Hi Mark, 2011/1/18 Mark Martinec <mark.martinec+ama...@ijs.si>:
> The DKIM signature tags? You need to read the RFC 4871 section 3.5. > For public key tags see section 3.6.1 of the same document. Thanks, will do! >> So, if someone from outside mails to one of my hosted mailing lists, >> and these lists change the subject or add a footer, it's fairly normal >> that the Authentication-Result shows softfail for DKIM, right? > > Yes, as received by the final recipient, member of a mailing list. Ok. What I would have expected in this case is that there is at least one Authentication-Results header saying that the first instance of the mail arrived correctly, before it even came to the mailing list software. However, it seems, that always only the last instance of the Authentication-Results header is in the mail, which of course shows softfail for a list that adds footers. Is there any option of preserving the first header, stating that the message as arrived was OK, before it got mangled by the mailing list software? I tried it with local and external domains, the result is always the same. > The content filter before handing message over to a MLM > can add its own Authentication-Result header field, which > would indicate the mail as received by a MLM did have a > valid signature. It seems I can't achieve this with my set-up. :-( I don't find out why no Authentication-Results header is added. > There is another possibility, namely the last stage may remove a > previous Authentication-Result header field, if it carries the same > domain name. This follows from: Maybe that's the reason why I am missing the first header? If so, can/should this be disabled? What still confuses me is the following: me@localdomain => another@localdomain DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=localdomain me@localdomain => another@externaldomain DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=localdomain another@externaldomain => list1@lists.localdomain DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lists.localdomain So far, so good. me@localdomain => list1@lists.localdomain DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=localdomain me@anotherlocaldomain => lists1@lists.localdomain DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=anotherlocaldomain So, it seems as soon as the original sender domain is local, the respective key is used to sign, rather than the lists key. Is this correct, or wrong? Thanks! Florian ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org