Problems Setting up Amavis - Messages Unchecked

Mark Martinec Mark.Martinec+amavis at ijs.si
Thu Apr 5 22:53:04 CEST 2012


Schiz0,

> I have been using the autoreply at check-auth at verifier.port25.com to
> test my dkim setup with amavis. It keeps saying I've been failing
> because the signature does not check out properly.

Send me a signed sample, sometimes it is possible to guess what went
wrong from the way a message differs from a common form, of be able
to guess from the path it took through mailers.

In your previous message it was apparent that the next hop mailer
  vms173005.mailsrvcs.net (Sun Java(tm) System Messaging Server)
was re-wrapping several header fields. The relaxed header
canonicalization is immune to some of these changes, but perhaps
not all in your case.

> But something
> occured to me suddenly: I am relaying my mail from this server through
> a verizon smtp relay, outgoing.verizon.net. This obviously adds
> additional Received headers, among other things, to the mail. This
> would cause any signature I do before it is relayed out to fail any
> check, correct? So with my current setup, I'd be unable to use
> dkim/domainkeys signing?

No, header fields added by mailers to a header *above* a signature
are not a problem. The signature carries in itself a list of signed
header fields, and these are always counted bootom-up in a header.

  Mark


More information about the amavis-users mailing list