Re: opendkim AUTH pass-es for received mail, but fails on forward ...

From: <locuse_at_mm.st>
Date: Tue, 10 Apr 2012 16:29:39 -0700

hi,

On Tue, Apr 10, 2012, at 10:59 PM, Murray S. Kucherawy wrote:
> Sorry, I was focused before on the ADSP temperror, not the DKIM failure.
>
> The altered Date: field is almost certainly the problem, assuming your
> DKIM signer signed the Date: field (most do). Look at your
> DKIM-Signature and see if "date" was listed in the value of the "h=" tag.

i'm not clear *which* DKIM signer you're referring to, my server, or the
external sender's ...

the message initially received _at_ my server, from @gmail.com has headers,

        ...
        DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
                d=gmail.com; s=20120113;
                h=mime-version:date:message-id:subject:from:to:content-type;
        ...
        Date: Tue, 10 Apr 2012 16:04:20 -0700
        ...
        Content-Type: text/plain; charset=ISO-8859-1
        Authentication-Results: zimbra.locusetest.net/22E14606AD;
        dkim=pass
                (2048-bit key) header.i=_at_gmail.com header.b=u4nz6Trz;
                dkim-adsp=pass
        X-DKIM: OpenDKIM Filter v2.5.2 zimbra.locusetest.net 22E14606AD

that message, forwarded to another domain/account on the same box, has
headers,

        ...
        DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
                d=gmail.com; s=20120113;
                h=mime-version:date:message-id:subject:from:to:content-type;
        ...
        Date: Tue, 10 Apr 2012 16:04:29 -0700 (PDT)
        ...
        Authentication-Results: zimbra.locusetest.net/22E14606AD;
        dkim=pass
                (2048-bit key) header.i=_at_gmail.com header.b=u4nz6Trz;
                dkim-adsp=pass
        X-DKIM: OpenDKIM Filter v2.5.2 zimbra.locusetest.net 22E14606AD
        X-Zimbra-Forwarded: locuse_at_doma.locusetest.net
        Authentication-Results: zimbra.locusetest.net/ABF0A606AD;
        dkim=fail
                (verification failed) header.i=_at_gmail.com
                header.b=u4nz6Trz;
                dkim-adsp=none
        X-DKIM: OpenDKIM Filter v2.5.2 zimbra.locusetest.net ABF0A606AD


and in my zone files,

        grep domainkey *locusetest.net -A5 | grep "h="
                doma.locusetest.net-
                "v=DKIM1;t=y:s;h=sha256;s=email;"
                doma.locusetest.net-
                "v=DKIM1;t=y:s;h=sha256;s=email;"

where my server's opendkim.conf includes,

        grep SignHeaders /etc/opendkim.conf
                SignHeaders
                message-id,from,reply-to,mime-version,to,subject,content-type,content-transfer-encoding


if it's the "Date" check, how/where do I disable it for this to work
correctly -- and NOT fail?
Received on Tue Apr 10 2012 - 23:29:52 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:39 PST