Hi Erik, At 21:19 25-07-2009, Erik Lotspeich wrote: >I am extremely stumped by this issue. Here are some e-mail headers for >an e-mail that is not failing an ADSP check. My policy is sign >everything. This mailing list strips the DKIM signature out of the >headers, as you can see.
Your message shouldn't get to me as the x-dkim-adsp status is "fail". >Authentication-Results: starfish.lotspeich.org; dkim=none (no signature) > header.i=unknown; x-dkim-adsp=none The dkim result is correct. The x-dkim-adsp results is incorrect. >Sender: [email protected] [snip] >Here are the logs in from /var/log/maillog that correspond: > >Jul 25 22:16:18 starfish sendmail[4009]: n6Q3GCiU004009: >from=<[email protected]>, size=6002, class=0, >nrcpts=1, msgid=<[email protected]>, proto=ESMTP, >daemon=MTA, relay=lists.XCF.Berkeley.EDU [128.32.112.242] >Jul 25 22:16:18 starfish sendmail[4009]: n6Q3GCiU004009: Milter add: >header: X-SPF-Scan-By: smf-spf v2.0.2 - http://smfs.sf.net/ >Jul 25 22:16:18 starfish sendmail[4009]: n6Q3GCiU004009: Milter add: >header: Received-SPF: None (starfish.lotspeich.org: domain of >[email protected]\n\tdoes not designate permitted >sender hosts)\n\treceiver=starfish.lotspeich.org; >client-ip=128.32.112.242;\n\tenvelope-from=<[email protected]>; >helo=lists.XCF.Berkeley.EDU; >Jul 25 22:16:18 starfish dkim-filter[3791]: n6Q3GCiU004009 no signing >domain match for `lists.XCF.Berkeley.EDU' >Jul 25 22:16:18 starfish dkim-filter[3791]: n6Q3GCiU004009 no signing >subdomain match for `lists.XCF.Berkeley.EDU' >Jul 25 22:16:18 starfish dkim-filter[3791]: n6Q3GCiU004009 no signing >keylist match for `[email protected]' [snip] >The messages that I send to this mailing list also have the DKIM >signature stripped and they fail ADSP, as expected. I can't figure out >why the messages I send to the gimp-users mailing list don't fail. > >I've looked through the code and turned on LogWhy, as you can see, but >nothing jumps out at me. I know that DKIM uses From instead of the >envelope, but the logs sure seem to indicate it's using the envelope. The Sender header field was used. The message should have failed the ADSP test. According to the log, the message is going through some steps to determine whether it would be signed. One of the headers is incorrectly formatted. I haven't been able to determine whether it is a combination of these issues that caused the incorrect ADSP result. Regards, -sm ------------------------------------------------------------------------------ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
