Hi Jerry,
Is there any special required for Resend configuration? I have uncommented
already configured file extension based Resend.
<mailet match="AttachmentFileNameIs=-d -z *.exe *.com *.bat *.cmd *.pif
*.scr *.vbs *.avi *.mp3 *.mpeg *.shs" class="Resend"
onMatchException="error">
<sender>postmaster</sender>
<inline>heads</inline>
<attachment>none</attachment>
<passThrough>false</passThrough>
<debug>true</debug>
<reversePath>null</reversePath>
<recipients>sender</recipients>
<prefix>[REJECTED]</prefix>
<message>
test message.
</message>
</mailet>
Thanks,
Shahid
On Mon, Aug 16, 2010 at 12:24 PM, Shahid Faiz <shahid.f...@gmail.com> wrote:
> I have checked resent emails with port25.com, that also displays error
>
> Result: fail (wrong body hash: expected
> Sp7UU11MCfYMc32P8gQRPzpZ6q6+b1lsV0oNi8Cn0Lk=)
>
> I have also removed t= tag after which resent emails are delivered to Inbox
> but DKIM verification is still failing.
>
> Thanks,
> Shahid
>
> On Mon, Aug 16, 2010 at 9:04 AM, Jerry M <techst...@malcolms.com> wrote:
>
>> I was comparing your mailet tag to mine. I noticed you added a t= value.
>> You may have just dummied up the value to post on the forum as you did the
>> domain name. But if that is the real value, it's very small number = very
>> old time stamp (basically 40 years old). No idea if google would be upset
>> with that, and even more curious why it would only affect resends. But just
>> looking for anything that might be the culprit.
>>
>> Also, the 'sender' on a resent email is the original sender. So
>> technically, JAMES is signing an email from a domain it doesn't own.
>> port25.com gives me a different result when I send an email with the from
>> address at the actual domain that is signing vs. when I send an email that
>> is on another domain hosted on my server. They both 'pass'. But it's noted
>> that the from address is different. Not sure if that could be a problem
>> with resends and google since the from address is completely different than
>> the signing domain. But that still begs the question why it worked on my
>> test. I just don't know enough about the theory of what is considered an
>> acceptable signature vs. what is not. I'll keep researching.
>>
>> Jerry
>>
>> On 8/15/2010 10:37 PM, Jerry M wrote:
>>
>>> Shahid,
>>>
>>> I set up for all inbound email to one of my james accounts to resend to a
>>> gmail account. I guess it's good news for me, but bad news for you... gmail
>>> says the resend was signed correctly. This was a single test from an
>>> outside business email address that I have. Hardly an exhaustive test. As
>>> Stephano mentioned, it could be a formatting thing on the inbound mail,
>>> which I suspect can vary greatly from sender to sender. So I'm going to
>>> leave the resend active for a while and watch as I get additional real
>>> emails from various sources and see if I get any failures and subsequently
>>> can detect a pattern.
>>>
>>> If you can test on an email account that no 'real' traffic is coming
>>> into, you might try bouncing to the port25.com tester email address I
>>> mentioned below just to see what it tells you. You'll get more info than
>>> gmail gives regarding DKIM. The only thing is that port25.com sends
>>> the analysis info back to the sender. So if this is a live email and you
>>> are bouncing to port25.com test, the sender will get the analysis reply
>>> (probably not what you want..). Hence the recommendation to do it on a
>>> dormant/test email account.
>>>
>>> Let me know if you get any additional info.
>>>
>>> Jerry
>>>
>>>
>>> On 8/15/2010 10:20 PM, Shahid Faiz wrote:
>>>
>>>> Hi Jerry,
>>>>
>>>> Yes, you are right. Mails which are sent directly to my gmail account
>>>> are
>>>> verified and delivered to my inbox whereas mails sent using Resend are
>>>> not
>>>> verified and thats why those mails land in Spam.
>>>>
>>>> Yes, I have also guessed that there were no parameters required. I will
>>>> try
>>>> looking into ConvertTo7Bit code if that will help.
>>>>
>>>> Thank you very much for the help.
>>>>
>>>> - Shahid
>>>>
>>>> On Mon, Aug 16, 2010 at 8:12 AM, Jerry M<techst...@malcolms.com>
>>>> wrote:
>>>>
>>>> So you are using resend mailet to send inbound mail that you receive
>>>>> on to
>>>>> a gmail account, right? And mail you send directly is signed
>>>>> correctly, but
>>>>> inbound mail that resends to gmail is failing. Is that correct?
>>>>>
>>>>> I finally got everything up and running with DKIM. I did a direct send
>>>>> to
>>>>> gmail and to the port25.com tester (check-au...@verifier.port25.com).
