Someone just posted a question on my blog referencing these headers,
and asking why two OpenDKIM signatures are there:
<start example headers>
Delivered-To: xxx_at_xxx.com
Received: by 10.204.55.15 with SMTP id s15cs11793bkg;
Thu, 3 Mar 2011 09:29:07 -0800 (PST)
Received: by 10.204.169.193 with SMTP id a1mr1809154bkz.11.1299173347444;
Thu, 03 Mar 2011 09:29:07 -0800 (PST)
Return-Path:
Received: from xxx.com (myhost.com [f.i.r.stip])
by mx.google.com with ESMTPS id 20si2102167faw.28.2011.03.03.09.29.06
(version=TLSv1/SSLv3 cipher=OTHER);
Thu, 03 Mar 2011 09:29:06 -0800 (PST)
Received-SPF: neutral (google.com: f.i.r.stip is neither permitted nor
denied by best guess record for domain of apache_at_xxx.com)
client-ip=f.i.r.stip;
Authentication-Results: mx.google.com; spf=neutral (google.com:
f.i.r.stip is neither permitted nor denied by best guess record for
domain of apache_at_xxx.com) smtp.mail=apache_at_xxx.com; dkim=neutral (bad
format) header.i=_at_xxx.com
Received: from xxx.com (unknown [127.0.0.1])
by xxx.com (Postfix) with ESMTP id 6529748B803C
for ; Thu, 3 Mar 2011 18:32:53 +0000 (UTC)
X-DKIM: OpenDKIM Filter v2.3.0 xxx.com 6529748B803C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=xxx.com;
s=default; t=1299177173;
bh=ECATb+VWltvBu/ooHzVT5XGQ5S7FTDYKCJ0croZb0SY=;
h=To:Subject:Message-Id:Date:From;
b=a9G9xZkBgbPREvHPFMTl+zzRBfU27LErY+QOwlG0jRd2M5f+6/C2CIic8pUPENTMk
RmGXeLVa8e6gOgwPIHIPeaKD9ZR8UTMuc9zfwyNhFdIWYj85ASWEOVB1oGvs0cJgYR
+pBwXkGIAX0Tcr3+2hE0UloAZ8wfCxOzhZ4KoSDM=
Received: by xxx.com (Postfix, from userid 48)
id 4F18848B84A2; Thu, 3 Mar 2011 18:32:53 +0000 (UTC)
X-DKIM: OpenDKIM Filter v2.3.0 xxx.com 4F18848B84A2
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=xxx.com;
s=default; t=1299177173;
bh=ECATb+VWltvBu/ooHzVT5XGQ5S7FTDYKCJ0croZb0SY=;
h=To:Subject:Message-Id:Date:From;
b=a9G9xZkBgbPREvHPFMTl+zzRBfU27LErY+QOwlG0jRd2M5f+6/C2CIic8pUPENTMk
RmGXeLVa8e6gOgwPIHIPeaKD9ZR8UTMuc9zfwyNhFdIWYj85ASWEOVB1oGvs0cJgYR
+pBwXkGIAX0Tcr3+2hE0UloAZ8wfCxOzhZ4KoSDM=
To: xxx_at_xxx.com
Subject: subject
Message-Id:
Date: Thu, 3 Mar 2011 18:32:53 +0000 (UTC)
From: apache_at_xxx.com (Apache)
<end example headers>
I wanted to run my opinion by this list before answering his question
(he should have asked it here himself, I know).
It looks like Apache is connecting to his Postfix via SMTP, which
signs once, and then his Postfix signs again when it sends to Google.
Is that right?
If so, I can think of a couple ways to stop double-signing:
1) Adjust his signing table to specifically sign xxx_at_xxx.com instead
of *_at_xxx.com (which is signing for apache_at_xxx.com).
2) Adjust his apache to hand off via PHP instead of SMTP
Any other ideas?
SteveJ
Received on Thu Mar 03 2011 - 20:17:02 PST
This archive was generated by hypermail 2.3.0
: Mon Oct 29 2012 - 23:20:16 PST