That's correct. The part you need to figure out is the "it" in "how exactly do you make it send out as...". I don't know what software is generating the messages you want to sign, so I can't provide much guidance there.
If you don't have any control over that, you might try the "replace rules" experimental feature.
-MSK
From: Jason Clint [mailto:nosaj_17_at_hotmail.com]
Sent: Tuesday, October 26, 2010 2:39 PM
To: Murray S. Kucherawy; opendkim-users_at_lists.opendkim.org
Subject: RE: Signing problem
So its not that I need to disable the masquerade (tell me if I am wrong since I though masquerade allowed you to send as your root domain), its that I need to change how I am sending my mail out to match what I eventually intend it to be. So if I want my email to show up as root_at_marlborosurvey.net it has to be root_at_marlborosurvey.net before and after it gets signed. So if masquerading make your email from root_at_mail.marlborosurvey.net send out after it gets signed as root_at_marlborosurvey.net how exactly do you make it send out as root_at_marlborosurvey.net before it gets signed?
Or am I mixing something up here?
________________________________
From: msk_at_cloudmark.com
To: opendkim-users_at_lists.opendkim.org
Date: Tue, 26 Oct 2010 14:31:48 -0700
Subject: RE: Signing problem
You have to do something such that what opendkim signs is the same as what people will receive. Because of the way the MTA and milter are designed, masquerading (changing the From) happens after signing, guaranteeing what people will receive is different from what you signed, and thus causing the signature to fail.
At my home domain, for example, I just make sure my mail is generated to match how sendmail would masquerade.
From: Jason Clint [mailto:nosaj_17_at_hotmail.com]
Sent: Tuesday, October 26, 2010 2:30 PM
To: Murray S. Kucherawy; opendkim-users_at_lists.opendkim.org
Subject: RE: Signing problem
Ok so if I understand you correctly the problem is I am sending mail as root_at_marlborosurvey.net from root_at_mail.marlborosurvey.net and if I want to continue to send like that I have to disable sendmail's masquerade feature? Is that correct?
________________________________
From: msk_at_cloudmark.com
To: opendkim-users_at_lists.opendkim.org
Date: Tue, 26 Oct 2010 14:22:45 -0700
Subject: RE: Signing problem
The error in the log is fine; it just means it didn't find "mail.marlborosurvey.net" in the Domain list. Then it tested Subdomains and got a match, which is why the second line went away and the mail is now signed.
The signature failure is probably caused by you using sendmail's "MASQUERADE" feature. Your signing filter sees "mail.marlborosurvey.net", but I can tell from the reply that what sendmail.net sees is just "marlborosurvey.net". So what gets signed and what gets received aren't the same, so the signature will fail.
You need to turn off masquerading, or generate mail with a From: that's in the main domain, not in the "mail" subdomain.
From: Jason Clint [mailto:nosaj_17_at_hotmail.com]
Sent: Tuesday, October 26, 2010 2:20 PM
To: Murray S. Kucherawy; opendkim-users_at_lists.opendkim.org
Subject: RE: Signing problem
By the way in case you where wondering what I did to the opendkim.conf file I just set "subdomains yes".
________________________________
From: nosaj_17_at_hotmail.com
To: msk_at_cloudmark.com; opendkim-users_at_lists.opendkim.org
Subject: RE: Signing problem
Date: Tue, 26 Oct 2010 21:12:37 +0000
Ok so now I am getting a different error:
Received on Tue Oct 26 2010 - 21:44:20 PST
This archive was generated by hypermail 2.2.0+W3C-0.50 : Wed Oct 27 2010 - 01:50:01 PST