dkim fails ?

Benny Pedersen me at junc.org
Sat Jun 25 23:35:51 CEST 2011


On Fri, 24 Jun 2011 18:33:57 +0200, Mark Martinec wrote:

> DKIM verification in amavisd as well as in SpamAssassin is
> independent from trusted_networks / internal_networks / msa_networks,
> i.e. works the same regardless of mail flow direction and its source.

okay

> Yes it does (regardless of version). Signing is done last, just 
> before
> the mail message is being fed back to an MTA. So the signature
> that is yet to be generated is not seen by SpamAssassin and
> a DKIM_ADSP_* rule could hit.

is that not my problem so ?

sending smtp auth mail inside mynetworks does not hit any adsp, but 
sending from outside still with smtp auth does apply adsp :(

for now i have removed adsp in dns, not he best way of solving, but i 
can live with it

> What is strange here is that the message does contain a:
>
>   Authentication-Results: localhost.junc.org (amavisd-new);
>     dkim=pass header.i=@junc.org
>
> which apparently means that a signature by junc.org was already
> present at the time of signature verification, so SpamAssassin
> should have seen it as well.

but as i read above, amavisd makes verify first ?

> Perhaps a domain in a From header field did not match exactly
> the signing domain of a signature? Maybe it was its subdomain.

how ?



More information about the amavis-users mailing list