On Mon, 3 Nov 2008, Erik Lotspeich wrote: > My vanity domain has a "sign all" DKIM policy. The last message I sent > to this list failed verification. Here's the syslog output: > > Nov 3 15:59:51 starfish dkim-filter[25472]: mA3LxjiJ004928 external host > lists.sourceforge.net attempted to send as lotspeich.org > Nov 3 15:59:51 starfish sendmail[4928]: mA3LxjiJ004928: Milter insert > (1): header: Authentication-Results: starfish.lotspeich.org; dkim=none > (no signature)\n\theader.i=unknown; dkim-asp=fail > > I guess the "From: Erik Lotspeich <[EMAIL PROTECTED]>" in the message > body was enough for dkim-milter to believe that lists.sourceforge.net was > trying to send mail from my domain.
Correct. Moreover, mailman (which SourceForge uses) in its current incarnations removes DKIM signatures, so the message apparently sent by you was unsigned, which appears to verifiers to be a violation of your advertised signing policy. > I know that mailing lists and DKIM can be tricky. It certainly is > common for mailing lists to rewrite the From header. Is there a good > solution -- or at least a workaround for this issue? I think the appropriate thing to do would be to pressure mailman not to have "remove DKIM signatures" enabled by default. You're not the last domain that's going to have this problem. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
