Re: opendkim AUTH pass-es for received mail, but fails on forward ...

From: <locuse_at_mm.st>
Date: Tue, 10 Apr 2012 14:43:13 -0700

hi,

On Tue, Apr 10, 2012, at 09:29 PM, Murray S. Kucherawy wrote:
> > is it opendkim config ( in "policy data"?), zimbra config, screwy
> > process flow, or something else?
>
> Policy data, in this context, is based on a query to the DNS based on the
> domain name found in the From: field. (See RFC5617.) So two questions
> come to mind:
>
> 1) Is the From: unchanged between the two deliveries?

the original external -> zimbra delivery has a From: ==
"###_at_fastmail.fm".

the rule-processed messages in both cases, namely (1) that 'kept' in the
receiving account's inbox, and (2) that forwarded to the the other
zimbra account's inbox, have the SAME From: as each other, and as the
original message.

> 2) What's in the data that each machine

it's just the one machine, hosting the two domains, with opendkim
config'd to do multi-domain signing using a Signing- and Key-tables.

> sees when you take the From:
> domain, prepend "_adsp._domainkey." to it, and issue a TXT query for that
> name? That's what the filter will do to evaluate policy.

on my zimbra server, for the external, sending domain, per your request,

        dig TXT _adsp._domainkey.fastmail.fm +short
                "v=spf1 include:spf.messagingengine.com ?all"

which is substantially different than for my two hosted domains,

        dig TXT _adsp._domainkey.doma.locusetest.net +short
                "dkim=all"
        dig TXT _adsp._domainkey.domb.locusetest.net +short
                "dkim=all"

not that i know if that's a concern. i can say that port25verifier
tests tell me it's OK ...
Received on Tue Apr 10 2012 - 21:43:26 PST