Rodolfo, > I'm using amavis-new 2.6.4 with the latest perl modules required by the > docs. I've configured DKIM signatures, which are working just fine. But > I have a problem with Yahoo Mail: it checks DKIM, but it seems that only > the old DomainKeys signature is significant (?). For instance, a message > received in Yahoo and marked with this header: > > Authentication-Results: mta1059.mail.sp2.yahoo.com from=; > domainkeys=neutral (no sig); from=********************; dkim=pass (ok) > > ends up in the spam folder, even if the domain has SPF records, the MTA > has reverse DNS record, the DKIM check is passed and the domainkeys > check is neutral, the message is just plain text and the originating > IP/domain is not blacklisted (AFAIK). I've found a 4 months old thread > about this here: > > http://www.mail-archive.com/amavis-user@lists.sourceforge.net/msg14768.html > > but I can't see any follow up after Mark's last post. I would like to > know if it is possible to add a DomainKeys signature to a message with > amavis-new (just to discard a possible cause for Yahoo's behavior), and > if in someone's experience this would help to decrease the amount of > false positives in Yahoo Mail.
I can only guess there may be some other specifics of your messages sent to Yahoo that they do not like. Their header indicates that they did check the DKIM signature and found it valid, I have no reason to believe that adding a DomainKeys signature would make a message more palatable. There is no provision in amavisd to generate DomainKeys signatures. It's certainly possible to do so with a smallish hack, but I don't think it is worth the trouble. For a simple manual test you can use the program below. Prepare a sample message on a file, pass it on stdin to the program below: ./dkim_signer <0.msg which will produce two signatures, which you can then prepend to your message with a text editor or with some shell command, and submit the message thus fabricated using mini_sendmail or a command-line 'sendmail -i -fFrom re...@yahoo.com <0.msg' and see what happens. Make sure not to clobber anything else in the message while editing it. #!/usr/bin/perl -T use strict; use re 'taint'; use Mail::DKIM::TextWrap; use Mail::DKIM::Signer; use Mail::DKIM::Signature; use Mail::DKIM::DkSignature; my($policyfn) = sub { my($dkim) = shift; my($dkim_signature) = Mail::DKIM::Signature->new( Selector => 'xxxx', Domain => 'example.com', Method => 'relaxed/simple', Algorithm => 'rsa-sha256', Headers => $dkim->headers, ); my($dk_signature) = Mail::DKIM::DkSignature->new( Selector => 'xxxx', Domain => 'example.com', Method => 'nofws', Headers => $dkim->headers, ); $dkim->add_signature($dkim_signature); $dkim->add_signature($dk_signature); undef; }; my($dkim) = Mail::DKIM::Signer->new(Policy => $policyfn, KeyFile => 'test.key.pem'); my($s); { local $/; $s = <STDIN> } $s =~ s/\n/\015\012/g; $dkim->PRINT($s); $dkim->CLOSE; my(@signatures) = $dkim->signatures; for my $signature (@signatures) { print $signature->as_string . "\n"; } Mark ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/