RE: opendkim AUTH pass-es for received mail, but fails on forward ...

From: Murray S. Kucherawy <msk_at_cloudmark.com>
Date: Tue, 10 Apr 2012 21:47:15 +0000

> -----Original Message-----
> From: locuse_at_mm.st [mailto:locuse_at_mm.st]
> Sent: Tuesday, April 10, 2012 2:43 PM
> To: Murray S. Kucherawy; opendkim-users_at_lists.opendkim.org
> Subject: Re: opendkim AUTH pass-es for received mail, but fails on forward ...
>
> the original external -> zimbra delivery has a From: ==
> "###_at_fastmail.fm".

Then the queried policy record will be _adsp._domainkey.fastmail.fm.

> dig TXT _adsp._domainkey.fastmail.fm +short
> "v=spf1 include:spf.messagingengine.com ?all"

This causes the error, because it was looking for an ADSP policy record and it got back an SPF policy record, likely caused by an unfortunate wildcard TXT record at fastmail.fm.

But the one that worked should react the same way if they're getting the same DNS data, so my guess is that it's getting a different TXT reply (or none) somehow.

-MSK
Received on Tue Apr 10 2012 - 21:47:28 PST