Re: DKIM hardfail (with eg. google or test sites)

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Matthias Weiss <matthias_at_more-onion.com>
Date: Fri, 15 Mar 2013 16:45:06 +0100

>
> But something else caught my eye, I set the header fields to be signed in
> opendkim.conf as
>
> AlwaysSignHeaders To,Subject,MIME-Version,Content-
> Type,Sender,From,Message-Id,Date,Reply-To,List-Unsubscribe
>
> In the z= header the "Message-Id" and "Sender" fields are missing. Could
> that be a reason?

turned out that this is the reason: I removed Sender and Message-Id from the
AlwaysSignHeaders parameter and now it passes Googles DKIM checks.

Which of course leads me to the question why the message-id and the sender
fields are added to the mail after OpenDKIM signed the mail? I paste here the
opendkim.conf:

AlwaysSignHeaders To,Subject,MIME-Version,Content-Type,From,Date,Reply-
To,List-Unsubscribe
Canonicalization relaxed/relaxed
Domain mydomain.com
DomainKeysCompat true
KeyTable refile:/etc/opendkim/key_table
LogWhy yes
PidFile /var/run/opendkim/opendkim.pid
ReportAddress postmaster_at_mydomain.com
Selector mail
SendReports yes
SigningTable refile:/etc/opendkim/signing_table
Socket unix:/var/spool/postfix/milter/opendkim
Statistics /var/lib/opendkim/stats.dat
Syslog yes
SyslogSuccess yes
UMask 007
UserID milter

We're sending out mail with the postfix sendmail command. The test mails I
sent to gmail had the "Sender" field set on the command line.

In our postfix main.cf we have:

smtpd_milters = unix:/var/spool/postfix/milter/opendkim

non_smtpd_milters = unix:/var/spool/postfix/milter/opendkim

Does anything catch your eye?

matthias
Received on Fri Mar 15 2013 - 15:45:22 PST

This archive was generated by hypermail 2.3.0 : Fri Mar 15 2013 - 15:54:02 PST