>>>>> Everything looks good now. I'll try adding a resend to gmail to try
>>>>> to
>>>>> duplicate your scenario.
>>>>>
>>>>> On the advise Stephano gave you about the convertTo7Bit mailet, I added
>>>>> it
>>>>> ahead of the DKIMSign mailet. There was zero documentation on it. So
>>>>> I
>>>>> just guessed that there were no parameters. I assume it's doing it's
>>>>> job.
>>>>> But I really don't know if it's doing anything. I still don't know
>>>>> what
>>>>> that third mailet is for. But I'm not using it, and DKIM is working.
>>>>>
>>>>> I'll let you know what I find after adding the resend to gmail.
>>>>>
>>>>> Jerry
>>>>>
>>>>>
>>>>>
>>>>> On 8/15/2010 9:32 PM, Shahid Faiz wrote:
>>>>>
>>>>> i have configured ConvertoTo7Bit but no success. following are james
>>>>>> configurations. Is there anything missing in ConvertTo7Bit
>>>>>> configuration?
>>>>>>
>>>>>> <mailet match="All" class="ConvertTo7Bit">
>>>>>> </mailet>
>>>>>> <!--<mailet match="All" class="LogMessage">
>>>>>> </mailet> -->
>>>>>>
>>>>>> <mailet match="All" class="DKIMSign">
>>>>>> <signatureTemplate>v=1; s=default; d=mydomain.com;
>>>>>> h=from:to:received:received; t=12345; a=rsa-sha256; bh=;
>>>>>> b=;</signatureTemplate>
>>>>>> <privateKey>
>>>>>> -----PRIVATE KEY IN PEM FORMAT-----
>>>>>> </privateKey>
>>>>>> </mailet>
>>>>>>
>>>>>> <!-- Attempt remote delivery using the specified repository for
>>>>>> the
>>>>>> spool, -->
>>>>>> <!-- using delay time to retry delivery and the maximum number of
>>>>>> retries -->
>>>>>> <mailet match="All" class="RemoteDelivery">
>>>>>> <outgoing> file://var/mail/outgoing/</outgoing>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Sat, Aug 14, 2010 at 11:42 PM, Shahid Faiz<shahid.f...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>
>>>>>> you are right this may be the problem. i haven't configured
>>>>>> ConvertTo7Bit
>>>>>>
>>>>>>> before DKIMSign and as James is running on linux where we have LF as
>>>>>>> EOL
>>>>>>> character.
>>>>>>>
>>>>>>> Thanks very much for the help. I will try this on Monday, hopefully
>>>>>>> this
>>>>>>> will solve the problem.
>>>>>>>
>>>>>>> - Shahid
>>>>>>>
>>>>>>>
>>>>>>> On Sat, Aug 14, 2010 at 9:52 PM, Stefano Bagnara<apa...@bago.org>
>>>>>>> wrote:
>>>>>>>
>>>>>>> 2010/8/14 Shahid Faiz<shahid.f...@gmail.com>:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> jDKIM is configured properly and works perfectly fine for emails
>>>>>>>>> which
>>>>>>>>> I
>>>>>>>>> sent out using any email client but when I bounce emails using
>>>>>>>>> Resend
>>>>>>>>>
>>>>>>>>> mailet
>>>>>>>>
>>>>>>>> gmail says* **dkim=neutral (body hash did not verify).* DKIMSign
>>>>>>>>> mailet
>>>>>>>>>
>>>>>>>>> is
>>>>>>>>
>>>>>>>> configured as the last one in transport processor. any hint or help
>>>>>>>>> what
>>>>>>>>>
>>>>>>>>> is
>>>>>>>>
>>>>>>>> missing?
>>>>>>>>>
>>>>>>>>> Have you configured a ConvertTo7Bit mailet (bundled with jdkim)
>>>>>>>> just
>>>>>>>> before the DKIMSign mailet?
>>>>>>>>
>>>>>>>> DKIM may have issues with LF (\n) newlines. DKIM expects only CRLF
>>>>>>>> (\r\n) otherwise signing is not possible.
>>>>>>>>
>>>>>>>> Stefano
>>>>>>>>
>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>
>>>>>>>> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
>>>>>>>> For additional commands, e-mail: server-user-h...@james.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
>>>>> For additional commands, e-mail: server-user-h...@james.apache.org
>>>>>
>>>>>
>>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
>>> For additional commands, e-mail: server-user-h...@james.apache.org
>>>
>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
>> For additional commands, e-mail: server-user-h...@james.apache.org
>>
>>
>
