dkim and Mailscanner

Mark Sapiro mark at msapiro.net
Thu Dec 3 22:39:27 UTC 2015 

On 12/03/2015 01:24 PM, Maarten wrote:
> Hello,
> 
> I'm having a problem getting dkim to work together with mailscanner. I
> noticed some comments about dkim in the comments so I took the advice of
> the comments.
> 
> Multiple Headers = add
...
> Place New Headers At Top Of Message = yes
> 
> Each time I got the following error:
> 
> dkim=neutral (body hash did not verify) header.i=@feedmebits.nl
> 
> 
> I thought I'd try doing a test by taking out mailscanner, only using postfix, and now I'm getting:
> 
> dkim=pass header.i=@feedmebits.nl


Are you looking at incoming mail or outgoing mail? I DKIM sign outgoing
mail and I have

Multiple Headers = add

and Place New Headers At Top Of Message is a ruleset which is Yes for a
small number if incoming messages and No for everything else.

I just sent a message addressed to both Yahoo and Gmail addresses. It
had my MailScanner headers added at the bottom as expected

Yahoo said

Received-SPF: pass (domain of msapiro.net designates 72.52.113.16 as
permitted sender)

and

Authentication-Results: mta1323.mail.ne1.yahoo.com  from=msapiro.net;
domainkeys=neutral (no sig);  from=msapiro.net; dkim=pass (ok)

and Gmail said:

Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of mark at msapiro.net designates
72.52.113.16 as permitted sender) smtp.mailfrom=mark at msapiro.net;
       dkim=pass header.i=@msapiro.net

According to logs, Postfix opendkim signed the message before it was
processed by MailScanner so my DKIM sig was there and MailScanner didn't
break it, however, if MailScanner does any disarming of web bugs or
suspected phishing URLs or the like, it will certainly break the sig.

For incoming mail I'm not so fussy, but my ruleset says Place New
Headers At Top Of Message = Yes for certain messages that actually get
forwarded to a remote ISP that calls them spam if the sig is broken, but
ultimately I don't scan those messages at all (per a Scan Messages
ruleset) because of MailScanner body changes for disarming.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list