On Fri, 11 Apr 2008, Hadar Pedhazur wrote: > When I run tests with sa-test at sendmail.net, with any domain that is > hosted on my server, everything works as expected. They correctly verify > my signatures (each domain has its own selector) and I correctly verify > their response. > > When I run a test for the one remote domain, they _correctly_ verify > that my domain has signed the other domain, with the correct selector, > but when they send the reply to the other domain, and it gets forward > (via an alias!) back to me, dkim-milter reports: > > Apr 11 10:01:32 new dkim-filter[5030]: B780A614F84: bad signature data
Generally speaking, a reply would be a new message and would not contain the signature you added. Thus, the signature being reported as "bad" isn't one you generated. What's in the reply, exactly? Is it signed by the recipient domain? > I get the X-DKIM header (showing version 2.5.2), but not the > "Authentication-Results" header (it's not there, I would have thought it > would show the failure, so perhaps that's a clue?!?). You should get that header, I agree. I'd have to see an example message to be able to explain further. > To summarize, when sending a test mail from my server to sendmail.net, > if their response goes to a third server, which forwards their response > back to the original server via an alias, the original server throws a > "bad signature" error. That would indicate something is altering the headers or the body somewhere in that chain of servers. Try sending your message again with "Diagnostics" set to "true". When you get the reply back, gzip it up and send it to me and I'll take a look at it. > Finally, I added the third server to my peerlist (-a), which I thought > would make my server stop trying to verify, but I still get "bad > signature" whenever that server auto-forwards a mail to me that has a > signature that my server created. You may have specified that server incorrectly. As SM requested, please include your configuration file (or command line arguments) and the contents of the peerlist. ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
