Re: opendkim AUTH pass-es for received mail, but fails on forward ...
hi,
On Tue, Apr 10, 2012, at 10:59 PM, Murray S. Kucherawy wrote:
> Sorry, I was focused before on the ADSP temperror, not the DKIM failure.
>
> The altered Date: field is almost certainly the problem, assuming your
> DKIM signer signed the Date: field (most do). Look at your
> DKIM-Signature and see if "date" was listed in the value of the "h=" tag.
i'm not clear *which* DKIM signer you're referring to, my server, or the
external sender's ...
the message initially received _at_ my server, from @gmail.com has headers,
...
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:date:message-id:subject:from:to:content-type;
...
Date: Tue, 10 Apr 2012 16:04:20 -0700
...
Content-Type: text/plain; charset=ISO-8859-1
Authentication-Results: zimbra.locusetest.net/22E14606AD;
dkim=pass
(2048-bit key) header.i=_at_gmail.com header.b=u4nz6Trz;
dkim-adsp=pass
X-DKIM: OpenDKIM Filter v2.5.2 zimbra.locusetest.net 22E14606AD
that message, forwarded to another domain/account on the same box, has
headers,
...
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:date:message-id:subject:from:to:content-type;
...
Date: Tue, 10 Apr 2012 16:04:29 -0700 (PDT)
...
Authentication-Results: zimbra.locusetest.net/22E14606AD;
dkim=pass
(2048-bit key) header.i=_at_gmail.com header.b=u4nz6Trz;
dkim-adsp=pass
X-DKIM: OpenDKIM Filter v2.5.2 zimbra.locusetest.net 22E14606AD
X-Zimbra-Forwarded: locuse_at_doma.locusetest.net
Authentication-Results: zimbra.locusetest.net/ABF0A606AD;
dkim=fail
(verification failed) header.i=_at_gmail.com
header.b=u4nz6Trz;
dkim-adsp=none
X-DKIM: OpenDKIM Filter v2.5.2 zimbra.locusetest.net ABF0A606AD
and in my zone files,
grep domainkey *locusetest.net -A5 | grep "h="
doma.locusetest.net-
"v=DKIM1;t=y:s;h=sha256;s=email;"
doma.locusetest.net-
"v=DKIM1;t=y:s;h=sha256;s=email;"
where my server's opendkim.conf includes,
grep SignHeaders /etc/opendkim.conf
SignHeaders
message-id,from,reply-to,mime-version,to,subject,content-type,content-transfer-encoding
if it's the "Date" check, how/where do I disable it for this to work
correctly -- and NOT fail?
Received on Tue Apr 10 2012 - 23:29:52 PST
This archive was generated by hypermail 2.3.0
: Mon Oct 29 2012 - 23:20:39 PST