-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
The way you're going about things sounds a bit unorthodox. It doesn't surprise me that the signatures are failing -- even though it may seem that you're doing everything right. I'm not familiar with OpenEMM, and it wasn't clear to me from your e-mail exactly how your setup works or how messages are sent. Let me give you an example from my situation. Consider an "old fashioned" simple mailing list software such as majordomo. In a mojordomo setup configured with dkim-filter, messages sent to the list would be signed and then messages sent out from the list to all recipients would be signed again. What I want is for the original message to be signed/verified, and then for the messages sent from the list to be signed after the list made any changes to the headers. In order to accomplish this, I wrote dkim-verify. https://www.lotspeich.org/~erik/dkim/ dkim-verify can also verify mail delivered locally which I think is nice (you could make the argument that this is a pointless feature, but I like it for correctness/completeness). dkim-verify works by transparently executing the target program (e.g. majordomo, etc.) and signing the output. I don't know if OpenEMM can be used this way -- if it can, dkim-verify might be the solution for you. Regards Erik Sven-Thorsten Fahrbach wrote: > Hi all > > I am trying desperately to have my DKIM signatures accepted by Yahoo! > and Gmail. Strangely, if I send a message via any given email client > like Thunderbird or Squirrelmail, I have no problem whatsoever. But I > need to send a large amount of Newsletters - the reason why it is > paramount that they get signed with DKIM, so that we don't land in some > provider's spam folder. The newsletter program we use is OpenEMM. Since > OpenEMM doesn't support either DKIM or DomainKeys, I wrote a perl script > that creates a watch with inotify on OpenEMM's mail queue and sends them > via Mail::Sender and SMTP to exactly the same sendmail process that > signs other mails correctly. It doesn't work with those mails, though. > They are signed but Gmail shows a "hardfail" and Yahoo says "bad sig". > What's odd: I was able to get Yahoo and Gmail to accept the signature > with an email whose headers I'd previously significantly shortened. I > took the following control file: > > T1263300415 > S<[email protected]> > R<[email protected]> > H?P?Return-Path: <[email protected]> > HReceived: by mail.company.com for <[email protected]>; Tue, 12 Jan 2010 > 12:46:55 GMT > HMessage-ID: <[email protected]> > HDate: Tue, 12 Jan 2010 12:46:55 GMT > HFrom: Company Inc. <[email protected]> > HReply-To: Reply Company Inc. <[email protected]> > HTo: <[email protected]> > HSubject: domainkeys test 13.46 > HX-Mailer: OpenEMM V6.0.1 > HMIME-Version: 1.0 > HContent-Type: text/plain; charset="UTF-8" > HContent-Transfer-Encoding: quoted-printable > . > > and changed it like that: > > T1263300415 > S<[email protected]> > R<[email protected]> > H?P?Return-Path: <[email protected]> > HMessage-ID: <open...@invalid> > HDate: Tue, 12 Jan 2010 11:39:55 GMT > HFrom: Company <[email protected]> > HReply-To: Company <[email protected]> > HTo: <[email protected]> > HSubject: 11.51 > HX-Mailer: OpenEMM > HMIME-Version: 1.0 > HContent-Type: text/plain; charset="UTF-8" > HContent-Transfer-Encoding: quoted-printable > . > > The second version's signature is accepted by Yahoo and Gmail. Note that > I process the headers, and parse out the sendmail-specific stuff (like > the 'H' preceding the header lines. The headers that I feed to the perl > sender are correct, so that shouldn't be the problem. > > The second version is slightly longer but it beats me how that should > make a difference as there is no way to ensure that the complete length > of the headers doesn't exceed a certain size. > > If anyone could so much as point me in the right direction, that would > be great as I've been working on this for quite a long time and my boss > is beginning to expect some results. ;-) > > Thanks in advance! > > Sven-Thorsten Fahrbach > > ------------------------------------------------------------------------------ > Throughout its 18-year history, RSA Conference consistently attracts the > world's best and brightest in the field, creating opportunities for Conference > attendees to learn about information security's most important issues through > interactions with peers, luminaries and emerging and established companies. > http://p.sf.net/sfu/rsaconf-dev2dev > _______________________________________________ > dkim-milter-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAktQkwsACgkQY21D/n6bGwfMWwCeLigTWCEO1WV1XgjJ8oq2A8UL qUwAoJgMhGDDlNmkh/t9hVvhi+Jfgw8e =MIs1 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
