Re: Listing the "testing" flag in Authentication-Results?

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Sun, 16 Dec 2012 22:14:58 -0800 (PST)

On Wed, 12 Dec 2012, Dan Mahoney, System Admin wrote:
> 1) I'm running opendkim-milter under FreeBSD, and I could have sworn
> that if you had t=y set on your flag during verification, that you'd get
> something like "result=pass (testing)" in the Authentication-Results
> header. Am I just misremembering, or does the (testing) only show up in
> failure situations, or ADSP testing?

It doesn't show up for the "pass" case. It probably should. Feel free to
open a bug or feature request for this on SourceForge.

> 2) I've had a few experiences where I've had a key retrieval failure (DNS
> issues), and I found that while OpenDKIM adds the X-DKIM header, and logged
> the error to syslog, there's not a corresponding authentication-results
> header that would be shown to the user that indicates this was tried and
> failed Is it possible to "log" this to the mail message?

I just did this to test with 2.7.3:

- take a message from gmail with a valid signature
- add an "x" to the front of the selector name
- run the message through opendkim's command line test mode

It said:

### INSHEADER: idx=1 hname='Authentication-Results' hvalue='DEBUG-j; dkim=permerror reason="key not found"
         header.d=gmail.com header.i=_at_gmail.com header.b=f/OBYVKE;
         dkim-adsp=none (insecure policy); dkim-atps=neutral'

So it did try to do exactly what you're asking for in that case.

-MSK
Received on Mon Dec 17 2012 - 06:15:14 PST