I was thinking that specific email that was received might be retrieved, stripped of its dkim headers and resent under controlled conditions to see what broke.
I've seen two emails recently - on a moderately busy server that hosts some high traffic discussion lists, as well as personal mail for half a dozen people who are "heavy" users of email .. that failed dkim validation and signature verification was disabled .. on the latest exim and its libdkim, on debian. Both seem to be random spam - one forwarded through a friend's pobox account and sent originally from a webmail .. and the second being some kind of send to a friend feature on a video site, that's being abused to send nigerian spam to a mailing list address. As spam isn't particularly noted for good construction .. /var/log/exim4/mainlog.6.gz:2010-02-18 19:23:55 1NiJT8-0001OV-VA DKIM: Error while running this message through validation, disabling signature verification. /var/log/exim4/mainlog.6.gz:2010-02-18 19:23:55 1NiJT8-0001OV-VA <= [email protected] H=sienna.pobox.com [64.74.157.51]:56699 I=[204.74.68.40]:25 P=esmtp S=31396 [email protected] T="Great hotel deals from India and across the globe" from <[email protected]> for [email protected] /var/log/exim4/mainlog.6.gz:2010-02-18 19:23:55 cwd=/var/spool/exim4 3 args: /usr/sbin/exim4 -Mc 1NiJT8-0001OV-VA /var/log/exim4/mainlog.6.gz:2010-02-18 19:23:55 1NiJT8-0001OV-VA => xyz <[email protected]> F=<[email protected]> R=localuser T=local_delivery S=31556 /var/log/exim4/mainlog.6.gz:2010-02-18 19:23:55 1NiJT8-0001OV-VA Completed /var/log/exim4/mainlog.9.gz:2010-02-16 03:52:27 1NhLyd-0000Wr-7z DKIM: Error while running this message through validation, disabling signature verification. /var/log/exim4/mainlog.9.gz:2010-02-16 03:52:27 1NhLyd-0000Wr-7z <= [email protected] H=(livevideo.com) [207.7.146.81]:4201 I=[204.74.68.40]:25 P=smtp S=75499 id=634018895491215...@lvml11 T="Join kufo.george on LiveVideo!" from <[email protected]> for [email protected] /var/log/exim4/mainlog.9.gz:2010-02-16 03:52:27 cwd=/var/spool/exim4 3 args: /usr/sbin/exim4 -Mc 1NhLyd-0000Wr-7z /var/log/exim4/mainlog.9.gz:2010-02-16 03:52:27 1NhLyd-0000Wr-7z => listname <[email protected]> F=<[email protected]> R=mailman_router T=mailman_transport S=75553 /var/log/exim4/mainlog.9.gz:2010-02-16 03:52:27 1NhLyd-0000Wr-7z Completed On Wed, Feb 24, 2010 at 7:21 PM, Michael Thomas <[email protected]> wrote: > I'm sort of dubious about this. Unless you're using z=, your chances of > figuring out why something broke are slim to none. With z=, your chances > of figuring it out are merely slim. > > Mike, with far too much experience at that > > On 02/24/2010 02:17 AM, Suresh Ramasubramanian wrote: >> >> I support this. The rest of Barry's charter proposal is OK by me. >> >> thanks >> suresh >> >> On Wed, Feb 24, 2010 at 3:27 PM, Franck Martin<[email protected]> wrote: >>> >>> Shouldn't we move forward Murray's draft "quickly" that allows to report >>> back broken DKIM signature to the validating domain? >>> >>> This would allow to collect information on why signature gets broken >>> making the DKIM draft stronger. >>> >> >> >> > > -- Suresh Ramasubramanian ([email protected]) _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
