expected to be aware of this, SMTP adds an additional period (dot) before each dot on a separate line when it occurs in the message body, before sending the message.
Then DKIM signature is constructed on the mail body, including the additional period added by SMTP.
When the message is received, the receivers SMTP removes the added dots to reconstruct the original message. It thereby alters the mail body which causes the DKIM verification to fail with the error: Mail body has been altered.
Steps to reproduce
Proposed resolution
Use some other prefix instead of the series of dots.
Remaining tasks
- Create MR
- Review
- Commit
User interface changes
API changes
Data model changes
| Comment | File | Size | Author |
|---|
Issue fork drupal-3021619
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
changes
Comments
Comment #2
inascon commentedAttached is a patch to solve the issue.
Comment #3
inascon commentedPatch failed the mail test. That's fixed now.
Comment #4
inascon commentedComment #6
inascon commentedComment #7
inascon commentedComment #9
poker10 commentedThanks for reporting and working on this.
It seems like the D7 code is the same as the D10 code regarding the indentation (see MailFormatHelper::htmlToText() vs drupal_html_to_text()), so I think this needs to be evaluated/fixed in D10 first. Moving it there. We would need to create an MR for 11.x-dev (probably based on the D7 patch). Thanks!
Comment #10
immaculatexavier commentedAs per #9, Fixes for D10.
Comment #11
needs-review-queue-bot commentedThe Needs Review Queue Bot tested this issue.
While you are making the above changes, we recommend that you convert this patch to a merge request. Merge requests are preferred over patches. Be sure to hide the old patch files as well. (Converting an issue to a merge request without other contributions to the issue will not receive credit.)
Comment #14
sakthi_dev commentedConverted the latest patch #10 to MR.
Comment #15
smustgrave commentedIssue summary should be updated to use the standard issue template
Comment #16
keshav patel commentedAdded the issue summary according to the standard issue template.
Comment #17
smustgrave commentedHiding patch files.
Test-only https://git.drupalcode.org/issue/drupal-3021619/-/jobs/1312508 didn't give a failure like expected so leaving in review.
Comment #18
smustgrave commentedWas able to get a test-only feature https://git.drupalcode.org/issue/drupal-3021619/-/jobs/1378481
Seems like a small enough change.
Comment #19
alexpottThis seems fine. I think we should issue a change record for this. Can be set back to RTBC once it exists.