On 08/09/2017 09:33 AM, Felix Defrance wrote:
Hi all,

I don't understand why Mail::SpamAssassin::Plugin::DKIM fail on signature verification instead of opendkim success..

I see thats issues on domain which use onmicrosoft.com or gappssmtp.com

Here is the mail trace on my MTA, if anybody could help me.

Thx,

Aug 9 10:25:42 vmail opendkim[21923]: 0D81A778B1D: mail-he1eur01on0135.outbound.protection.outlook.com [104.47.0.135] not internal
Aug  9 10:25:42 vmail opendkim[21923]: 0D81A778B1D: not authenticated
Aug 9 10:25:42 vmail opendkim[21923]: 0D81A778B1D: no signing domain match for 'groupeastek.fr' Aug 9 10:25:42 vmail opendkim[21923]: 0D81A778B1D: no signing subdomain match for 'groupeastek.fr' Aug 9 10:25:42 vmail opendkim[21923]: 0D81A778B1D: failed to parse authentication-results: header field Aug 9 10:25:42 vmail opendkim[21923]: 0D81A778B1D: DKIM verification successful Aug 9 10:25:43 vmail opendkim[21923]: 0D81A778B1D: s=selector1-groupeastek-fr d=groupeastek365.onmicrosoft.com SSL
Aug  9 10:25:43 vmail opendmarc[7879]: 0D81A778B1D: groupeastek.fr none
Aug 9 10:25:43 vmail postfix/qmgr[9226]: 0D81A778B1D: from=<t...@groupeastek.fr>, size=558389, nrcpt=1 (queue active) Aug 9 10:25:43 vmail amavis[1524]: (01524-06) ESMTP :10024 /var/lib/amavis/tmp/amavis-20170809T101204-01524-PE_s500S: <t...@groupeastek.fr> -> <t...@tata.com> SIZE=558389 Received: from vmail.tata.com ([127.0.0.1]) by localhost (vmail.tata.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <t...@tata.com>; Wed, 9 Aug 2017 10:25:43 +0200 (CEST) Aug 9 10:25:43 vmail amavis[1524]: (01524-06) Checking: 9j8FwaumEeNr [104.47.0.135] <t...@groupeastek.fr> -> <t...@tata.com> Aug 9 10:25:43 vmail postfix/smtpd[4885]: disconnect from mail-he1eur01on0135.outbound.protection.outlook.com[104.47.0.135] Aug 9 10:25:43 vmail amavis[1524]: (01524-06) p005 1 Content-Type: multipart/mixed Aug 9 10:25:43 vmail amavis[1524]: (01524-06) p006 1/1 Content-Type: multipart/related Aug 9 10:25:43 vmail amavis[1524]: (01524-06) p007 1/1/1 Content-Type: multipart/alternative Aug 9 10:25:43 vmail amavis[1524]: (01524-06) p001 1/1/1/1 Content-Type: text/plain, size: 968 B, name: Aug 9 10:25:43 vmail amavis[1524]: (01524-06) p002 1/1/1/2 Content-Type: text/html, size: 5183 B, name: Aug 9 10:25:43 vmail amavis[1524]: (01524-06) p003 1/1/2 Content-Type: image/png, size: 4414 B, name: image001.png Aug 9 10:25:43 vmail amavis[1524]: (01524-06) p004 1/2 Content-Type: application/pdf, size: 393097 B, name: DC_ASTEK_Q_Charles_2017_08.pdf Aug 9 10:25:43 vmail amavis[1524]: (01524-06) truncating a message passed to SA at 211221 bytes, orig 558708 Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: dkim: performing public key lookup and signature verification Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: dkim: FAILED DKIM, i=@groupeastek365.onmicrosoft.com, d=groupeastek365.onmicrosoft.com, s=selector1-groupeastek-fr, a=rsa-sha256, c=relaxed/relaxed, fail, does not match author domain Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: dkim: signature verification result: FAIL (BODY HAS BEEN ALTERED) Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: dkim: adsp: performing lookup on _adsp._domainkey.groupeastek.fr Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: dkim: adsp result: U/unknown (dns: unknown), author domain 'groupeastek.fr' Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: spf: checking to see if the message has a Received-SPF header that we can use Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: spf: found a Received-SPF header added by an internal host: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=104.47.0.135; helo=eur01-he1-obe.outbound.protection.outlook.com; envelope-from=t...@groupeastek.fr; receiver=t...@tata.com Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: spf: re-using mfrom result from Received-SPF header: pass Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: spf: checking HELO (helo=EUR01-HE1-obe.outbound.protection.outlook.com, ip=104.47.0.135) Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: spf: query for /104.47.0.135/EUR01-HE1-obe.outbound.protection.outlook.com: result: pass, comment: , text: Mechanism 'include:spf.protection.outlook.com' matched Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: spf: def_whitelist_from_spf: t...@groupeastek.fr is not in DEF_WHITELIST_FROM_SPF Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: dkim: FAILED signature by groupeastek365.onmicrosoft.com, author t...@groupeastek.fr, no valid matches Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: dkim: author t...@groupeastek.fr, not in any dkim whitelist Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: spf: whitelist_from_spf: t...@groupeastek.fr is not in user's WHITELIST_FROM_SPF Aug 9 10:25:44 vmail amavis[1524]: (01524-06) spam-tag, <t...@groupeastek.fr> -> <t...@tata.com>, No, score=3.189 tagged_above=-9999 required=5 tests=[BAYES_00=-1.9, CUST_DKIM_SIGNED_INVALID=5, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no

--
FĂ©lix
PGP: 0x0F04DC57


This is in the logs above:

dbg: dkim: signature verification result: FAIL (BODY HAS BEEN ALTERED)

--
David Jones

Reply via email to