Re: DKIM hardfail (with eg. google or test sites)

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Sat, 16 Mar 2013 07:17:47 -0700 (PDT)

On Fri, 15 Mar 2013, Matthias Weiss wrote:
> Murray, there has to be something else going on. The reason is this, I can
> send a test mail via command line like this:
>
> sendmail -f myenvelopefrom_at_mydomain.com -i -t <<EOF
> From: me_at_mydomain.com
> Sender: postmaster_at_mydomain.com
> To: testaccount_at_gmail.com
> Subject: Test
>
> Test
> EOF
>
> That means the "Sender:" field will be part of the message in any case. Still
> it's missing in the "z=..." header entry.

"Sender" is not in the list of fields that are signed by default. You
need to add it to SignHeaders if you want it to be signed when present.

> So if opendkim will use all header fields that it gets than this means
> postfix is not giving opendkim all header fields.

It won't sign all of them, only the configured list, unless you override
it. See "SignHeaders" in opendkim.conf(5).

-MSK
Received on Sat Mar 16 2013 - 14:18:06 PST

This archive was generated by hypermail 2.3.0 : Sat Mar 16 2013 - 14:27:01 PST