I gave up on domainkeys signing in my server since my ISP (optonline) alters the header thus invalidating my domainkeys signature. Both yahoo and gmail header shows bad domainkeys. I had alot of help from Erik with this and came up with the solution that the use of smtproutes with domainkeys does not work, I think it was on wikipedia too.
Thanks, John. On Sat, August 5, 2006 11:10 am, Eric \"Shubes\" wrote: > I've done some testing with yahoo, and this is what I've found: > > .) yahoo to toaster seems to work fine with domain keys. I see yahoo's > signature in the header, and it was accepted ok. > > .) toaster directly to yahoo with dk signature works. Message goes into > bulk yahoo folder, I think because toaster is on a dynamic IP address. > > .) toaster using smtproutes (I presume with dk is still signing) via > outbound.mailhop.org (a dyndns.org service) works. Message goes into > inbox yahoo folder. > > I don't see a way on yahoo to inspect headers, so I'm presuming a little > here. I have a test in progress with cox.net where I'll be able to > inspect headers. I expect it will be ok too. > > BL, domainkeys work ok with smtproutes (at least through dyndns's > mailhop). It's still possible that some ISPs *may* screw things up, but > they shouldn't (in theory). > > If anyone would care to explain in more detail why this works, or comes > across a case where it doesn't, I'm all ears. I'm guessing that DK > signatures reflect some, but not all header information. > > Note, I'm running the current (1.3) toaster on CentOS4.3. > > Eric "Shubes" wrote: >> Ok, I think I'm getting it. >> >> My understanding is that the DK signature is generated from the header >> and the body, so any additions/alterations would invalidate the >> signature. So I tend to agree with you. >> >> If that's the case, though, then what DynDNS told me is wrong. I'm >> hesitant to question them, as they're pretty sharp with this stuff too. >> >> I'm wondering how this *could* work. Maybe certain (routing related) >> header entries aren't included in the signature. That would almost need >> to be the case, given server farms and requirements of very large >> companies. Otherwise, key (especially private) distribution could be a >> nightmare. >> >> Anywise, no sense in speculating. I should be seeing failures in a day >> or two if this indeed doesn't work. Stay tuned... >> >> Erik Espinoza wrote: >>> DomainKeys only works if your server talks directly to the destination >>> server. If you force all your mail via your isp server using >>> smtproutes, then their server will add some headers which will in turn >>> invalidate all your DomainKey signatures. >> >> > > > -- > -Eric 'shubes' > > --------------------------------------------------------------------- > QmailToaster hosted by: VR Hosted <http://www.vr.org> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------- .how soon not now becomes never. _martin luther --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
