Re: Signing based on Return-Path

From: Rolf E. Sonneveld <R.E.Sonneveld_at_sonnection.nl>
Date: Mon, 12 May 2014 21:42:18 +0200

Hi, Thomas

On 05/12/2014 06:19 PM, Thomas Kramer wrote:
> I try signing mails based on (two different) Return-Path senders but I
> always end up in "no signing table match for (from Adress) Error
> message.
>
> Any hint on that?
>
> Using openDKIM 2.6.8 (Debian Backport) with Postfix 2.7.1 and via milter.
>
> Regards,
> Thomas
>

 From RFC5321 (http://tools.ietf.org/html/rfc5321):

    When the delivery SMTP server makes the "final delivery" of a
    message, it inserts a return-path line at the beginning of the mail
    data. This use of return-path is required; mail systems MUST support
    it. The return-path line preserves the information in the <reverse-
    path> from the MAIL command. Here, final delivery means the message
    has left the SMTP environment. Normally, this would mean it had been
    delivered to the destination user or an associated mail drop, but in
    some cases it may be further processed and transmitted by another
    mail system.


I'm not sure where the "no signing table" error comes from, but signing
the Return-Path (if present during opendkim processing) during the early
stages of mail submission will (most of the time) result in a non-zero
percentage of 'DKIM fail' at the receivers side.

/rolf
Received on Mon May 12 2014 - 19:42:40 PST

This archive was generated by hypermail 2.3.0 : Mon May 12 2014 - 19:45:01 PST