Hi Todd, At 12:55 15-06-2007, Todd Lyons wrote: >1) When a gmail user sends an email to a mailing list, typically only >about 1 out of 10 will verify using dkim-milter-1.0.0. > # dkim-stats /var/lib/dkim/test.db | grep gmail.com > gmail.com:1/1 27 pass/253 fail, last v=2, l=0, a=0, Fri Jun 15 > 12:01:47 2007 >I get emails from the LKML, NANOG, and a couple other mailing lists as >well. It doesn't seem to matter if it's Mailman or Majordomo, only >about 10% pass verification when coming through a mailing list. When >received direct from gmail, it verifies properly.
Emails going through Mailman generally fail DKIM verification as there is a footer added to the email and the subject line is modified. This mailing list is such an example. The above statistics is normal if you receive mail from mailing lists. FWIW, mail through NANOG and a few other mailing lists passes DKIM verification. >Is there anything that I can do as a Mailman list admin to make it more >dkim friendly? You can configure Mailman not to modify the message and the subject line. Or you could sign the mail going through your mailing lists. >2) I also was testing various Features. In my original deployment, the >only Feature I enabled was _FFR_STATS. Per the email exchange >yesterday, I enabled _FFR_ANTICIPATE_SENDMAIL_MUNGE on both my personal >and our work mail server. That change caused my emails to stop >verifying. Turned it back off and it started verifying again (from one >sendmail machine to another in both cases). I did enable >_FFR_SELECT_SIGN_HEADERS with no consequences, but I'm not using >OmitHeaders in my config, so that codepath really isn't being utilized. If you are using Postfix, there is no need to have _FFR_ANTICIPATE_SENDMAIL_MUNGE. You can capture the canonicalized form of the message you are signing with dkim-milter. Send an email to an autoresponder and you will see what is being verified at that end. Can you send me a DKIM signed email which fails verification off-list? >My question, is it a known issue that _FFR_ANTICIPATE_SENDMAIL_MUNGE >causes verification errors? I am using sendmail 8.13.8 on both machines >I control (personal and work). It should not cause verification errors with sendmail 8.13.8. If you are doing masquerading or any header rewriting, DKIM verification will fail. >3) Note: In order to enable _FFR_STATS and build properly on RH 8.0, I >had to modify the db detection macro from 4,0,0 to 4,1,0 in stats.c and >dkim-stats.c to get the correct number of parameters for the open() >function. I just pulled "1" out of the air, maybe it should have been >4,2,0, I don't know. I just know that if the 4,0,0 check fails, the >fallback open() call had the correct matching number of parameters. Can you please post that to the bug tracker so that the bug gets fixed? Please specify the BDB version you are using. Regards, -sm ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
