Jerry, This works fine for me as well. After playing with this, I have figured out that Gmail is unable to verify body hash when I add <message> tag and change <inline>unaltered</inline> to <inline>none</inline>.
I think Stefano pointed out correctly, and may be ConvertTo7Bit is not playing its part with default configurations. Thanks, Shahid On Tue, Aug 17, 2010 at 3:45 AM, Jerry M <techst...@malcolms.com> wrote: > Shahid, > > It looks like you are using the resend for something quite different than I > am. I'm simply using it as an auto-forrward to a second address that > monitors all inbound email. Hence my mailet tag is: > > <mailet match="recipientis=x...@yyyy.com" class="Resend"> > <recipients>b...@ccccc.com</recipients> > <inline>unaltered</inline> > <passThrough>TRUE</passThrough> > </mailet> > > I'm not sure what all of the different options mean and what effect they > might have. But just for fun, try my version above and see if it makes any > difference. If it works, start adding your options in one at a time. Once > we know the culprit, we might be able to figure out why it's trashing the > signature. > > Jerry > > > On 8/16/2010 4:21 AM, Shahid Faiz wrote: > >> Hi Jerry, >> >> Is there any special required for Resend configuration? I have uncommented >> already configured file extension based Resend. >> >> <mailet match="AttachmentFileNameIs=-d -z *.exe *.com *.bat *.cmd *.pif >> *.scr *.vbs *.avi *.mp3 *.mpeg *.shs" class="Resend" >> onMatchException="error"> >> <sender>postmaster</sender> >> <inline>heads</inline> >> <attachment>none</attachment> >> <passThrough>false</passThrough> >> <debug>true</debug> >> <reversePath>null</reversePath> >> <recipients>sender</recipients> >> <prefix>[REJECTED]</prefix> >> <message> >> test message. >> </message> >> </mailet> >> >> Thanks, >> Shahid >> >> >> On Mon, Aug 16, 2010 at 12:24 PM, Shahid Faiz<shahid.f...@gmail.com> >> wrote: >> >> I have checked resent emails with port25.com, that also displays error >>> >>> Result: fail (wrong body hash: expected >>> Sp7UU11MCfYMc32P8gQRPzpZ6q6+b1lsV0oNi8Cn0Lk=) >>> >>> I have also removed t= tag after which resent emails are delivered to >>> Inbox >>> but DKIM verification is still failing. >>> >>> Thanks, >>> Shahid >>> >>> On Mon, Aug 16, 2010 at 9:04 AM, Jerry M<techst...@malcolms.com> wrote: >>> >>> I was comparing your mailet tag to mine. I noticed you added a t= >>>> value. >>>> You may have just dummied up the value to post on the forum as you did >>>> the >>>> domain name. But if that is the real value, it's very small number = >>>> very >>>> old time stamp (basically 40 years old). No idea if google would be >>>> upset >>>> with that, and even more curious why it would only affect resends. But >>>> just >>>> looking for anything that might be the culprit. >>>> >>>> Also, the 'sender' on a resent email is the original sender. So >>>> technically, JAMES is signing an email from a domain it doesn't own. >>>> port25.com gives me a different result when I send an email with the >>>> from >>>> address at the actual domain that is signing vs. when I send an email >>>> that >>>> is on another domain hosted on my server. They both 'pass'. But it's >>>> noted >>>> that the from address is different. Not sure if that could be a problem >>>> with resends and google since the from address is completely different >>>> than >>>> the signing domain. But that still begs the question why it worked on >>>> my >>>> test. I just don't know enough about the theory of what is considered >>>> an >>>> acceptable signature vs. what is not. I'll keep researching. >>>> >>>> Jerry >>>> >>>> >>>> On 8/15/2010 10:37 PM, Jerry M wrote: >>>> >>>> Shahid, >>>>> >>>>> I set up for all inbound email to one of my james accounts to resend to >>>>> a >>>>> gmail account. I guess it's good news for me, but bad news for you... >>>>> gmail >>>>> says the resend was signed correctly. This was a single test from an >>>>> outside business email address that I have. Hardly an exhaustive test. >>>>> As >>>>> Stephano mentioned, it could be a formatting thing on the inbound mail, >>>>> which I suspect can vary greatly from sender to sender. So I'm going >>>>> to >>>>> leave the resend active for a while and watch as I get additional real >>>>> emails from various sources and see if I get any failures and >>>>> subsequently >>>>> can detect a pattern. >>>>> >>>>> If you can test on an email account that no 'real' traffic is coming >>>>> into, you might try bouncing to the port25.com tester email address I >>>>> mentioned below just to see what it tells you. You'll get more info >>>>> than >>>>> gmail gives regarding DKIM. The only thing is that port25.com sends >>>>> the analysis info back to the sender. So if this is a live email and >>>>> you >>>>> are bouncing to port25.com test, the sender will get the analysis >>>>> reply >>>>> (probably not what you want..). Hence the recommendation to do it on a >>>>> dormant/test email account. >>>>> >>>>> Let me know if you get any additional info. >>>>> >>>>> Jerry >>>>> >>>>> >>>>> On 8/15/2010 10:20 PM, Shahid Faiz wrote: >>>>> >>>>> Hi Jerry, >>>>>> >>>>>> Yes, you are right. Mails which are sent directly to my gmail account >>>>>> are >>>>>> verified and delivered to my inbox whereas mails sent using Resend are >>>>>> not >>>>>> verified and thats why those mails land in Spam. >>>>>> >>>>>> Yes, I have also guessed that there were no parameters required. I >>>>>> will >>>>>> try >>>>>> looking into ConvertTo7Bit code if that will help. >>>>>> >>>>>> Thank you very much for the help. >>>>>> >>>>>> - Shahid >>>>>> >>>>>> On Mon, Aug 16, 2010 at 8:12 AM, Jerry M<techst...@malcolms.com> >>>>>> wrote: >>>>>> >>>>>> So you are using resend mailet to send inbound mail that you receive >>>>>> >>>>>>> on to >>>>>>> a gmail account, right? And mail you send directly is signed >>>>>>> correctly, but >>>>>>> inbound mail that resends to gmail is failing. Is that correct? >>>>>>> >>>>>>> I finally got everything up and running with DKIM. I did a direct >>>>>>> send >>>>>>> to >>>>>>> gmail and to the port25.com tester (check-au...@verifier.port25.com >>>>>>> ). >>>>>>> Everything looks good now. I'll try adding a resend to gmail to try >>>>>>> to >>>>>>> duplicate your scenario. >>>>>>> >>>>>>> On the advise Stephano gave you about the convertTo7Bit mailet, I >>>>>>> added >>>>>>> it >>>>>>> ahead of the DKIMSign mailet. There was zero documentation on it. >>>>>>> So >>>>>>> I >>>>>>> just guessed that there were no parameters. I assume it's doing it's >>>>>>> job. >>>>>>> But I really don't know if it's doing anything. I still don't know >>>>>>> what >>>>>>> that third mailet is for. But I'm not using it, and DKIM is working. >>>>>>> >>>>>>> I'll let you know what I find after adding the resend to gmail. >>>>>>> >>>>>>> Jerry >>>>>>> >>>>>>> >>>>>>> >>>>>>> On 8/15/2010 9:32 PM, Shahid Faiz wrote: >>>>>>> >>>>>>> i have configured ConvertoTo7Bit but no success. following are james >>>>>>> >>>>>>>> configurations. Is there anything missing in ConvertTo7Bit >>>>>>>> configuration? >>>>>>>> >>>>>>>> <mailet match="All" class="ConvertTo7Bit"> >>>>>>>> </mailet> >>>>>>>> <!