| 1 |
Le 10/01/2010 22:26, Matt Harrison a écrit : |
| 2 |
> I say OT because it's my understanding of DKIM that lets me down here, not Gentoo. I'm |
| 3 |
> just not sure who to ask or even if it could be something Gentoo related. |
| 4 |
> |
| 5 |
> I've recently updated my postfix home mail server to use amavis-new for virus and spam |
| 6 |
> filtering rather than procmail/spamassassin. |
| 7 |
> |
| 8 |
> It seems to be working well and I've also enabled some other goodies like DKIM signing |
| 9 |
> and verification. I haven't confirmed signing is working yet, so maybe a side effect |
| 10 |
> of this email is that someone can confirm this for me ;) |
| 11 |
|
| 12 |
Your mail is not DKIM-Signed, check your setup. |
| 13 |
|
| 14 |
> The main query I have is that a lot of the mail I get, in this case from various |
| 15 |
> mailing lists, appears to failed DKIM verification. |
| 16 |
> |
| 17 |
> For example, several of the posters on this list are DKIM signing their mail either as |
| 18 |
> part of gmail policy (or another big provider) or personal intent. Something in the |
| 19 |
> region of 50% of signed mail on this list contains headers such as: |
| 20 |
> |
| 21 |
> Authentication-Results: genesis.genestate.com (amavisd-new); dkim=softfail |
| 22 |
> (fail, message has been altered) header.i=@gmail.com |
| 23 |
> Authentication-Results: genesis.genestate.com (amavisd-new); domainkeys=softfail |
| 24 |
> (fail, message has been altered) header.from=xxxxxx@×××××.com |
| 25 |
> |
| 26 |
> Whereas the rest looks like this: |
| 27 |
> |
| 28 |
> Authentication-Results: genesis.genestate.com (amavisd-new); dkim=pass |
| 29 |
> header.i=@gmail.com |
| 30 |
> Authentication-Results: genesis.genestate.com (amavisd-new); domainkeys=pass |
| 31 |
> header.from=xxxxxx@×××××.com |
| 32 |
> |
| 33 |
> Now I find it unreasonable to assume that 50% of the mail I receive is being actively |
| 34 |
> tampered with, so it must be something getting twisted out of shape. All I'm trying to |
| 35 |
> discover is whether it's something at my end that I need to fiddle with. I followed a |
| 36 |
> few different guides to piece my setup together so it's quite possible I've overlooked |
| 37 |
> or misconfigured something. |
| 38 |
|
| 39 |
90% chance the emails failing DKIM verification had their email subject modified |
| 40 |
to add "[gentoo-user]" in it by the mlmmj program that manage the mailing-list, |
| 41 |
which mainly concerns topic starts (ie first mails about one topic). |
| 42 |
|
| 43 |
> If anyone knows about DKIM and might be able to shed a light on this, I'd love to |
| 44 |
> hear. It's not a big problem, just a puzzle I'm interested in. |
| 45 |
> |
| 46 |
> Thanks |
| 47 |
> |
| 48 |
> Matt Harrison |
| 49 |
|
| 50 |
-- |
| 51 |
Xavier Parizet |
| 52 |
YaGB : http://gentooist.com |
| 53 |
GPG : C7DC B10E FC21 63BE |
| 54 |
B453 D239 F6E6 DF65 1569 91BF |
Archives