Re: Double X-DKIM Header (all the way across the sky!!!!)

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Mon, 14 Feb 2011 22:04:01 -0800 (PST)

On Mon, 14 Feb 2011, Steve Jenkins wrote:
> X-DKIM: OpenDKIM Filter v2.3.0 carbonfiber.stevejenkins.com 830E110424E7
> Authentication-Results: carbonfiber.stevejenkins.com; dkim=pass
> (1024-bit key) header.i=_at_gmail.com header.b=IiKEGPTz; dkim-adsp=pass
> X-DKIM: OpenDKIM Filter v2.3.0 carbonfiber.stevejenkins.com D120510424E8
>
> I'm assuming one is added on the way IN to the content filter, and the
> second is added when Amavis-new re-injects the message back into the
> Postfix queue.

It looks that way, since the last thing on the X-DKIM field changes; it's
the message's queue ID. The only way that can happen is if OpenDKIM saw
it twice.

> I don't see any harm in this, but I don't know if this is a bug or if
> it's the desired behavior for some reason. If it's not a bug, any
> guidance on how to configure OpenDKIM to parse the message once, instead
> of twice?

Assuming amavis-new re-injects via a local interface, you could try
putting localhost or 127.0.0.1 (or both) in the PeerList for opendkim, but
then it would end up ignoring all mail from any localhost client even if
it hadn't been seen before.

Otherwise I'm not sure there's a way to tell the difference between an
amavisd-new re-injection and a regular piece of mail from some localhost
client (e.g. cron, atrun, some other daemon). If you can think of one,
we could probably accommodate it.

-MSK
Received on Tue Feb 15 2011 - 06:04:27 PST