On 4/8/2024 8:29 AM, Konstantin Ryabitsev wrote: > On Mon, Apr 08, 2024 at 03:44:00PM +0800, Haifeng Xu wrote: >> I can also reproduced it. After digging into it, I found that our DKIM signature header >> has 't' and 'x' flags. They are recommended as a means to help identify spam. >> >> t= is the DKIM signature timestamp. >> x= is the DKIM signature expiration time. >> >> The source code of DKIM Validation can be seen in dkim/__init__.py(line 351), I paste it >> here. >> >> 343 if b'x' in sig: >> 344 if re.match(br"\d+$", sig[b'x']) is None: >> 345 raise ValidationError( >> 346 "x= value is not a decimal integer (%s)" % sig[b'x']) >> 347 x_sign = int(sig[b'x']) >> 348 now = int(time.time()) >> 349 slop = 36000 # 10H leeway for mailers with inaccurate clocks >> 350 if x_sign < now - slop: >> 351 raise ValidationError( >> 352 "x= value is past (%s)" % sig[b'x']) >> 353 if x_sign < t_sign: >> 354 raise ValidationError( >> 355 "x= value is less than t= value (x=%s t=%s)" % >> 356 (sig[b'x'], sig[b't'])) >> >> The expiry time is less than the time point you download the patch, so the validation >> fails. If I comment out these lines, this series can be successfully downloaded. > > FWIW, I've requested ability to ignore the x= flag when validating signatures: > https://bugs.launchpad.net/dkimpy/+bug/2047054 Thank you very much Haifeng and Konstantin. Reinette
