RE: Signing problem

Well I would prefer to send as the root domain instead of the host.root
domain, so if thats the only was I can do that then I will definitely
give it a try. I still think I am missing something here however.

From: msk_at_cloudmark.com
To: opendkim-users_at_lists.opendkim.org
Date: Tue, 26 Oct 2010 14:36:20 -0700
Subject: RE: Signing problem

If that’s inconvenient to arrange, there’s an experimental
feature of OpenDKIM you can try called “replace rules” that lets you define
substitutions OpenDKIM should make when generating the signature, anticipating
downstream modifications such as these.

If you want to try that instead of adjusting your sendmail
configuration, let me know. As it is an experimental feature, the
documentation of its use is sparse so far.

From: opendkim-users-bounce_at_lists.opendkim.org
[mailto:opendkim-users-bounce_at_lists.opendkim.org] On Behalf Of Murray S.
Kucherawy

Sent: Tuesday, October 26, 2010 2:32 PM

To: opendkim-users_at_lists.opendkim.org

Subject: RE: Signing problem

You have to do something such that what opendkim signs is the
same as what people will receive. Because of the way the MTA and milter
are designed, masquerading (changing the From) happens after signing, guaranteeing
what people will receive is different from what you signed, and thus causing
the signature to fail.

At my home domain, for example, I just make sure my mail is
generated to match how sendmail would masquerade.

From: Jason Clint [mailto:nosaj_17_at_hotmail.com]

Sent: Tuesday, October 26, 2010 2:30 PM

To: Murray S. Kucherawy; opendkim-users_at_lists.opendkim.org

Subject: RE: Signing problem

Ok so if I understand you correctly the problem
is I am sending mail as root_at_marlborosurvey.net from
root_at_mail.marlborosurvey.net and if I want to continue to send like that I have
to disable sendmail's masquerade feature? Is that correct?

From: msk_at_cloudmark.com

To: opendkim-users_at_lists.opendkim.org

Date: Tue, 26 Oct 2010 14:22:45 -0700

Subject: RE: Signing problem

The error in the log is fine; it just means it didn’t find
“mail.marlborosurvey.net” in the Domain list. Then it tested Subdomains
and got a match, which is why the second line went away and the mail is now
signed.

The signature failure is probably caused by you using sendmail’s
“MASQUERADE” feature. Your signing filter sees “mail.marlborosurvey.net”,
but I can tell from the reply that what sendmail.net sees is just
“marlborosurvey.net”. So what gets signed and what gets received aren’t
the same, so the signature will fail.

You need to turn off masquerading, or generate mail with a From:
that’s in the main domain, not in the “mail” subdomain.

From: Jason Clint
[mailto:nosaj_17_at_hotmail.com]

Sent: Tuesday, October 26, 2010 2:20 PM

To: Murray S. Kucherawy; opendkim-users_at_lists.opendkim.org

Subject: RE: Signing problem

By the way in case you where wondering what
I did to the opendkim.conf file I just set "subdomains yes".

From: nosaj_17_at_hotmail.com

To: msk_at_cloudmark.com; opendkim-users_at_lists.opendkim.org

Subject: RE: Signing problem

Date: Tue, 26 Oct 2010 21:12:37 +0000

Ok so now I am getting a different error:
Received on Tue Oct 26 2010 - 21:43:01 PST