DKIM and MailScanner Watermarking

Mon Feb 23 16:39:04 GMT 2015

In  my experience Yahoo has a lot to answer for their weak security, 
spammy mail accounts and dodgy spam history..

They are the last company to be bleating on about  security given their 
poor track record.

Personally, watermarks stops backscatter and allows for NDRs to be 
handled more efficiently.

If the price paid for that is not being able to email Yahoo, then so be it.

P.

On 23/02/2015 14:32, Scott B. Anderson wrote:
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>> bounces at lists.mailscanner.info] On Behalf Of Chris Chapman
>> Sent: Saturday, February 21, 2015 11:41 AM
>> To: mailscanner at lists.mailscanner.info
>> Subject: DKIM and MailScanner Watermarking
>>
>> MailScanner - v4.84.5
>>
>> I have been running into an issue regarding DKIM with MailScanner and wanted
>> to see if anyone had some input.
>>
>> Out of the blue, Yahoo started rejecting messages from our servers with the
>> error "554 Message not allowed - [299]”.  While the messages were certainly not
>> spammy, I noticed in their documentation the line "For example, it is against
>> Yahoo Mail's policy to accept messages with malicious content or manipulated
>> header information…”
>>
>> This led me to wonder about Watermarking, as the feature adds a few header
>> lines to messages. I found if I disable watermarking in MS, messages deliver as
>> expected. Re-enable Watermarking, I get bounces.
>>
>> In the process of tracking down the cause, I ran a DKIM test, found at
>> http://appmaildev.com/en/dkim/
>>
>> With Watermarking enabled, the DKIM tests fail with the error “Wrong body
>> hash”.  Disable watermarking, the DKIM tests pass.  It seems to me the
>> watermarks are added *after* the DKIM body hash is generated, invalidating
>> DKIM. I believe this is the reason Yahoo is bouncing mail.  But even if I disable
>> DKIM, messages will continue to bounce if the watermark headers are present.
>> So the DKIM may or may not have anything to do with it.
>>
>> I have verified the Watermark Header, %org-name% and %org-long-name% do
>> not contain special characters, dots, underscores or spaces and the like.
>>
>> Does anyone have any experience/input?
>>
>> Thanks!
>>
>> Chris Chapman
>>
> I also have run into this issue.  It started late last year with Yahoo rejecting replies and forwards but not original messages.
> I do not use DKIM at my site.  I set :
>
> Multiple Headers = append
> Place New Headers At Top Of Message = yes
>
> This seemed to make Yahoo stop rejecting replies and forwards, FWIW.   Not sure what else this might break in your configuration.
>
> I am not certain why this helped, it would seem contrary to the help text around these options.
>
> Also, it would appear you could make this a ruleset, so you could set Yahoo.com to append and everything else to add, as the help text suggests.
>
>
> Scott Anderson
>
> ...
>
>
> -- 
> horizontal ruler
>
> Peter Farrow
> avatar 	
> ______________________
> Home: 	01249 654183
> Fax: 	01249 461 548
> Mobile: 	07799605617
> Skype: 	peter_farrow
> Web: 	www.peterfarrow.com <http://www.peterfarrow.com>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20150223/206499c4/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: orange_spacer.gif
Type: image/gif
Size: 57 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20150223/206499c4/attachment.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: avatar.gif
Type: image/gif
Size: 8198 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20150223/206499c4/attachment-0001.gif 