Yes that's correct, both are in the same domain. Thanks John
On Wed, Aug 27, 2008 at 10:24 PM, Eric Shubert <[EMAIL PROTECTED]> wrote: > That's an odd one, all right. And I think you've described the situation > pretty well (at least I think I understand what's happening). > > Both instances are sending from exactly the same domain, right? > > Tek Support wrote: >> You know, I don't think it has anything to do with simscan. A staff >> member in the office using a Mac laptop is sending mail to port 587 >> (no TLS option available in her Mac - only SSL, but she is in the >> local office and the Mail Server is in the local office, and she is >> not sending her password over the internet, so it's probably fine to >> go without TLS in her case). Anyway, when she sends an email to port >> 587 into our mail server to yahoo, it fails with domainkey failed >> error header. When I send via PC and Thuderbird into our external >> firewall port forwarded into Mail Server port 587 with or without TLS >> to yahoo (I've tried both ways), it works perfectly and the domainkey >> header suceeded. >> >> In both instances (Mac internal office, PC external - internet), >> simscan is listed below the Domainkey header. So since mine works and >> her's does not, I don't think it is simscan/clamav. It's happening to >> both of our emails, so that would not appear to be a problem. >> >> But, what in the world could it be? I'm obviously going to have to go >> into the office and try sending from my Thunderbird out to yahoo and >> see if that still works. But no matter if it does or does not, how >> could Mac Mail or PC Thunderbird have anything to do with the headers >> and HASH that would cause domainkeys to fail or suceed since they are >> only calculated and added after the message has been handed off to >> port 587 on the Mail Server? >> >> For referrence, the external firewall only does a packet forwarding >> into our mail server for traffic on port 587, and does not rewrite >> anything. >> >> Thanks >> John >> >> >> >> >> >> On Wed, Aug 27, 2008 at 9:06 PM, Tek Support <[EMAIL PROTECTED]> wrote: >>> Well, we probably don't need it that bad that then. >>> >>> Thanks >>> John >>> >>> >>> >>> On Wed, Aug 27, 2008 at 10:37 AM, Eric Shubert <[EMAIL PROTECTED]> wrote: >>>> I don't know, short of looking at the code. That would be in the (heavily >>>> patched) source code for the qmail-smtp program. Looking that up would not >>>> be a trivial exercise. >>>> >>>> Tek Support wrote: >>>>> As you said (would have to), how do I determine the order they are >>>>> run? Is it simply that the DKIM header is added on top of the >>>>> simscan, thus simscan first and dkim 2nd? >>>>> >>>>> Thanks >>>>> John >>>>> >>>>> >>>>> >>>>> On Tue, Aug 26, 2008 at 2:14 PM, Eric Shubert <[EMAIL PROTECTED]> wrote: >>>>>> Simscan does scan outbound mail, but scans only for viruses (clamav), not >>>>>> spam (spamassassin). This is consistent with the message you're seeing. >>>>>> >>>>>> Adding the DK signature would (have to) happen after this scan. >>>>>> >>>>>> Tek Support wrote: >>>>>>> Hi Eric, thanks for the quick reply. The reason I think it's doing >>>>>>> outbound scanning is a specific line in the header, maybe you can shed >>>>>>> some light on it. In an email sent from mydomain to my yahoo accout >>>>>>> these are in the headers. The line I'm interrested in, is possibly >>>>>>> added by yahoo, but I think it's from me. >>>>>>> >>>>>>> Received: by simscan 1.3.1 ppid: 4768, pid: 4895, t: 0.0658s >>>>>>> scanners: attach: 1.3.1 clamav: 0.93.3 >>>>>>> >>>>>>> Wouldn't simscan be run on my box, and if so, would it be done before >>>>>>> DKIM or after? >>>>>>> >>>>>>> Thanks >>>>>>> John >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Tue, Aug 26, 2008 at 9:42 AM, Eric Shubert <[EMAIL PROTECTED]> wrote: >>>>>>>> Tek Support wrote: >>>>>>>>> Hi all, recently I had asked if there was a reason to use the port 587 >>>>>>>>> if I installed spamdyke (because spamdyke authenticated my dynamic >>>>>>>>> users and ignored the rbls). Well, maybe I've found something that >>>>>>>>> would still require me to use 587 instead of port 25. I would >>>>>>>>> appreciate any info. >>>>>>>>> >>>>>>>>> As of right now, my staff are using port 25 for outbound - I just >>>>>>>>> didn't see the need to have another port open to the outside when >>>>>>>>> after installing spamdyke, they were able to send and were not blocked >>>>>>>>> as "dynamic". But the staff have been having trouble sending to >>>>>>>>> yahoo.com, and in looking at the headers on a message that finally >>>>>>>>> arrived into yahoo (and gmail) the headers show this: >>>>>>>>> >>>>>>>>> Authentication-Results: mta553.mail.mud.yahoo.com from=mydomain.com; >>>>>>>>> domainkeys=fail (bad sig) >>>>>>>>> >>>>>>>>> But I had gone through the process step by step and tested my DKIM >>>>>>>>> with the sourceforge.net sites, and those showed that my dkim seemed >>>>>>>>> accurate. So, anyway in a brilliant flash of light I decided to try >>>>>>>>> port 587, and on my first try I got these headers in an email sent to >>>>>>>>> yahoo and gmail: >>>>>>>>> >>>>>>>>> Received-SPF: pass .... >>>>>>>>> DomainKey-Status: good >>>>>>>>> Authentication-Results: mx.google.com; spf=pass ... >>>>>>>>> >>>>>>>>> So, I guess my question would be, does something in the spam checking >>>>>>>>> on outbound emails from pop3/smtp users (not imap and squirrelmail) >>>>>>>>> with spamdyke, rewrite the headers after the dkim has processed the >>>>>>>>> email which would cause my DKIM hash to be invalid when yahoo and >>>>>>>>> gmail check it? >>>>>>>> I don't believe that spam checking is enabled on outgoing mail, at >>>>>>>> least not >>>>>>>> in the 'stock' toaster. So the answer is, not that I'm aware of. >>>>>>>> >>>>>>>> Note, squirrelmail gets a 'free pass' (open relay), due to the >>>>>>>> localhost >>>>>>>> line in the /etc/tcprules/tcp.smtp file. >>>>>>>> >>>>>>>> Also, be aware that DK and DKIM are 2 different things. The toaster >>>>>>>> has a >>>>>>>> (somewhat broken, at least on the incoming side) DK implementation. The >>>>>>>> toaster has no DKIM capability. >>>>>>>> >>>>>>>> I suppose that DK might work (better) with the port 587 configuration >>>>>>>> than >>>>>>>> with port 25. I wouldn't know why though, as I'm not familiar with the >>>>>>>> problem(s) that DK has. We had a fellow in Russia on the list a while >>>>>>>> back >>>>>>>> who fixed some things with it, but we haven't heard from him in quite >>>>>>>> a while. >>>>>>>> >>>>>>>>> CentOS 5 >>>>>>>>> x86_64bit >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> John >>>>>>>>> >>>>>>>> -- >>>>>>>> -Eric 'shubes' >>>>>>>> >>>>>> -- >>>>>> -Eric 'shubes' >>>>>> >>>> >>>> -- >>>> -Eric 'shubes' >>>> > > > -- > -Eric 'shubes' > > --------------------------------------------------------------------- > QmailToaster hosted by: VR Hosted <http://www.vr.org> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
