https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5890
--- Comment #1 from Mark Martinec <[EMAIL PROTECTED]> 2008-04-21 04:40:16 PST --- > Return-Path: <[EMAIL PROTECTED]> > DomainKey-Signature: s=dkim; d=paypal.com; c=nofws; ... > From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> > Sender: [EMAIL PROTECTED] > Note that the "From:" address is not a paypal domain, but there's a "Sender" > header. presumably that's supposed to override the DKIM credentials looked > up? With DKIM and ASP/SSP the Sender is pretty much irrelevant, unlike DomainKeys, where Sender takes over the From. With DKIM, when a signing domain matches the author (From) domain we have a first-party (= author) signature. In the case above we have a third-party signature. Although the DKIM plugin (i.e. the underlying Mail::DKIM) does check DomainKeys signatures too and follows their verification rules, the SA DKIM plugin's whitelist_dkim only follows DKIM rules, i.e. a missing second argument implies author signature, and a specified second argument (signing domain) covers any signature (third party signatures). In any case the first argument is always a From address, not a Sender address. > we don't seem to: > that's with: > whitelist_dkim [EMAIL PROTECTED] [EMAIL PROTECTED] > although 'whitelist_dkim [EMAIL PROTECTED]' acts the same. The first one should have matched (but I suspect it failed because of the "Can't locate object method" - below), the second one would not match. Can I have a copy of a test message? Btw, I'm currently using the following paypal/ebay wl entries: whitelist_from_dkim [EMAIL PROTECTED] whitelist_from_dkim [EMAIL PROTECTED] whitelist_from_dkim [EMAIL PROTECTED] whitelist_from_dkim [EMAIL PROTECTED] whitelist_from_dkim [EMAIL PROTECTED] whitelist_from_dkim [EMAIL PROTECTED] whitelist_from_dkim [EMAIL PROTECTED] whitelist_from_dkim [EMAIL PROTECTED] whitelist_from_dkim [EMAIL PROTECTED] whitelist_from_dkim [EMAIL PROTECTED] paypal.com whitelist_from_dkim [EMAIL PROTECTED] and the associated rules in 25_yg.cf (my sandbox). > [9765] dbg: dkim: no wl entries match author > [EMAIL PROTECTED], no need to verify sigs > [9765] dbg: dkim: performing public key lookup and signature verification > [9765] dbg: dkim: signing identity: @paypal.com, d=paypal.com, a=rsa-sha1, > c=nofws > [9765] dbg: dkim: public key lookup or verification failed: > Can't locate object method "result" > via package "Mail::DKIM::DkSignature" at > lib/Mail/SpamAssassin/Plugin/DKIM.pm line 372. Is this an old version of Mail::DKIM? I think this bug was fixed on 0.27 or maybe later. I checked our logs and the "Can't locate object method" never occurs (0.30.1 or 0.31). > section "B.2.3 Mailing Lists and Re-Posters" of > http://www.dkim.org/specs/rfc4871-dkimbase.html seems to indicate > that we should be using Sender instead of From here. I don't think it does. I think relevant document is ASP (or SSP). -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
