> -----Original Message----- > From: [email protected] [mailto:dkim-ops- > [email protected]] On Behalf Of Allan E. Johannesen > Sent: Wednesday, August 26, 2009 8:37 AM > To: [email protected] > Cc: [email protected] > Subject: [dkim-ops] Yahoo/BellSouth configuration > > [...] > > I turned off the DKIM filter, since I can't see the message until I do > that. > > A message from them to me had this header: > > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bellsouth.net; > s=s1024; t=1251295577; bh=AWurPyCfrWyL7Q4VoVf/3EwEKj++xepXQ72Z/H6SNU0=; > h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In- > Reply-To:MIME-Version:Content-Type; > b=NtTZuqgdUa6AbMvBYLAcplSRLag1MYv64CaLP9tngtSO4p7uuclGatImb9L7aRHaLFlXH > 1LXPHPDH7DN05y4/JwxZSyg1lJND9iaNejALpGTeyuBSSE1NjBWAhh97Z1vpSWVEqvZL6x7 > q7JmBJVxy8dMrpqdRg92ahgXJgUYJc0= > > The problem is that bellsouth.net has no selector named s1024. > However, > yahoo.com does: > [...] > > So, my question is about how our DKIM filter is supposed to know to > check > yahoo.com when given a domain of bellsouth.com in the DKIM-Signature > > Is there a newer version than dkim-milter-2.8.3 which might understand > some new > magic about how to translate domain names given in the DKIM header?
My guess is Yahoo! is providing mailbox service for Bellsouth. They send mail on behalf of bellsouth.net and are signing that mail with DKIM, but are changing the "d=" to match the sending domain while still using their own keys. This causes verifiers to (correctly!) go to bellsouth.net's DNS servers to get the key but, as you've observed, it's not there, which makes verification impossible. There's no magic to apply here. The verifier is doing what the signer told it to do, but what the signer said is unfortunately invalid. Your best bet until this gets straightened out is to relax what the filter does in response to key retrieval failures. Check the documentation for the filter you're using for assistance. -MSK _______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
