Re: [Assp-test] Antwort: Two DKIM problems

[Thomas Eckardt]

>Is there any opportunity to have 
>ASSP take over the functionality of adding missing message-id's

No - a poxy does never add a Message-ID.

Thomas



Von:    Scott MacLean <a...@hollsco.com>
An:     ASSP development mailing list <assp-test@lists.sourceforge.net>
Datum:  06.11.2010 15:59
Betreff:        Re: [Assp-test] Antwort:  Two DKIM problems



OK, I can see how that will fix it. Is there any opportunity to have 
ASSP take over the functionality of adding missing message-id's 
before it generates the DKIM signature, in order to solve this 
problem while still retaining the message-id as part of the DKIM 
signature?

At 03:19 AM 11/6/2010, Thomas Eckardt wrote:

>Scott,
>
> >Any idea where I should be looking next, Thomas?
>
>If not all clients are generating a Message-ID (which is not RFC conform)
>, you have to remove the Message-ID tag from the Headers signing policy.
>
>change from:
>
>    Algorithm=rsa-sha1
>    Method=relaxed/relaxed
>    Headers=Message-ID:From:Subject:To:MIME-Version:Content-Type
>    KeyFile=c:/assp/certs/server-key.pem
>    Mode=DKIM
>
>to:
>
>    Algorithm=rsa-sha1
>    Method=relaxed/relaxed
>    Headers=From:Subject:To:MIME-Version:Content-Type
>    KeyFile=c:/assp/certs/server-key.pem
>    Mode=DKIM
>
>RFC says, that if a server receives a MIME mail without a MessageID he 
has
>to add one. If a Message-ID is found he should not change it.
>In your case the signature is build using an empty (or what ever)
>Message-ID to build the signature. If now the next server in chain gets
>the mail, he will add a Message-ID and the resulting rsa-sha1 hash for 
the
>Header-Tags will be changed and the next server in chain, who checks the
>DKIM, will produce the error about the failed signature.
>
>Thomas
>
>
>
>
>Von:    Scott MacLean <a...@hollsco.com>
>An:     ASSP development mailing list <assp-test@lists.sourceforge.net>
>Datum:  05.11.2010 21:33
>Betreff:        Re: [Assp-test] Antwort:  Two DKIM problems
>
>
>
>OK, I've done a LOT of research today to find out what is causing
>this problem, and it appears I've found the problem.
>
>I started noticing that mail being sent by some mail clients through
>my server would produce DKIM-signed messages that validated
>correctly, while mail being sent by other mail clients (i.e. Eudora,
>my phone, some web mail applications) would produce DKIM-signed
>messages that failed to validate.
>
>Doing a bunch of testing and looking at the message headers, I
>narrowed down what the difference is: The DKIM validation fails on
>email sent by those mail clients that do NOT include a message-ID as
>part of their message header. Two clients I have found that do not
>send a message-ID: Eudora, and the Palm Pre phone.
>
>If the client generates and includes a message-ID as part of the
>message header, the DKIM validation passes. If it does not generate
>the message-ID header, and allows ASSP to insert it, the DKIM validation
>fails.
>
>I have DoMsgIDSig enabled. I tried turning it off, but it made no
>difference: the messages coming from clients that do not insert the
>message-id still failed DKIM validation.
>
>Any idea where I should be looking next, Thomas?
>
>
>At 06:35 AM 11/5/2010, Thomas Eckardt wrote:
>
> > >So your server has to use a 'FROM:' address with @hollsco.com !
> >
> >Sorry - the 'mail from:' address (envelope sender) is the one that is
>used
> >to detect if a DKIM signature should be added or not - not the 'FROM:'
> >address that is in the header .
> >
> >
> > >Nov-04-10 10:20:23 FS-80423-13130 [Worker_1] 12.34.56.78
> > ><tests...@hollsco.com> to: autorespond+dkim-rela...@dk.elandsys.com
> > >DKIM: self signature check: result: pass - detail: pass
> >
> >If this is shown in the log, ASSP has successfuly checked the created
> >signature using your DNS records! There is nothing more I can do.
> >
> >Thomas
> >
> >
> >
> >Von:    Scott MacLean <a...@hollsco.com>
> >An:     ASSP development mailing list <assp-test@lists.sourceforge.net>
> >Datum:  04.11.2010 16:04
> >Betreff:        Re: [Assp-test] Antwort:  Two DKIM problems
> >
> >
> >
> >
> >At 05:10 AM 11/4/2010, Thomas Eckardt wrote:
> >
> > > >The second problem
> > >
> > >ASSP is looking for the email address of the sender - a DKIM 
signature
