DKIM and MailScanner Watermarking
Scott B. Anderson
sbanderson at impromed.com
Mon Feb 23 14:32:35 GMT 2015
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Chris Chapman
> Sent: Saturday, February 21, 2015 11:41 AM
> To: mailscanner at lists.mailscanner.info
> Subject: DKIM and MailScanner Watermarking
> MailScanner - v4.84.5
> I have been running into an issue regarding DKIM with MailScanner and wanted
> to see if anyone had some input.
> Out of the blue, Yahoo started rejecting messages from our servers with the
> error "554 Message not allowed - ”. While the messages were certainly not
> spammy, I noticed in their documentation the line "For example, it is against
> Yahoo Mail's policy to accept messages with malicious content or manipulated
> header information…”
> This led me to wonder about Watermarking, as the feature adds a few header
> lines to messages. I found if I disable watermarking in MS, messages deliver as
> expected. Re-enable Watermarking, I get bounces.
> In the process of tracking down the cause, I ran a DKIM test, found at
> With Watermarking enabled, the DKIM tests fail with the error “Wrong body
> hash”. Disable watermarking, the DKIM tests pass. It seems to me the
> watermarks are added *after* the DKIM body hash is generated, invalidating
> DKIM. I believe this is the reason Yahoo is bouncing mail. But even if I disable
> DKIM, messages will continue to bounce if the watermark headers are present.
> So the DKIM may or may not have anything to do with it.
> I have verified the Watermark Header, %org-name% and %org-long-name% do
> not contain special characters, dots, underscores or spaces and the like.
> Does anyone have any experience/input?
> Chris Chapman
I also have run into this issue. It started late last year with Yahoo rejecting replies and forwards but not original messages.
I do not use DKIM at my site. I set :
Multiple Headers = append
Place New Headers At Top Of Message = yes
This seemed to make Yahoo stop rejecting replies and forwards, FWIW. Not sure what else this might break in your configuration.
I am not certain why this helped, it would seem contrary to the help text around these options.
Also, it would appear you could make this a ruleset, so you could set Yahoo.com to append and everything else to add, as the help text suggests.
Rely On Us.
More information about the MailScanner