Re: Who manages the sa-test_at_sendmail.net account?

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Wed, 26 Mar 2014 10:17:50 -0700 (PDT)

On Tue, 25 Mar 2014, Erik Logtenberg wrote:
> I did however find that sa-test also uses DKIM to sign their
> autoresponse message, and according to my mailserver their signature
> didn't check out. Now I don't know how to manually check a DKIM
> signature, so I can't figure out if the error is on my side or theirs.
> Anyway, I don't think you can really configure much about the DKIM
> checking, apart from enabling or disabling it altogether. So that's what
> I'd like to ask them.

They're running a pretty old version of opendkim (back when it was known
as dkim-filter), so I can explain some stuff.

Generally speaking the only way to figure out what's breaking a signature
is to get both sides to capture the exact data they signed/verified and
compare them. Their code is configured to send you that information when
your message fails to verify, but when their reply fails you don't have
that information.

Their code might also be configured to include in their response signature
a "z=" tag. You could at least use that to see if the header is being
changed in a way that breaks the signature, but you wouldn't be able to
tell if the body changed.

Let me know if this message's signature verifies. If it doesn't, we can
start down the debugging path. Note that you will probably get two
copies, one from the list and one from me directly; check the latter.

-MSK
Received on Wed Mar 26 2014 - 17:18:11 PST

This archive was generated by hypermail 2.3.0 : Wed Mar 26 2014 - 17:27:01 PST