> > >will be added if a valid DKIM configuration is found for the sending
> > >domain. So your server has to use a 'FROM:' address with @hollsco.com 
!
> >
> >The email definitely has a FROM address. Here is an example header:
> >
> >Return-Path: i...@domain.com
> >Delivered-To: i...@domain.com
> >Received: from mail.frogstar.com ([192.168.0.160])
> >    by mail.frogstar.com
> >    ; Thu, 4 Nov 2010 02:19:37 -0400
> >Received: from fs1.netbound.com ([67.159.45.157] helo=frogstar.com) by
> >    mail.frogstar.com with ESMTP (2.0.2); 4 Nov 2010 02:19:36 -0400
> >Received: from FS1 ([192.168.0.161]) by frogstar.com with Microsoft
> >SMTPSVC(6.0.3790.4675);
> >     Thu, 4 Nov 2010 02:19:36 -0400
> >From: "Domain Admin" <i...@domain.com>
> >To: "Domain Admin" <i...@domain.com>
> >Subject: Subject of message
> >Date: Thu, 04 Nov 2010 02:19:36 -0400
> >Message-ID:
><frog.89255cfc63.frog.5924a9e48a.frog.59249a2c46.20101104-02193663-...@fs1>
> >MIME-Version: 1.0
> >Content-Type: text/html
> >Return-Path: i...@domain.com
> >X-OriginalArrivalTime: 04 Nov 2010 06:19:36.0634 (UTC)
> >FILETIME=[412DC9A0:01CB7BE8]
> >
> >
> >This email, when routed through the IIS SMTP server, does not get a
> >DKIM header added. However, the same email, sent directly to ASSP
> >instead of through the IIS SMTP server, gets the DKIM header added
> >correctly:
> >
> >
> >Return-Path: i...@domain.com
> >Delivered-To: i...@domain.com
> >Received: from mail.frogstar.com ([192.168.0.160])
> >    by mail.frogstar.com
> >    ; Thu, 4 Nov 2010 02:52:29 -0400
> >DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=domain.com;
> >    h=Message-ID:From:Subject:To:MIME-Version:Content-Type; s=alpha;
> >    bh=Ub+UOLDhHFPhUsX++81Ve9689E4=;
> >b=Frgb9rvA7adGunn0pDVpHMk+FY6cHveJI2ADVvdrAG2s3TPGcFtFQ9zqopJqsP7Cr 
> 
pW8eRDtMgxxwE8WbE8ZlIgv/KfAoOwN8n0sdB+vC5sLBQUXMfMzUq/BLu7hx4CSjMHw4i2RPDO2dQcqyfJsotsmDscWKsdS+lbOBDAkiYI=
> >Received: from FS1 ([67.159.45.157] helo=FS1) by mail.frogstar.com with
> >ESMTP
> >   (2.0.2); 4 Nov 2010 02:52:28 -0400
> >From: "Domain Admin" <i...@domain.com>
> >To: "Domain Admin" <i...@domain.com>
> >Subject: Subject of message
> >Date: Thu, 04 Nov 2010 02:52:29 -0400
> >Message-ID: 
<frog.992676ddb2.frog.99248f6996.20101104-02522915-1...@fs1>
> >MIME-Version: 1.0
> >Content-Type: text/html
> >
> >
> >
> > > >The first one is
> > >
> > >
> > >Set 'DKIMlogging' to diagnostic. In this case assp will do an 
complete
> > >reverse check for every created signature. Tell me what assp is 
logging
> > >about this.
> >
> >I did so, and it is showing the signature is OK:
> >
> >Nov-04-10 10:20:23 FS-80423-13130 [Worker_1] 12.34.56.78
> ><tests...@hollsco.com> to: autorespond+dkim-rela...@dk.elandsys.com
> >recipient accepted: autorespond+dkim-rela...@dk.elandsys.com
> >Nov-04-10 10:20:23 FS-80423-13130 [Worker_1] 12.34.56.78
> ><tests...@hollsco.com> to: autorespond+dkim-rela...@dk.elandsys.com
> >[Plugin] calling plugin ASSP_AFC
> >Nov-04-10 10:20:23 FS-80423-13130 [Worker_1] [MessageOK] 12.34.56.78
> ><tests...@hollsco.com> to: autorespond+dkim-rela...@dk.elandsys.com
> >message ok [relaxed test] -> d:/assp/notspam/13130.eml
> >Nov-04-10 10:20:23 [Worker_1] DKIM: Selector = alpha
> >Nov-04-10 10:20:23 [Worker_1] DKIM: Domain = hollsco.com
> >Nov-04-10 10:20:23 [Worker_1] DKIM: KeyFile =
> >d:/assp/certs/dkim_private_key_alpha.pem
> >Nov-04-10 10:20:23 [Worker_1] DKIM: Method = relaxed/relaxed
> >Nov-04-10 10:20:23 [Worker_1] DKIM: Headers =
> >Message-ID:From:Subject:To:MIME-Version:Content-Type
> >Nov-04-10 10:20:23 [Worker_1] DKIM: Mode = DKIM
> >Nov-04-10 10:20:23 [Worker_1] DKIM: Algorithm = rsa-sha1
> >Nov-04-10 10:20:23 FS-80423-13130 [Worker_1] 12.34.56.78
> ><tests...@hollsco.com> to: autorespond+dkim-rela...@dk.elandsys.com
> >info: successful added DKIM-Signature
> >Nov-04-10 10:20:23 FS-80423-13130 [Worker_1] 12.34.56.78
> ><tests...@hollsco.com> to: autorespond+dkim-rela...@dk.elandsys.com
> >DKIM: self signature check: result: pass - detail: pass
> >Nov-04-10 10:20:23 FS-80423-13130 [Worker_1] 12.34.56.78
> ><tests...@hollsco.com> to: autorespond+dkim-rela...@dk.elandsys.com
> >finished message - received size: 0 Byte - sent size: 1.70 kByte
> >Nov-04-10 10:20:23 [Worker_1] Disconnected: 12.34.56.78  - command
> >list was 'EHLO,AUTH,RSET,MAIL FROM,RCPT TO,DATA,QUIT' - used 11
