Signing after verifying "unverifiable" messages
Hello,
I observed a situation, which I find strange. OpenDKIM 2.5.2 signs all
emails properly, except the one I submit (over SMTP-Submit). In those
emails, the bh= value was always the same and did not depend on the
content of the message. However, when I turned off the verification in
setup.lua and left only signing, the bh= value started getting right.
Here is my setup.lua script
local mtaname = odkim.get_mtasymbol(ctx, "{daemon_name}")
if mtaname == "sm-80" then
odkim.verify(ctx)
odkim.sign(ctx, "aegee", "dkim+sm-80_at_aegee.org")
elseif mtaname == "sm-localhost" then
-- odkim.verify(ctx)
odkim.sign(ctx, "aegee", "dkim+sm-localhost_at_aegee.org")
elseif mtaname == "sm-karlsruhe" then
odkim.sign(ctx, "lists", "dkim+sm-karlsruhe_at_lists.aegee.org")
elseif mtaname == "sm-lists" then
odkim.verify(ctx)
elseif mtaname == "MSA-ssl" then
-- odkim.verify(ctx)
odkim.sign(ctx, "aegee", "dkim+MSA-ssl_at_aegee.org")
elseif mtaname == "MSA-tls" then
-- odkim.verify(ctx)
odkim.sign(ctx, "aegee", "dkim+MSA-tls_at_aegee.org")
elseif mtaname == "sm-mail" then
odkim.verify(ctx)
odkim.sign(ctx, "aegee", "dkim+sm-mail_at_aegee.org")
else
odkim.verify(ctx)
odkim.sign(ctx, "aegee", "dkim+strange_at_aegee.org")
end
return nil
The point is, that the emails for MSA-tls/MSA-ssl/sm-localhost are not
signed, so the verification is not supposed to do something useful
(except the cases, where the user signs emails before submitting them,
otherwise it adds correctly Authentication-Results: aegee.org; dkim=none
(no signature) ). But putting those comments there / disabling the
verification really starts generating different bh= for those emails.
Otherwise only emails, that can be verifies, are signed. Any ideas?
Със здраве
Дилян
opendkim.conf:
AddAllSignatureResults yes
AlwaysAddARHeader yes
AuthservID aegee.org
AuthservIDWithJobID yes
Canonicalization relaxed/relaxed
#Domain "csl:aegee.org,aegee.uka.de,aegee.uni-karlsruhe.de"
DisableADSP yes
EnableCoreDumps yes
InternalHosts file:/etc/mail/dkim/internal-hosts
KeepAuthResults yes
KeyTable file:/etc/mail/dkim/keys.dataset
LogWhy yes
MaximumSignaturesToVerify 5
MilterDebug 10
PidFile /var/run/opendkim.pid
ReportAddress mail_at_aegee.org
#SignatureAlgorithm rsa-sha1
#SingleAuthResult yes
SenderHeaders Sender
#SenderMacro {daemon_name}
SendReports yes
SetupPolicyScript /etc/mail/dkim/setup.lua
Socket local:/var/run/opendkim.sock
SubDomains yes
Syslog yes
SyslogSuccess yes
TemporaryDirectory /dev/shm
WeakSyntaxChecks yes
X-Header yes
opendkim -V
opendkim: OpenDKIM Filter v2.5.2
Compiled with GnuTLS 3.0.18
SMFI_VERSION 0x1000001
libmilter version 1.0.1
Supported signing algorithms:
rsa-sha1
rsa-sha256
Supported canonicalization algorithms:
relaxed
simple
Active code options:
QUERY_CACHE
USE_DB
USE_LUA
USE_ODBX
USE_UNBOUND
_FFR_ADSP_LISTS
_FFR_DIFFHEADERS
_FFR_IDENTITY_HEADER
_FFR_LDAP_CACHING
_FFR_OVERSIGN
_FFR_RATE_LIMIT
_FFR_RBL
_FFR_REDIRECT
_FFR_REPLACE_RULES
_FFR_RESIGN
_FFR_STATS
_FFR_STATSEXT
_FFR_VBR
libopendkim 2.5.2: diffheaders xtags query_cache
Received on Wed Apr 11 2012 - 01:48:25 PST
This archive was generated by hypermail 2.3.0
: Mon Oct 29 2012 - 23:20:39 PST