For your first question, look at the LocalADSP setting in your dkim-filter.conf
configuration file (and its corresponding man page).
For your second question, I contacted Yahoo! to investigate this. It turns out
that dkim-milter's library (libdkim) and also older versions of OpenDKIM's
library (libopendkim) contained a bug in relaxed body canonicalization, which
is the mode Yahoo! uses. OpenDKIM v1.2.0 contained a fix for this. As they
upgrade their servers to contain that patch, older software without the fix
will begin getting verification errors from Yahoo!. This is probably what
you've been observing.
To date, dkim-milter has not been patched to include the fix.
-MSK
From: Howard Leadmon [mailto:[email protected]]
Sent: Wednesday, March 17, 2010 11:00 AM
To: [email protected]
Subject: [dkim-milter-discuss] Couple Questions..
I have had dkim-milter (as well as dk-milter) running for a while on my
server, and on a couple clients servers, and have a couple questions hopefully
someone can help with.
First, and maybe I am just overlooking it, but is there a way in the
configuration of dkim-milter to say, if mail is received saying it's from
xx.com domain (replace xx with your choice), then it must have a valid DKIM
signature, and if not to reject/trash can the mail??
I guess for example, I know Yahoo.com now supports DKIM, but we get tons of
SPAM saying it's from Yahoo.com, but in reality it's from various hacked
machines around the world, not yahoo. Of course they don't include a DKIM
signature, they just try and fake they are from yahoo. So is there a setting
so I can say if mail is being sent to me, and it says it's from Yahoo.com, to
then check for a DKIM signature (as I know real Yahoo mail will have one), and
if it has an invalid signature, or no signature at all, then to trash
can/reject the message.
Issue in point, I have a client that keeps trying to bounce invalid rejects
for SPAM being faked as from Yahoo back to yahoo saying it's to invalid users
on their server, but then Yahoo is blacking listing them for hammering them
with reject messages. So it just seemed that I should be able to use DKIM to
eliminate that issue, any suggestions?
Second question, I know as stated above that Yahoo is doing DKIM and DK
signatures in their email, but when I get a message in from Yahoo, it tells me
the DK signature is good, but that the DKIM signature is bad. If I send a
message back to my Yahoo account, it tells me that my signatures are good.
Am I munging up Yahoo's header without knowing it, or are they really sending
out broken DKIM which is almost hard to believe. I will include a header
below, and see if anyone can help give me a clue on this one..
Return-Path: <[email protected]>
X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on vorlon.leadmon.net
X-Spam-Level:
X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
DKIM_SIGNED,NML_ADSP_CUSTOM_MED,RCVD_IN_DNSWL_NONE,T_DKIM_INVALID,
T_RP_MATCHES_RCVD autolearn=no version=3.3.0
Received: from web55305.mail.re4.yahoo.com (web55305.mail.re4.yahoo.com
[206.190.58.184])
by mail.leadmon.net
(8.14.4/8.14.4/LNSG+SCOP+PSBL+LUBL+NJABL+SBL+DSBL+SORBS+CBL+RHSBL) with SMTP id
o2GFTNRm021714
for <[email protected]>; Tue, 16 Mar 2010 11:29:29 -0400 (EDT)
(envelope-from [email protected])
X-DKIM: Sendmail DKIM Filter v2.8.3 mail.leadmon.net o2GFTNRm021714
Authentication-Results: mail.leadmon.net; dkim=neutral
(verification failed) [email protected]; x-dkim-adsp=none
X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 mail.leadmon.net o2GFTNRm021714
Authentication-Results: mail.leadmon.net; domainkeys=pass (testing)
[email protected]
X-SenderID: Sendmail Sender-ID Filter v1.0.0 mail.leadmon.net o2GFTNRm021714
Authentication-Results: mail.leadmon.net; sender-id=none
[email protected]; spf=none [email protected]
Received: (qmail 60648 invoked by uid 60001); 16 Mar 2010 15:29:20 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024;
t=1268753360; bh=JecJQZ5crTJyCPPwhSdwHjvKlZ0J1eRmAioIi0cHFko=;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Versio
n:Content-Type;
b=EFVEgrcR7xIkP2xmyZAOVMKuDGmz+I4PuDe0De7hHylz10HkeD/kSHM1726KapUxDyCLxEMCm
xV/raxVZ1jd3JP6p5Px2cV4oMa5AKuA8gksffACxDlq4+Z04Ir6rFBm6L/Rh7TyTxdgdIRcsVSz
OG1k5suwToUVgm2owbiKO8M=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Versio
n:Content-Type;
b=VqgR7lfgVono8S220TD5VtFEleOm7ghh4Qw0eJNuLR3AqqLnw7o27l6bDhVzjfvDOSFkmDECK
ziIG3yS+3lFxO+qYdZNZPU+JKxR36grtBFc69NFIEcphgY8zIGWANYhIxZlhUYtzv1VUYFWYgBt
APk5SPfDL7CF7aK2Ie022OM=;
Message-ID: <[email protected]>
X-YMail-OSG: Lk0c8nUVM1mZ_7Xj8gFaO7l902oEAsl6844PMAYUeKDotcGlsSnDhn9tCPNJnV2
Q83dVpRU3JBpA1WqU24A4bcwfnkWLi5YfzoBMxN0mxjLxj8BKE3_nOybhP3FW0V5zkaZ2gyJAv3
8Z_ZS8AH2jgy4rQgZwRuv0kR.BBFbyriRat4zOu7IvOCWxn8MAqx9jhxv1938pTvnLS33I2HLiv
pa59zO.6yDMCjJycjxU7hM1RD3Z9zkTEVSvytx.ui520N96rt1yG1gckPpbSZTIrVBKtNGXuw1j
urYEvZqVqyVWl4E02mz5pKxHhfZaTg--
Received: from [173.13.218.153] by web55305.mail.re4.yahoo.com via HTTP;
Tue, 16 Mar 2010 08:29:20 PDT
X-Mailer: YahooMailRC/324.3 YahooMailWebService/0.8.100.260964
Date: Tue, 16 Mar 2010 08:29:20 -0700 (PDT)
From: Howard Leadmon <[email protected]>
Subject: testing...
To: [email protected]
MIME-Version: 1.0
Content-Type: text/plain;
charset=us-ascii
X-TM-AS-Product-Ver: CSC-0-6.0.1038-17252
X-TM-AS-Result: No--1.87-4.50-31-1
X-Virus-Scanned: clamav-milter 0.95.3 at vorlon.leadmon.net
X-Virus-Status: Clean
If I am doing something that is munging up the header, any ideas on fixing it,
as for sure I'd like to have DKIM working well.
Thanks for any input, always appreciated...
---
Howard Leadmon - [email protected]<mailto:[email protected]>
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
dkim-milter-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
