On Mon, 4 Aug 2008, Alan Halachmi wrote: > My question is simply: Is there yet a mechanism to get DKIM to work in > this configuration? The DKIM signature consistently fails.
Since the signature is added based on what the filter sees via SMTP inbound, and the rewriting of the headers occurs outbound, you're guaranteed that any signature that gets added will be invalidated when the MTA rewrites the headers. The most common solutions are: 1) Inject the headers such that they don't need rewriting. 2) Run a second MTA which does the signing after your genericstable and masquerading are done. It's possible to do this on the same machine. 3) Try compiling the filter with and using _FFR_REPLACE_RULES, which provides the means to do string substitution before canonicalization in message headers. This code is experimental but was seen to work in unit tests. If you want to go this route, let me know and I can give you a quick rundown on how to use it. -MSK ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
