Thank you for your time and the investigation. There seems to be no solution on exim side.
I've whitelisted yahoo for the moment. all the best. Karl-Heinz On 23.09.2014, at 14:22, [email protected] wrote: >> From: Karl-Heinz Wild > >> i've a problem with dkim and yahoo. >> >> the log shows me something, it seems very special >> ----------------------------------------------------------------- >> 2014-09-23 12:00:06 1XWMtC-000Dzw-0C DKIM: d=yahoo.com s=s2048 >> c=relaxed/relaxed a=rsa-sha256 t=1411466404 [verification failed - signature >> did not verify (headers probably modified in transit)] >> 2014-09-23 12:00:06 1XWMtC-000Dzw-0C DKIM: d=yahoo.com s=s1024 >> c=relaxed/relaxed a=rsa-sha256 t=1411466404 [verification succeeded] >> 2014-09-23 12:00:06 1XWMtC-000Dzw-0C DKIM TEST: domain=yahoo.com >> possible_signer=yahoo.com status=fail reason=signature_incorrect >> ----------------------------------------------------------------- >> >> as you can see there are two lines. one succeeded and the first fails. >> the difference seems to be the s=1024 vs s=2048. > > I just sent a few test messages via yahooMail ( @ yahoo.com ). > Messages sent from a MUA (Opera Mail, like Thunderbird) in Eastern Europe > via SMTP through smtp.mail.yahoo.com (with authentication) > came from yahoo's datacenter in Ireland (nm14-vm7.bullet.mail.ir2.yahoo.com), > each message has two DKIM-signatures: top one s=s2048 verification failed > and bottom one s=s1024 verification succeeded. > Messages sent from yahooMail's web-interfaces (Basic and FullyFeatured) > came from yahoo's datacenter in Buffalo,NY > (nm5-vm0.bullet.mail.bf1.yahoo.com), > have only one DKIM-signature with s=s1024. > Verification done by my Exim 4.83. > > I found an older message (05 Jul 2014) submitted from Thunderbird in Argentina > via SMTP through smtp.mail.yahoo.com, it has two DKIM-signatures and came from > yahoo's datacenter in Nebraska (nm10-vm4.bullet.mail.ne1.yahoo.com), > so perhaps submitter's geolocation is irrelevant. > > I suspect that yahoos broke something when they did another stupid thing: > mow messages submitted via SMTP don't show submitter's IP-address anywhere > in the header (though messages submitted via web-interfaces do show > submitter's IP-address in the bottom Received). > > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
