Mailscanner disturbs my domainkey?

Julian Field MailScanner at ecs.soton.ac.uk
Sat Oct 1 14:31:28 IST 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alex Neuman wrote:

> Lars Kristiansen wrote:
>
>>> I've added domainkeys with dk-milter to sendmail.
>>>
>>> The verifier at http://senderid.espcoalition.org/ shows the 
>>> signature is
>>> there, but it does not verify.
>>>
>>> Is mailscanner messing up the headers so the signature is wrong?
>>>     
>>
>>
>> According to the rfc,
>> [ 
>> http://www.ietf.org/internet-drafts/draft-delany-domainkeys-base-02.txt 
>> ]
>> , it is a signature of the mail, including the headers below the
>> DomainKey-Signature.
>> As far as I can understand new headers need to be put before the 
>> signature
>> not to conflict.
>>
>>
>> -- 
>> Lars
>>
>>
>>  
>>
>>> 8uye at senderid.espcoalition.org
>>>
>>> The verifier says: DomainKey-Status: bad: Signature failed verification
>>>
>>> DomainKey-Signature: a=rsa-sha1; s=arnold; d=neland.dk; c=nofws; q=dns;
>>>     h=message-id:from:to:subject:date:mime-version:content-type:
>>>     content-transfer-encoding:x-priority:x-msmail-priority:x-mailer:x-mimeole; 
>>>
>>>     b=KqKCCl3LSAL7ztA0QktPMHZSMnAbwwRYUeMJWowfD0SZt5PbuD/mWy92a1gtu+eHa
>>>     JA8njDRZ4zh0iX239dsmw==
>>>
>>> ; <<>> DiG 9.3.1 <<>> -t txt arnold._domainkey.neland.dk 
>>> @ns4.gratisdns.dk
>>> ; (1 server found)
>>> ;; global options:  printcmd
>>> ;; Got answer:
>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41315
>>> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5
>>>
>>> ;; QUESTION SECTION:
>>> ;arnold._domainkey.neland.dk.   IN      TXT
>>>
>>> ;; ANSWER SECTION:
>>> arnold._domainkey.neland.dk. 43200 IN   TXT     "g=\; k=rsa\; t=y\;
>>> p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMDitcv/6R1RMjPiGHCiIcTnvVsA+A3XGg5fCf2yKUrrf7NmJw7GB9Cj35GZavzHwOVSUxkQiRUknt/+2jJMS8UCAwEAAQ==" 
>>>
>>>
>>> What's wrong? :-(
>>>     
>>
>>
>>  
>>
>>> -- 
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>> MailScanner thanks transtec Computers for their support.
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>     
>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>   
>
> In any case, any good info, pointers, tips on getting domainkeys to 
> work using sendmail+MailScanner would be appreciated. I've already set 
> up SPF, but having domainkeys as well would be a plus.

 From what I have seen over the past 20 years or so is that the usual 
practice is to put "Received" headers at the top, and all X- headers and 
other header modifications at the bottom. If they produce one exception 
saying that all new headers must be before the domainkeys header, then 
how many others are there likely to be in future? They have somewhat 
changed the rules.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQz6PtBH2WUcUFbZUEQJAlgCfRns3q4vFG+BMZPcDS16Z7KdCLhUAn21a
fH+six/rhNm2rS+3/iR2/npo
=8Y3x
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list