dkim fails ?

Benny Pedersen me at
Sat Jun 25 23:35:51 CEST 2011

On Fri, 24 Jun 2011 18:33:57 +0200, Mark Martinec wrote:

> DKIM verification in amavisd as well as in SpamAssassin is
> independent from trusted_networks / internal_networks / msa_networks,
> i.e. works the same regardless of mail flow direction and its source.


> Yes it does (regardless of version). Signing is done last, just 
> before
> the mail message is being fed back to an MTA. So the signature
> that is yet to be generated is not seen by SpamAssassin and
> a DKIM_ADSP_* rule could hit.

is that not my problem so ?

sending smtp auth mail inside mynetworks does not hit any adsp, but 
sending from outside still with smtp auth does apply adsp :(

for now i have removed adsp in dns, not he best way of solving, but i 
can live with it

> What is strange here is that the message does contain a:
>   Authentication-Results: (amavisd-new);
>     dkim=pass
> which apparently means that a signature by was already
> present at the time of signature verification, so SpamAssassin
> should have seen it as well.

but as i read above, amavisd makes verify first ?

> Perhaps a domain in a From header field did not match exactly
> the signing domain of a signature? Maybe it was its subdomain.

how ?

More information about the amavis-users mailing list