Shahid,
It looks like you are using the resend for something quite different
than I am. I'm simply using it as an auto-forrward to a second address
that monitors all inbound email. Hence my mailet tag is:
<mailet match="recipientis=x...@yyyy.com" class="Resend">
<recipients>b...@ccccc.com</recipients>
<inline>unaltered</inline>
<passThrough>TRUE</passThrough>
</mailet>
I'm not sure what all of the different options mean and what effect they
might have. But just for fun, try my version above and see if it makes
any difference. If it works, start adding your options in one at a
time. Once we know the culprit, we might be able to figure out why it's
trashing the signature.
Jerry
On 8/16/2010 4:21 AM, Shahid Faiz wrote:
Hi Jerry,
Is there any special required for Resend configuration? I have uncommented
already configured file extension based Resend.
<mailet match="AttachmentFileNameIs=-d -z *.exe *.com *.bat *.cmd *.pif
*.scr *.vbs *.avi *.mp3 *.mpeg *.shs" class="Resend"
onMatchException="error">
<sender>postmaster</sender>
<inline>heads</inline>
<attachment>none</attachment>
<passThrough>false</passThrough>
<debug>true</debug>
<reversePath>null</reversePath>
<recipients>sender</recipients>
<prefix>[REJECTED]</prefix>
<message>
test message.
</message>
</mailet>
Thanks,
Shahid
On Mon, Aug 16, 2010 at 12:24 PM, Shahid Faiz<shahid.f...@gmail.com> wrote:
I have checked resent emails with port25.com, that also displays error
Result: fail (wrong body hash: expected
Sp7UU11MCfYMc32P8gQRPzpZ6q6+b1lsV0oNi8Cn0Lk=)
I have also removed t= tag after which resent emails are delivered to Inbox
but DKIM verification is still failing.
Thanks,
Shahid
On Mon, Aug 16, 2010 at 9:04 AM, Jerry M<techst...@malcolms.com> wrote:
I was comparing your mailet tag to mine. I noticed you added a t= value.
You may have just dummied up the value to post on the forum as you did the
domain name. But if that is the real value, it's very small number = very
old time stamp (basically 40 years old). No idea if google would be upset
with that, and even more curious why it would only affect resends. But just
looking for anything that might be the culprit.
Also, the 'sender' on a resent email is the original sender. So
technically, JAMES is signing an email from a domain it doesn't own.
port25.com gives me a different result when I send an email with the from
address at the actual domain that is signing vs. when I send an email that
is on another domain hosted on my server. They both 'pass'. But it's noted
that the from address is different. Not sure if that could be a problem
with resends and google since the from address is completely different than
the signing domain. But that still begs the question why it worked on my
test. I just don't know enough about the theory of what is considered an
acceptable signature vs. what is not. I'll keep researching.
Jerry
On 8/15/2010 10:37 PM, Jerry M wrote:
Shahid,
I set up for all inbound email to one of my james accounts to resend to a
gmail account. I guess it's good news for me, but bad news for you... gmail
says the resend was signed correctly. This was a single test from an
outside business email address that I have. Hardly an exhaustive test. As
Stephano mentioned, it could be a formatting thing on the inbound mail,
which I suspect can vary greatly from sender to sender. So I'm going to
leave the resend active for a while and watch as I get additional real
emails from various sources and see if I get any failures and subsequently
can detect a pattern.
If you can test on an email account that no 'real' traffic is coming
into, you might try bouncing to the port25.com tester email address I
mentioned below just to see what it tells you. You'll get more info than
gmail gives regarding DKIM. The only thing is that port25.com sends
the analysis info back to the sender. So if this is a live email and you
are bouncing to port25.com test, the sender will get the analysis reply
(probably not what you want..). Hence the recommendation to do it on a
dormant/test email account.
Let me know if you get any additional info.
Jerry
On 8/15/2010 10:20 PM, Shahid Faiz wrote:
Hi Jerry,
Yes, you are right. Mails which are sent directly to my gmail account
are
verified and delivered to my inbox whereas mails sent using Resend are
not
verified and thats why those mails land in Spam.
Yes, I have also guessed that there were no parameters required. I will
try
looking into ConvertTo7Bit code if that will help.
Thank you very much for the help.
- Shahid
On Mon, Aug 16, 2010 at 8:12 AM, Jerry M<techst...@malcolms.com>
wrote:
So you are using resend mailet to send inbound mail that you receive
on to
a gmail account, right? And mail you send directly is signed
correctly, but
inbound mail that resends to gmail is failing. Is that correct?
I finally got everything up and running with DKIM. I did a direct send
to
gmail and to the port25.com tester (check-au...@verifier.port25.com).
Everything looks good now. I'll try adding a resend to gmail to try
to
duplicate your scenario.
On the advise Stephano gave you about the convertTo7Bit mailet, I added
it
ahead of the DKIMSign mailet. There was zero documentation on it. So
I
just guessed that there were no parameters. I assume it's doing it's
job.
But I really don't know if it's doing anything. I still don't know
what
that third mailet is for. But I'm not using it, and DKIM is working.
I'll let you know what I find after adding the resend to gmail.
Jerry
On 8/15/2010 9:32 PM, Shahid Faiz wrote:
i have configured ConvertoTo7Bit but no success. following are james
configurations. Is there anything missing in ConvertTo7Bit
configuration?
<mailet match="All" class="ConvertTo7Bit">
</mailet>
<!--<mailet match="All" class="LogMessage">
</mailet> -->
<mailet match="All" class="DKIMSign">
<signatureTemplate>v=1; s=default; d=mydomain.com;
h=from:to:received:received; t=12345; a=rsa-sha256; bh=;
b=;</signatureTemplate>
<privateKey>
-----PRIVATE KEY IN PEM FORMAT-----
</privateKey>
</mailet>
<!-- Attempt remote delivery using the specified repository for
the
spool, -->
<!-- using delay time to retry delivery and the maximum number of
retries -->
<mailet match="All" class="RemoteDelivery">
<outgoing> file://var/mail/outgoing/</outgoing>
On Sat, Aug 14, 2010 at 11:42 PM, Shahid Faiz<shahid.f...@gmail.com>
wrote:
you are right this may be the problem. i haven't configured
ConvertTo7Bit
before DKIMSign and as James is running on linux where we have LF as
EOL
character.
Thanks very much for the help. I will try this on Monday, hopefully
this
will solve the problem.
- Shahid
On Sat, Aug 14, 2010 at 9:52 PM, Stefano Bagnara<apa...@bago.org>
wrote:
2010/8/14 Shahid Faiz<shahid.f...@gmail.com>:
Hi,
jDKIM is configured properly and works perfectly fine for emails
which
I
sent out using any email client but when I bounce emails using
Resend
mailet
gmail says* **dkim=neutral (body hash did not verify).* DKIMSign
mailet
is
configured as the last one in transport processor. any hint or help
what
is
missing?
Have you configured a ConvertTo7Bit mailet (bundled with jdkim)
just
before the DKIMSign mailet?
DKIM may have issues with LF (\n) newlines. DKIM expects only CRLF
(\r\n) otherwise signing is not possible.
Stefano
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
