I was comparing your mailet tag to mine. I noticed you added a t= value. You may have just dummied up the value to post on the forum as you did the domain name. But if that is the real value, it's very small number = very old time stamp (basically 40 years old). No idea if google would be upset with that, and even more curious why it would only affect resends. But just looking for anything that might be the culprit.

Also, the 'sender' on a resent email is the original sender. So technically, JAMES is signing an email from a domain it doesn't own. port25.com gives me a different result when I send an email with the from address at the actual domain that is signing vs. when I send an email that is on another domain hosted on my server. They both 'pass'. But it's noted that the from address is different. Not sure if that could be a problem with resends and google since the from address is completely different than the signing domain. But that still begs the question why it worked on my test. I just don't know enough about the theory of what is considered an acceptable signature vs. what is not. I'll keep researching.

Jerry

On 8/15/2010 10:37 PM, Jerry M wrote:
 Shahid,

I set up for all inbound email to one of my james accounts to resend to a gmail account. I guess it's good news for me, but bad news for you... gmail says the resend was signed correctly. This was a single test from an outside business email address that I have. Hardly an exhaustive test. As Stephano mentioned, it could be a formatting thing on the inbound mail, which I suspect can vary greatly from sender to sender. So I'm going to leave the resend active for a while and watch as I get additional real emails from various sources and see if I get any failures and subsequently can detect a pattern.

If you can test on an email account that no 'real' traffic is coming into, you might try bouncing to the port25.com tester email address I mentioned below just to see what it tells you. You'll get more info than gmail gives regarding DKIM. The only thing is that port25.com sends the analysis info back to the sender. So if this is a live email and you are bouncing to port25.com test, the sender will get the analysis reply (probably not what you want..). Hence the recommendation to do it on a dormant/test email account.

Let me know if you get any additional info.

Jerry


On 8/15/2010 10:20 PM, Shahid Faiz wrote:
Hi Jerry,

Yes, you are right. Mails which are sent directly to my gmail account are verified and delivered to my inbox whereas mails sent using Resend are not
verified and thats why those mails land in Spam.

Yes, I have also guessed that there were no parameters required. I will try
looking into ConvertTo7Bit code if that will help.

Thank you very much for the help.

- Shahid

On Mon, Aug 16, 2010 at 8:12 AM, Jerry M<techst...@malcolms.com>  wrote:

So you are using resend mailet to send inbound mail that you receive on to a gmail account, right? And mail you send directly is signed correctly, but
inbound mail that resends to gmail is failing.   Is that correct?

I finally got everything up and running with DKIM. I did a direct send to
gmail and to the port25.com tester (check-au...@verifier.port25.com).
Everything looks good now. I'll try adding a resend to gmail to try to
duplicate your scenario.

On the advise Stephano gave you about the convertTo7Bit mailet, I added it ahead of the DKIMSign mailet. There was zero documentation on it. So I just guessed that there were no parameters. I assume it's doing it's job. But I really don't know if it's doing anything. I still don't know what
that third mailet is for.  But I'm not using it, and DKIM is working.

I'll let you know what I find after adding the resend to gmail.

Jerry



On 8/15/2010 9:32 PM, Shahid Faiz wrote:

i have configured ConvertoTo7Bit but no success. following are james
configurations. Is there anything missing in ConvertTo7Bit configuration?

<mailet match="All" class="ConvertTo7Bit">
</mailet>
<!--<mailet match="All" class="LogMessage">
</mailet>   -->

<mailet match="All" class="DKIMSign">
<signatureTemplate>v=1; s=default; d=mydomain.com;
h=from:to:received:received; t=12345;  a=rsa-sha256; bh=;
b=;</signatureTemplate>
<privateKey>
-----PRIVATE KEY IN PEM FORMAT-----
</privateKey>
</mailet>

<!-- Attempt remote delivery using the specified repository for
the
spool, -->
<!-- using delay time to retry delivery and the maximum number of
retries -->
<mailet match="All" class="RemoteDelivery">
<outgoing>   file://var/mail/outgoing/</outgoing>



On Sat, Aug 14, 2010 at 11:42 PM, Shahid Faiz<shahid.f...@gmail.com>
  wrote:


you are right this may be the problem. i haven't configured ConvertTo7Bit
before DKIMSign and as James is running on linux where we have LF as EOL
character.

Thanks very much for the help. I will try this on Monday, hopefully this
will solve the problem.

- Shahid


On Sat, Aug 14, 2010 at 9:52 PM, Stefano Bagnara<apa...@bago.org>
  wrote:

  2010/8/14 Shahid Faiz<shahid.f...@gmail.com>:
Hi,

jDKIM is configured properly and works perfectly fine for emails which
I
sent out using any email client but when I bounce emails using Resend

mailet

gmail says* **dkim=neutral (body hash did not verify).* DKIMSign mailet

is

configured as the last one in transport processor. any hint or help
what

is

missing?

Have you configured a ConvertTo7Bit mailet (bundled with jdkim) just
before the DKIMSign mailet?

DKIM may have issues with LF (\n) newlines. DKIM expects only CRLF
(\r\n) otherwise signing is not possible.

Stefano

---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org

Reply via email to