So its not that I need to disable the masquerade (tell me if I am wrong since I though masquerade allowed you to send as your root domain), its that I need to change how I am sending my mail out to match what I eventually intend it to be. So if I want my email to show up as root_at_marlborosurvey.net it has to be root_at_marlborosurvey.net before and after it gets signed. So if masquerading make your email from root_at_mail.marlborosurvey.net send out after it gets signed as root_at_marlborosurvey.net how exactly do you make it send out as root_at_marlborosurvey.net before it gets signed?
Or am I mixing something up here?
From: msk_at_cloudmark.com
To: opendkim-users_at_lists.opendkim.org
Date: Tue, 26 Oct 2010 14:31:48 -0700
Subject: RE: Signing problem
You have to do something such that what opendkim signs is the
same as what people will receive. Because of the way the MTA and milter are
designed, masquerading (changing the From) happens after signing, guaranteeing
what people will receive is different from what you signed, and thus causing
the signature to fail.
At my home domain, for example, I just make sure my mail is
generated to match how sendmail would masquerade.
From: Jason Clint
[mailto:nosaj_17_at_hotmail.com]
Sent: Tuesday, October 26, 2010 2:30 PM
To: Murray S. Kucherawy; opendkim-users_at_lists.opendkim.org
Subject: RE: Signing problem
Ok so if I understand you correctly the
problem is I am sending mail as root_at_marlborosurvey.net from root_at_mail.marlborosurvey.net
and if I want to continue to send like that I have to disable sendmail's
masquerade feature? Is that correct?
From: msk_at_cloudmark.com
To: opendkim-users_at_lists.opendkim.org
Date: Tue, 26 Oct 2010 14:22:45 -0700
Subject: RE: Signing problem
The error in the log is fine; it just means it didn’t find
“mail.marlborosurvey.net” in the Domain list. Then it tested Subdomains
and got a match, which is why the second line went away and the mail is now
signed.
The signature failure is probably caused by you using sendmail’s
“MASQUERADE” feature. Your signing filter sees “mail.marlborosurvey.net”,
but I can tell from the reply that what sendmail.net sees is just
“marlborosurvey.net”. So what gets signed and what gets received aren’t
the same, so the signature will fail.
You need to turn off masquerading, or generate mail with a From:
that’s in the main domain, not in the “mail” subdomain.
From: Jason Clint
[mailto:nosaj_17_at_hotmail.com]
Sent: Tuesday, October 26, 2010 2:20 PM
To: Murray S. Kucherawy; opendkim-users_at_lists.opendkim.org
Subject: RE: Signing problem
By the way in case you where wondering what
I did to the opendkim.conf file I just set "subdomains yes".
From: nosaj_17_at_hotmail.com
To: msk_at_cloudmark.com; opendkim-users_at_lists.opendkim.org
Subject: RE: Signing problem
Date: Tue, 26 Oct 2010 21:12:37 +0000
Ok so now I am getting a different error:
Received on Tue Oct 26 2010 - 21:39:34 PST
This archive was generated by hypermail 2.3.0
: Mon Oct 29 2012 - 23:19:49 PST