I was comparing your mailet tag to mine. I noticed you added a t=
value. You may have just dummied up the value to post on the forum as
you did the domain name. But if that is the real value, it's very small
number = very old time stamp (basically 40 years old). No idea if
google would be upset with that, and even more curious why it would only
affect resends. But just looking for anything that might be the culprit.
Also, the 'sender' on a resent email is the original sender. So
technically, JAMES is signing an email from a domain it doesn't own.
port25.com gives me a different result when I send an email with the
from address at the actual domain that is signing vs. when I send an
email that is on another domain hosted on my server. They both 'pass'.
But it's noted that the from address is different. Not sure if that
could be a problem with resends and google since the from address is
completely different than the signing domain. But that still begs the
question why it worked on my test. I just don't know enough about the
theory of what is considered an acceptable signature vs. what is not.
I'll keep researching.
Jerry
On 8/15/2010 10:37 PM, Jerry M wrote:
Shahid,
I set up for all inbound email to one of my james accounts to resend
to a gmail account. I guess it's good news for me, but bad news for
you... gmail says the resend was signed correctly. This was a single
test from an outside business email address that I have. Hardly an
exhaustive test. As Stephano mentioned, it could be a formatting
thing on the inbound mail, which I suspect can vary greatly from
sender to sender. So I'm going to leave the resend active for a while
and watch as I get additional real emails from various sources and see
if I get any failures and subsequently can detect a pattern.
If you can test on an email account that no 'real' traffic is coming
into, you might try bouncing to the port25.com tester email address I
mentioned below just to see what it tells you. You'll get more info
than gmail gives regarding DKIM. The only thing is that port25.com
sends the analysis info back to the sender. So if this is a live
email and you are bouncing to port25.com test, the sender will get the
analysis reply (probably not what you want..). Hence the
recommendation to do it on a dormant/test email account.
Let me know if you get any additional info.
Jerry
On 8/15/2010 10:20 PM, Shahid Faiz wrote:
Hi Jerry,
Yes, you are right. Mails which are sent directly to my gmail account
are
verified and delivered to my inbox whereas mails sent using Resend
are not
verified and thats why those mails land in Spam.
Yes, I have also guessed that there were no parameters required. I
will try
looking into ConvertTo7Bit code if that will help.
Thank you very much for the help.
- Shahid
On Mon, Aug 16, 2010 at 8:12 AM, Jerry M<techst...@malcolms.com> wrote:
So you are using resend mailet to send inbound mail that you
receive on to
a gmail account, right? And mail you send directly is signed
correctly, but
inbound mail that resends to gmail is failing. Is that correct?
I finally got everything up and running with DKIM. I did a direct
send to
gmail and to the port25.com tester (check-au...@verifier.port25.com).
Everything looks good now. I'll try adding a resend to gmail to
try to
duplicate your scenario.
On the advise Stephano gave you about the convertTo7Bit mailet, I
added it
ahead of the DKIMSign mailet. There was zero documentation on it.
So I
just guessed that there were no parameters. I assume it's doing
it's job.
But I really don't know if it's doing anything. I still don't
know what
that third mailet is for. But I'm not using it, and DKIM is working.
I'll let you know what I find after adding the resend to gmail.
Jerry
On 8/15/2010 9:32 PM, Shahid Faiz wrote:
i have configured ConvertoTo7Bit but no success. following are james
configurations. Is there anything missing in ConvertTo7Bit
configuration?
<mailet match="All" class="ConvertTo7Bit">
</mailet>
<!--<mailet match="All" class="LogMessage">
</mailet> -->
<mailet match="All" class="DKIMSign">
<signatureTemplate>v=1; s=default; d=mydomain.com;
h=from:to:received:received; t=12345; a=rsa-sha256; bh=;
b=;</signatureTemplate>
<privateKey>
-----PRIVATE KEY IN PEM FORMAT-----
</privateKey>
</mailet>
<!-- Attempt remote delivery using the specified repository for
the
spool, -->
<!-- using delay time to retry delivery and the maximum number of
retries -->
<mailet match="All" class="RemoteDelivery">
<outgoing> file://var/mail/outgoing/</outgoing>
On Sat, Aug 14, 2010 at 11:42 PM, Shahid Faiz<shahid.f...@gmail.com>
wrote:
you are right this may be the problem. i haven't configured
ConvertTo7Bit
before DKIMSign and as James is running on linux where we have LF
as EOL
character.
Thanks very much for the help. I will try this on Monday,
hopefully this
will solve the problem.
- Shahid
On Sat, Aug 14, 2010 at 9:52 PM, Stefano Bagnara<apa...@bago.org>
wrote:
2010/8/14 Shahid Faiz<shahid.f...@gmail.com>:
Hi,
jDKIM is configured properly and works perfectly fine for emails
which
I
sent out using any email client but when I bounce emails using
Resend
mailet
gmail says* **dkim=neutral (body hash did not verify).* DKIMSign
mailet
is
configured as the last one in transport processor. any hint or help
what
is
missing?
Have you configured a ConvertTo7Bit mailet (bundled with jdkim) just
before the DKIMSign mailet?
DKIM may have issues with LF (\n) newlines. DKIM expects only CRLF
(\r\n) otherwise signing is not possible.
Stefano
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