> >SocketCalls
> >
> >However the response still shows a fail:
> >
> >The results are as follows:
> >
> >DKIM Signature validation: fail (verification failed)
> >DKIM Author Domain Signing Practices: "dkim=all"
> >
> >ADSP is not required for DKIM signature validation.
> >
> >
> >So I suspect the problem may be on the DNS side, in that the
> >receiving mail server is not getting the key properly from DNS in
> >order to validate the signature?
> >------------------------------------------------------------------- 
> -----------
> >The Next 800 Companies to Lead America's Growth: New Video Whitepaper
> >David G. Thomson, author of the best-selling book "Blueprint to a
> >Billion" shares his insights and actions to help propel your
> >business during the next growth cycle. Listen Now!
> >http://p.sf.net/sfu/SAP-dev2dev
> >_______________________________________________
> >Assp-test mailing list
> >Assp-test@lists.sourceforge.net
> >https://lists.sourceforge.net/lists/listinfo/assp-test
> >
> >
> >
> >
> >DISCLAIMER:
> >*******************************************************
> >This email and any files transmitted with it may be confidential, 
legally
> >privileged and protected in law and are intended solely for the use of
>the
> >
> >individual to whom it is addressed.
> >This email was multiple times scanned for viruses. There should be no
> >known virus in this email!
> >*******************************************************
> >
> >
> >
> >------------------------------------------------------------------- 
> -----------
> >The Next 800 Companies to Lead America's Growth: New Video Whitepaper
> >David G. Thomson, author of the best-selling book "Blueprint to a
> >Billion" shares his insights and actions to help propel your
> >business during the next growth cycle. Listen Now!
> >http://p.sf.net/sfu/SAP-dev2dev
> >_______________________________________________
> >Assp-test mailing list
> >Assp-test@lists.sourceforge.net
> >https://lists.sourceforge.net/lists/listinfo/assp-test
>
>------------------------------------------------------------------------------
>The Next 800 Companies to Lead America's Growth: New Video Whitepaper
>David G. Thomson, author of the best-selling book "Blueprint to a
>Billion" shares his insights and actions to help propel your
>business during the next growth cycle. Listen Now!
>http://p.sf.net/sfu/SAP-dev2dev
>_______________________________________________
>Assp-test mailing list
>Assp-test@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
>DISCLAIMER:
>*******************************************************
>This email and any files transmitted with it may be confidential, legally
>privileged and protected in law and are intended solely for the use of 
the
>
>individual to whom it is addressed.
>This email was multiple times scanned for viruses. There should be no
>known virus in this email!
>*******************************************************
>
>
>
>------------------------------------------------------------------------------
>The Next 800 Companies to Lead America's Growth: New Video Whitepaper
>David G. Thomson, author of the best-selling book "Blueprint to a
>Billion" shares his insights and actions to help propel your
>business during the next growth cycle. Listen Now!
>http://p.sf.net/sfu/SAP-dev2dev
>_______________________________________________
>Assp-test mailing list
>Assp-test@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/assp-test

------------------------------------------------------------------------------
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book "Blueprint to a 
Billion" shares his insights and actions to help propel your 
business during the next growth cycle. Listen Now!
http://p.sf.net/sfu/SAP-dev2dev
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally 
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no 
known virus in this email!
*******************************************************



------------------------------------------------------------------------------
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book "Blueprint to a 
Billion" shares his insights and actions to help propel your 
business during the next growth cycle. Listen Now!
http://p.sf.net/sfu/SAP-dev2dev
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test