Problem signing MultipleSignatures from LDAP

From: Patrick Ben Koetter <p_at_state-of-mind.de>
Date: Mon, 21 Nov 2011 12:27:16 +0100

I am having trouble with "bad identity" signatures for sender signatures, but
not for domain level signatures.

To me the obvious problem which breaks identification is an "_at_", which is
added before the actual mail address in the header.i= section:

Authentication-Results: mail.state-of-mind.de (amavisd-new); dkim=softfail (invalid, bad identity)
        header.i=_at_alice_at_play.state-of-mind.de

This is not the case when I sign at domain level:

Authentication-Results: mail.state-of-mind.de (amavisd-new); dkim=pass
        header.i=_at_play.state-of-mind.de

Identifiers, Selectors and Keys are retrieved from an LDAP backend. The
identifiers are noted as fqdn mail address and subdomain:

        alice_at_play.state-of-mind.de
        play.state-of-mind.de

I believe this complies with openDKIMs selection algorithm as documented in
opendkim.conf(5):

        For all other database types, the full user_at_host is checked first,
        then simply host, then user_at_.domain (with all superdomains checked
        in sequence, so "foo.example.com" would first check
        "user_at_foo.example.com", then "user@.example.com", then "user@.com"),
        then .domain, then user_at_*, and finally *.

Could it be openDKIM erroneously always adds an "_at_"? I tried with
_at_play.state-of-mind.de as Indentifier and ended up with two @@s:

        header.i=_at__at_play.state-of-mind.de


This is as far as I went. Anything beyond would be pure speculation.

Anyone with an idea what I could be doing wrong?

p_at_rick

P.S.
I am using opendkim-2.5.0 Beta 2 and didn't test other versions.

-- 
state of mind ()
Digitale Kommunikation
http://www.state-of-mind.de
Franziskanerstraße 15      Telefon +49 89 3090 4664
81669 München              Telefax +49 89 3090 4666
Amtsgericht München        Partnerschaftsregister PR 563
Received on Mon Nov 21 2011 - 11:27:37 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:21 PST