Re: AlwaysSignHeaders results in "fail"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Fri, 15 Jun 2012 10:59:12 -0700 (PDT)

On Fri, 15 Jun 2012, lutz.niederer_at_gmx.net wrote:
> I wanted to add a custom header to the signing of the mails. The header
> is called X-Scan-Info.
>
> If send mail with this X-Scan-Info header present and I add
> AlwaysSignHeaders X-Scan-Info to opendkim.conf verification always fails.
> AlwaysSignHeaders CC to opendkim.conf verification succeeds.
> AlwaysSignHeaders CC,X-Scan-Info to opendkim.conf verification always fails.
>
> If I send mail with this X-Scan-Info header NOT present and I add
> AlwaysSignHeaders X-Scan-Info to opendkim.conf verification succeeds.
> AlwaysSignHeaders CC to opendkim.conf verification succeeds.
> AlwaysSignHeaders CC,X-Scan-Info to opendkim.conf verification succeeds.
>
> OpenDKIM is running on a mail relay. The header is added at the hop
> before that relay. So, the relay does not do anything with this header
> except passing it through like all the other headers. I can also
> clearly see that the header is not modified (it is pretty simple
> "X-Scan-Info: a").
>
> Strange! Any tips what I am missing here?

The only thing AlwaysSignHeaders does is amend the "h=" value to ensure
your named header field(s) are always there even if they were absent
during signature generation. They don't actually cause the header field
to be signed. Try adding this to your configuration:

SignHeaders *,+x-scan-info

-MSK
Received on Fri Jun 15 2012 - 17:59:35 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:40 PST