The presence of an Authentication-Results: header field for both domainkeys and dkim is evidence of success.
From: [email protected] [mailto:[email protected]] On Behalf Of Ernie Grossmann Sent: Sunday, April 11, 2010 10:47 PM To: [email protected]; [email protected] Subject: Re: [dkim-ops] No signature on incoming mail > Date: Sun, 11 Apr 2010 03:00:53 +0000 > From: [email protected] > To: [email protected] > Subject: Re: [dkim-ops] No signature on incoming mail > CC: [email protected] > > >Do most senders *NOT* use DK or DKIM signatures? Do I have a problem > >with my DNS? > > Most mail is still unsigned, but the signed fraction is considerably > above 0.01%. > > > How can I troubleshoot/fix? > > Send yourself mail from a Yahoo or Gmail account, both of which sign > their mail, and turn on all the log options to see what's happening. > > R's, > John Thanks for the info. I think I *may* have figured it out. Knowing that not much mail is signed is helpful. Amavis-new does check domain key signatures. But I also have the dkim-filter installed. When sending from my Yahoo account to my personal account (on mail server), there is no log entry for dkim-filter daemon (almost all mail says "no signature data"). I have not (figured out how to) enable verbose logging, so I'm assuming the absence of a dkim-filter message in the mail.log means no error. The header from the actual email is (usernames removed): Return-Path: <@yahoo.com<mailto:[email protected]>> X-Original-To: @edge06.net<mailto:[email protected]> Delivered-To: @edge06.net<mailto:[email protected]> Received: from localhost (bluebird01 [127.0.0.1]) by bluebird01.edge06.net (Postfix) with ESMTP id CABEC175E6 for <@edge06.net<mailto:[email protected]>>; Sun, 11 Apr 2010 22:39:18 -0600 (MDT) Authentication-Results: bluebird01.edge06.net; domainkeys=pass (testing) [email protected]<mailto:[email protected]> Authentication-Results: bluebird01.edge06.net; dkim=pass (1024-bit key; insecure key) [email protected]<mailto:[email protected]>; x-dkim-adsp=none (insecure policy) X-Virus-Scanned: Debian amavisd-new at edge06.net X-Spam-Flag: NO X-Spam-Score: -1.782 X-Spam-Level: X-Spam-Status: No, score=-1.782 tagged_above=-999 required=3.5 tests=[AWL=-0.314, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, HTML_MESSAGE=0.001] autolearn=no Authentication-Results: bluebird01.edge06.net (amavisd-new); domainkeys=softfail (invalid, public key: DNS query timeout for s1024._domainkey.yahoo.com) [email protected]<mailto:[email protected]> Received: from bluebird01.edge06.net ([127.0.0.1]) by localhost (bluebird01.edge06.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C6Qzfc7EaePr for <@edge06.net<mailto:[email protected]>>; Sun, 11 Apr 2010 22:38:46 -0600 (MDT) Received: from web56506.mail.re3.yahoo.com (web56506.mail.re3.yahoo.com [66.196.97.35]) by bluebird01.edge06.net (Postfix) with SMTP id 5AF7DD14 for <@edge06.net<mailto:[email protected]>>; Sun, 11 Apr 2010 22:38:35 -0600 (MDT) Authentication-Results: bluebird01.edge06.net; domainkeys=pass (testing) [email protected]<mailto:[email protected]> Authentication-Results: bluebird01.edge06.net; dkim=pass (1024-bit key; insecure key) [email protected]<mailto:[email protected]>; x-dkim-adsp=none (insecure policy) Received: (qmail 59893 invoked by uid 60001); 12 Apr 2010 04:38:35 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1271047115; bh=FYv+TRcRZ3oSKb649dCiT53VuO6BIlx7TSHt498BRrU=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=THkLxHyCYZGqlb1S0cyLp0eBOvqUAlE1lWKcoFTqyBLNjmBx/DSw7jKP8fDckChY+aavfJhwK4zZulhS4VKHWUOICnqJNWnhfwZDJLBoZjY+x3zFWvmcIRgcXNn9NvzDIqxDHhP57bEMGaHE2/WqbPy5b2hZfRkVHJrrfyzLo/c= DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=UTwmtNhSk7Yw9kum0YW0AczEh+LnR1qnENx6Nsg9U4mG5POsvjoTRO1i9yUCG5q12sMngnWgh0fVOoA8nGfR2S8NO8t0FAYtmWE2zw/bIPN8kEaAKpJzAyqTN9MTRuk0JzrRjFP7HbetyfcXJKpssWjo5ysF6sLOSI0PpxRT1f4=; Message-ID: <[email protected]<mailto:[email protected]>> X-YMail-OSG: uTEm18sVM1kpsuQ_8QOu1Ofbv3fepmBeMKI_oEogP1qjljE qVHVuwNFacPRoiqoiGVwe63mooJku20dIe23bJ3qOfXa_YpLH3LClNwgDVL5 WN.8Z5jeGgEkkqozHdFLWGHq5aEmfz3LPgeU2eLASfh43DY_tDDfBtkUs2fQ ttMXGjB7FWrWwty0gNcvQxjkR9woo_aq7e3cI6pNe0Mz6E4Erl4eoNRWVXnt M4c6oNh5SGd5kourh8_F7JGAFz2DXd89cPGF2vjwpkmrZkIti0uCofTp3.Ad i.nzZ4vOVpSo- Received: from [63.230.70.220] by web56506.mail.re3.yahoo.com via HTTP; Sun, 11 Apr 2010 21:38:35 PDT X-Mailer: YahooMailRC/348.3 YahooMailWebService/0.8.100.260964 Date: Sun, 11 Apr 2010 21:38:35 -0700 (PDT) That appears to be a good signature, correct? If so, then I guess I'll need to contact the amavis mailing list to figure out why it is failing on the signature verification since dkim-filter is okay. Thanks again. Ernie Grossmann ________________________________ The New Busy is not the old busy. Search, chat and e-mail from your inbox. Get started.<http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3>
_______________________________________________ dkim-ops mailing list [email protected] http://mipassoc.org/mailman/listinfo/dkim-ops
