I say OT because it's my understanding of DKIM that lets me down here, not Gentoo. I'm just not sure who to ask or even if it could be something Gentoo related.
I've recently updated my postfix home mail server to use amavis-new for virus
and spam
filtering rather than procmail/spamassassin.
It seems to be working well and I've also enabled some other goodies like DKIM
signing
and verification. I haven't confirmed signing is working yet, so maybe a side
effect
of this email is that someone can confirm this for me ;)
The main query I have is that a lot of the mail I get, in this case from various
mailing lists, appears to failed DKIM verification.
For example, several of the posters on this list are DKIM signing their mail
either as
part of gmail policy (or another big provider) or personal intent. Something in
the
region of 50% of signed mail on this list contains headers such as:
Authentication-Results: genesis.genestate.com (amavisd-new); dkim=softfail
(fail, message has been altered) [email protected]
Authentication-Results: genesis.genestate.com (amavisd-new); domainkeys=softfail
(fail, message has been altered) [email protected]
Whereas the rest looks like this:
Authentication-Results: genesis.genestate.com (amavisd-new); dkim=pass
[email protected]
Authentication-Results: genesis.genestate.com (amavisd-new); domainkeys=pass
[email protected]
Now I find it unreasonable to assume that 50% of the mail I receive is being
actively
tampered with, so it must be something getting twisted out of shape. All I'm
trying to
discover is whether it's something at my end that I need to fiddle with. I
followed a
few different guides to piece my setup together so it's quite possible I've
overlooked
or misconfigured something.
If anyone knows about DKIM and might be able to shed a light on this, I'd love
to
hear. It's not a big problem, just a puzzle I'm interested in.
Thanks
Matt Harrison
pgp46Pqij6XrY.pgp
Description: PGP signature
