> I saw my email comeing back from a listserver scored as dkim failed. (I > tested my dkim signatures with sendmail and dkim.org, showed no problems)
the > suggestions on the list seem to indicate a different set of default headers > be used during signing. (I noticed, at least, that the listserver stripped off > x-virus-scanned header, but that seems to be included in the default set for > 2.6.2) other suggestions include NOT signing the received headers and using > relaxed/relaxed instead of relaxed/simple. any comments? I can see where in > One suggestion I was NOT able to do, was l= >From amavisd notes: currently ignored tags are l [ell] and z. Seems this is important if you post a dkim signed email to a listserver and they append 'unsubscribe' information to bottom. # @dkim_signature_options_bysender_maps maps author/sender addresses or # domains to signature tags/requirements; possible signature tags according # to RFC 4871 are: (v), a, (b), (bh), c, d, (h), i, l, q, s, (t), x, z; # of which the following are determined implicitly: v, b, bh, h, t # (tag h is controlled by %signed_header_fields); currently ignored tags # are l and z; instead of an absolute expiration time (tag x) one may use # a pseudo tag 'ttl' to specify a relative expiration time in seconds, which # is converted to an absolute expiration time prior to signing: x = t + ttl; # a built-in default is provided for each tag if no better match is found # -- Michael Scheidell, CTO >|SECNAP Network Security Winner 2008 Network Products Guide Hot Companies FreeBSD SpamAssassin Ports maintainer _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _________________________________________________________________________ ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
