RE: Signing problem

From: Jason Clint <nosaj_17_at_hotmail.com>
Date: Tue, 26 Oct 2010 21:50:38 +0000

Can you point me to some documentation on the "replace rules"? or if none exist give me some tips on setting them up?

From: msk_at_cloudmark.com
To: opendkim-users_at_lists.opendkim.org
Date: Tue, 26 Oct 2010 14:43:33 -0700
Subject: RE: Signing problem



















That’s correct. The part you need to figure out is the “it” in “how
exactly do you make it send out as…”. I don’t know what software is generating
the messages you want to sign, so I can’t provide much guidance there.

 

If you don’t have any control over that, you might try the “replace
rules” experimental feature.

 

-MSK

 







From: Jason Clint
[mailto:nosaj_17_at_hotmail.com]

Sent: Tuesday, October 26, 2010 2:39 PM

To: Murray S. Kucherawy; opendkim-users_at_lists.opendkim.org

Subject: RE: Signing problem





 

So its not that I need to disable the
masquerade (tell me if I am wrong since I though masquerade allowed you to send
as your root domain), its that I need to change how I am sending my mail out to
match what I eventually intend it to be. So if I want my email to show up
as root_at_marlborosurvey.net it has to be root_at_marlborosurvey.net before and
after it gets signed. So if masquerading make your email from
root_at_mail.marlborosurvey.net send out after it gets signed as
root_at_marlborosurvey.net how exactly do you make it send out as
root_at_marlborosurvey.net before it gets signed?



Or am I mixing something up here?







From: msk_at_cloudmark.com

To: opendkim-users_at_lists.opendkim.org

Date: Tue, 26 Oct 2010 14:31:48 -0700

Subject: RE: Signing problem



You have to do something such that what opendkim signs is the
same as what people will receive. Because of the way the MTA and milter
are designed, masquerading (changing the From) happens after signing,
guaranteeing what people will receive is different from what you signed, and
thus causing the signature to fail.

 

At my home domain, for example, I just make sure my mail is
generated to match how sendmail would masquerade.

 







From: Jason Clint
[mailto:nosaj_17_at_hotmail.com]

Sent: Tuesday, October 26, 2010 2:30 PM

To: Murray S. Kucherawy; opendkim-users_at_lists.opendkim.org

Subject: RE: Signing problem





 

Ok so if I understand you correctly the
problem is I am sending mail as root_at_marlborosurvey.net from
root_at_mail.marlborosurvey.net and if I want to continue to send like that I have
to disable sendmail's masquerade feature? Is that correct?







From: msk_at_cloudmark.com

To: opendkim-users_at_lists.opendkim.org

Date: Tue, 26 Oct 2010 14:22:45 -0700

Subject: RE: Signing problem



The error in the log is fine; it just means it didn’t find
“mail.marlborosurvey.net” in the Domain list. Then it tested Subdomains
and got a match, which is why the second line went away and the mail is now
signed.

 

The signature failure is probably caused by you using sendmail’s
“MASQUERADE” feature. Your signing filter sees “mail.marlborosurvey.net”,
but I can tell from the reply that what sendmail.net sees is just
“marlborosurvey.net”. So what gets signed and what gets received aren’t
the same, so the signature will fail.

 

You need to turn off masquerading, or generate mail with a From:
that’s in the main domain, not in the “mail” subdomain.

 

 







From: Jason Clint
[mailto:nosaj_17_at_hotmail.com]

Sent: Tuesday, October 26, 2010 2:20 PM

To: Murray S. Kucherawy; opendkim-users_at_lists.opendkim.org

Subject: RE: Signing problem





 

By the way in case you where wondering what
I did to the opendkim.conf file I just set "subdomains yes".







From: nosaj_17_at_hotmail.com

To: msk_at_cloudmark.com; opendkim-users_at_lists.opendkim.org

Subject: RE: Signing problem

Date: Tue, 26 Oct 2010 21:12:37 +0000



Ok so now I am getting a different error:
Received on Tue Oct 26 2010 - 21:51:02 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:19:49 PST