--<mailet match="All" class="LogMessage"> >>>>>>>> </mailet> --> >>>>>>>> >>>>>>>> <mailet match="All" class="DKIMSign"> >>>>>>>> <signatureTemplate>v=1; s=default; d=mydomain.com; >>>>>>>> h=from:to:received:received; t=12345; a=rsa-sha256; bh=; >>>>>>>> b=;</signatureTemplate> >>>>>>>> <privateKey> >>>>>>>> -----PRIVATE KEY IN PEM FORMAT----- >>>>>>>> </privateKey> >>>>>>>> </mailet> >>>>>>>> >>>>>>>> <!-- Attempt remote delivery using the specified repository for >>>>>>>> the >>>>>>>> spool, --> >>>>>>>> <!-- using delay time to retry delivery and the maximum number of >>>>>>>> retries --> >>>>>>>> <mailet match="All" class="RemoteDelivery"> >>>>>>>> <outgoing> file://var/mail/outgoing/</outgoing> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Sat, Aug 14, 2010 at 11:42 PM, Shahid Faiz<shahid.f...@gmail.com >>>>>>>> > >>>>>>>> wrote: >>>>>>>> >>>>>>>> >>>>>>>> you are right this may be the problem. i haven't configured >>>>>>>> ConvertTo7Bit >>>>>>>> >>>>>>>> before DKIMSign and as James is running on linux where we have LF >>>>>>>>> as >>>>>>>>> EOL >>>>>>>>> character. >>>>>>>>> >>>>>>>>> Thanks very much for the help. I will try this on Monday, hopefully >>>>>>>>> this >>>>>>>>> will solve the problem. >>>>>>>>> >>>>>>>>> - Shahid >>>>>>>>> >>>>>>>>> >>>>>>>>> On Sat, Aug 14, 2010 at 9:52 PM, Stefano Bagnara<apa...@bago.org> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>> 2010/8/14 Shahid Faiz<shahid.f...@gmail.com>: >>>>>>>>> >>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>>> jDKIM is configured properly and works perfectly fine for emails >>>>>>>>>>> which >>>>>>>>>>> I >>>>>>>>>>> sent out using any email client but when I bounce emails using >>>>>>>>>>> Resend >>>>>>>>>>> >>>>>>>>>>> mailet >>>>>>>>>>> >>>>>>>>>> gmail says* **dkim=neutral (body hash did not verify).* DKIMSign >>>>>>>>>> >>>>>>>>>>> mailet >>>>>>>>>>> >>>>>>>>>>> is >>>>>>>>>>> >>>>>>>>>> configured as the last one in transport processor. any hint or >>>>>>>>>> help >>>>>>>>>> >>>>>>>>>>> what >>>>>>>>>>> >>>>>>>>>>> is >>>>>>>>>>> >>>>>>>>>> missing? >>>>>>>>>> >>>>>>>>>>> Have you configured a ConvertTo7Bit mailet (bundled with jdkim) >>>>>>>>>>> >>>>>>>>>> just >>>>>>>>>> before the DKIMSign mailet? >>>>>>>>>> >>>>>>>>>> DKIM may have issues with LF (\n) newlines. DKIM expects only CRLF >>>>>>>>>> (\r\n) otherwise signing is not possible. >>>>>>>>>> >>>>>>>>>> Stefano >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> --------------------------------------------------------------------- >>>>>>>>>> >>>>>>>>>> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org >>>>>>>>>> For additional commands, e-mail: >>>>>>>>>> server-user-h...@james.apache.org >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> --------------------------------------------------------------------- >>>>>>>>>> >>>>>>>>> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org >>>>>>> For additional commands, e-mail: server-user-h...@james.apache.org >>>>>>> >>>>>>> >>>>>>> >>>>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org >>>>> For additional commands, e-mail: server-user-h...@james.apache.org >>>>> >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org >>>> For additional commands, e-mail: server-user-h...@james.apache.org >>>> >>>> >>>> > --------------------------------------------------------------------- > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org > >
