dkim fails ?
Benny Pedersen
me at junc.org
Sat Jun 25 23:35:51 CEST 2011
On Fri, 24 Jun 2011 18:33:57 +0200, Mark Martinec wrote:
> DKIM verification in amavisd as well as in SpamAssassin is
> independent from trusted_networks / internal_networks / msa_networks,
> i.e. works the same regardless of mail flow direction and its source.
okay
> Yes it does (regardless of version). Signing is done last, just
> before
> the mail message is being fed back to an MTA. So the signature
> that is yet to be generated is not seen by SpamAssassin and
> a DKIM_ADSP_* rule could hit.
is that not my problem so ?
sending smtp auth mail inside mynetworks does not hit any adsp, but
sending from outside still with smtp auth does apply adsp :(
for now i have removed adsp in dns, not he best way of solving, but i
can live with it
> What is strange here is that the message does contain a:
>
> Authentication-Results: localhost.junc.org (amavisd-new);
> dkim=pass header.i=@junc.org
>
> which apparently means that a signature by junc.org was already
> present at the time of signature verification, so SpamAssassin
> should have seen it as well.
but as i read above, amavisd makes verify first ?
> Perhaps a domain in a From header field did not match exactly
> the signing domain of a signature? Maybe it was its subdomain.
how ?
More information about the amavis-users
mailing list