[dkim-milter-discuss] Signing verification failures

Mon, 04 Aug 2008 11:59:41 -0700 

Murray,

        Looking through the conversation today with Jim Maloney, it would 
seem that the issue I describe below is fixable either with a second MTA or 
proper use of _FRR_REPLACE_RULES.  I've compiled in the _FRR_REPLACE_RULES 
option, but I wasn't able to find documentation on how to invoke it.

        Your help is appreciated!  Thanks.

Best,
Alan

---------- Forwarded message ----------
To: [email protected]
From: Alan Halachmi <[EMAIL PROTECTED]>
Subject: [dkim-milter-discuss] Signing verification failures
Date: Mon, 04 Aug 2008 12:56:29 -0400 (EDT)

I suspect that my particular situation is currently not fixable, but I did
want to put out the question...

I currently have dkim-milter 2.7.0 configured with sendmail 8.14.3.  The
system that houses the sendmail server is internal.  On the way out the
door, I use both a generics table and masquerading to hide internal domain
information and to rewrite the email address.  Outgoing email are submitted
to the local sendmail instance (configuration noted above).  This sendmail
instance interacts with the milter to sign the message.  The email is then
sent to a smart host (my provider's email server) and then out to the "real
world."

My question is simply:  Is there yet a mechanism to get DKIM to work in
this configuration?  The DKIM signature consistently fails.

Sendmail particulars:
OSTYPE(solaris2)dnl
DOMAIN(halachmi.net)dnl
define(`DATABASE_MAP_TYPE', `dbm')dnl
define(`SMART_HOST',`outgoing.provider.net')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
PLAIN')
FEATURE(`local_procmail')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`nouucp',`reject')dnl
FEATURE(`mailertable')dnl
FEATURE(`domaintable')dnl
FEATURE(`always_add_domain',`halachmi.net')dnl
FEATURE(`limited_masquerade')dnl
FEATURE(`masquerade_entire_domain')dnl
MASQUERADE_AS(`halachmi.net')dnl
MASQUERADE_DOMAIN_FILE(`/etc/mail/masq-domains')dnl
MASQUERADE_EXCEPTION_FILE(`/etc/mail/masq-exceptions')dnl
FEATURE(`genericstable')dnl
FEATURE(`generics_entire_domain')dnl
GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl
FEATURE(`virtusertable')dnl
FEATURE(`virtuser_entire_domain')dnl
FEATURE(`smrsh')dnl
FEATURE(`relay_hosts_only')dnl
FEATURE(`access_db')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`authinfo')dnl
FEATURE(`queuegroup')dnl
FEATURE(`masquerade_envelope')
EXPOSED_USER_FILE(`/etc/mail/exposed-users')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
INPUT_MAIL_FILTER(`dkim-filter', `S=inet:[EMAIL PROTECTED]')
APPENDDEF(`confENVDEF', `-DSTARTTLS -DTCPWRAPPERS -DLDAPMAP -DSTARTTLS -DSASL 
-DMILTER')
APPENDDEF(`confLIBS', `-lwrap -lssl -lcrypto -lsasl2 -llber -lldap -lldap_r')
APPENDDEF(`confINCDIRS', `-I/usr/local/include -I/usr/local/include/sasl -I/usr/
local/include/openssl')
APPENDDEF(`confLIBDIRS', `-L/usr/local/lib -L/usr/local/lib/sasl2 -R/usr/local/l
ib -R/usr/local/lib/sasl2')
APPENDDEF(`confMAPDEF', `-UNEWDB')

dkim particulars:
APPENDDEF(`confLIBS', `-ldb -lresolv -lsocket -lnsl -ldb -lwrap -lssl -lcrypto 
-lsasl2 -llber -lldap -lldap_r -ldl')
define(`bld_LIBDKIM_SHARED', `true')
define(`bld_LIBDKIM_INSTALL', `true')
define(`bld_USE_ARLIB', `true')
APPENDDEF(`confENVDEF', `-DQUERY_CACHE ')
APPENDDEF(`confINCDIRS', `-I/usr/local/include ')
APPENDDEF(`confLIBDIRS', `-L/usr/local/lib ')
APPENDDEF(`confLIBS', `-ldb ')
APPENDDEF(`confINCDIRS', `-I/usr/local/include/openssl ')
APPENDDEF(`confENVDEF', `-D_FFR_REPLACE_RULES ')
APPENDDEF(`bld_dkim_filter_INCDIRS', `-I/usr/local/libmilter')
APPENDDEF(`bld_dkim_filter_LIBDIRS', `-L/usr/lib')

BodyLengths True
Canonicalization relaxed/simple
X-Header True
Domain halachmi.net
SubDomains True
KeyFile /etc/mail/dartboard.private
LogWhy True
MTA MSA
Selector dartboard
SignatureAlgorithm rsa-sha256
Socket inet:[EMAIL PROTECTED]
SubDomains True
Syslog Yes
Userid dkim


Best,
Alan

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
dkim-milter-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
dkim-milter-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss

Reply via email to