I recently upgraded from a laptop running Ubuntu 10.04, which I had
set up to sign my outgoing mail using dkim-milter, to a new laptop
with Ubuntu 11.04 (so I have the opendkim package, version
2.3.2+dfsg-0ubuntu1). I copied my dkim signing configuration into
/etc/opendkim.conf to work with opendkim, and discovered that the
verification of the messages was failing.
However, if I remove the AlwaysSignHeaders line from my
opendkim.conf, then verification works.
Any idea why this might be the case, and how I could enable
AlwaysSignHeaders again?
I posted two example messages, one with the configuration that
doesn't verify:
http://dbaron.org/tmp/dkim-test-1
and one with the configuration that does verify:
http://dbaron.org/tmp/dkim-test-2
I included the current configuration file inside each email.
$ wget -q -O -
http://dbaron.org/tmp/dkim-test-1 | dkimproxy-verify
originator address: dbaron_at_dbaron.org
signature identity: _at_dbaron.org
verify result: fail (message has been altered)
sender policy result: neutral
author policy result: neutral
ADSP policy result: neutral
$ wget -q -O -
http://dbaron.org/tmp/dkim-test-2 | dkimproxy-verify
originator address: dbaron_at_dbaron.org
signature identity: _at_dbaron.org
verify result: pass
sender policy result: accept
author policy result: accept
ADSP policy result: accept
-David
--
L. David Baron http://dbaron.org/
Mozilla Corporation http://www.mozilla.com/
Received on Wed May 04 2011 - 21:20:41 PST