On Wednesday 2011-05-04 14:43 -0700, Murray S. Kucherawy wrote:
> > -----Original Message-----
> > From: opendkim-users-bounce_at_lists.opendkim.org [mailto:opendkim-users-bounce_at_lists.opendkim.org] On Behalf Of L. David Baron
> > Sent: Wednesday, May 04, 2011 2:20 PM
> > To: opendkim-users_at_lists.opendkim.org
> > Subject: AlwaysSignHeaders causing messages not to verify
> >
> > I recently upgraded from a laptop running Ubuntu 10.04, which I had
> > set up to sign my outgoing mail using dkim-milter, to a new laptop
> > with Ubuntu 11.04 (so I have the opendkim package, version
> > 2.3.2+dfsg-0ubuntu1). I copied my dkim signing configuration into
> > /etc/opendkim.conf to work with opendkim, and discovered that the
> > verification of the messages was failing.
> >
> > However, if I remove the AlwaysSignHeaders line from my
> > opendkim.conf, then verification works.
> >
> > Any idea why this might be the case, and how I could enable
> > AlwaysSignHeaders again?
> >
> > I posted two example messages, one with the configuration that
> > doesn't verify:
> > http://dbaron.org/tmp/dkim-test-1
> > and one with the configuration that does verify:
> > http://dbaron.org/tmp/dkim-test-2
> > I included the current configuration file inside each email.
> >
> > $ wget -q -O - http://dbaron.org/tmp/dkim-test-1 | dkimproxy-verify
> > originator address: dbaron_at_dbaron.org
> > signature identity: _at_dbaron.org
> > verify result: fail (message has been altered)
> > sender policy result: neutral
> > author policy result: neutral
> > ADSP policy result: neutral
> > $ wget -q -O - http://dbaron.org/tmp/dkim-test-2 | dkimproxy-verify
> > originator address: dbaron_at_dbaron.org
> > signature identity: _at_dbaron.org
> > verify result: pass
> > sender policy result: accept
> > author policy result: accept
> > ADSP policy result: accept
>
> Can you try repeating these tests with "Diagnostics True" added to both configuration files?
Repeated test 1 + Diagnostics as test 3, and test 2 + Diagnostics as
test 4:
$ wget -q -O -
http://dbaron.org/tmp/dkim-test-3 | dkimproxy-verify
originator address: dbaron_at_dbaron.org
signature identity: _at_dbaron.org
verify result: fail (message has been altered)
sender policy result: neutral
author policy result: neutral
ADSP policy result: neutral
$ wget -q -O -
http://dbaron.org/tmp/dkim-test-4 | dkimproxy-verify
originator address: dbaron_at_dbaron.org
signature identity: _at_dbaron.org
verify result: pass
sender policy result: accept
author policy result: accept
ADSP policy result: accept
-David
--
L. David Baron http://dbaron.org/
Mozilla Corporation http://www.mozilla.com/
Received on Wed May 04 2011 - 22:03:16 PST