On Mon 18/May/2020 22:32:21 +0200 John Levine wrote: > In article <a56ed61ad07200aff05ad16102525...@junc.eu> you write: >>> I suggested they make a few changes which they have now done: there is >>> now an explicit _dmarc.dmarc.ietf.org TXT record, and there is an MX >>> record pointing at the mail server rather than A/AAAA records. >> >>spamassassin still says dkim invalid here > > Yes, that is correct.
Why would that be correct? It says DKIM_VALID here, not only in normal TB usage (attached) but also if I run SA locally (normally I spare SA for list messages), getting the following (notice dkim: signature verification result: PASS): ale@pcale:~/tmp$ spamassassin -D dkim < valid.eml May 19 11:35:03.226 [4856] dbg: dkim: using Mail::DKIM version 0.4 May 19 11:35:03.226 [4856] dbg: dkim: providing our own resolver: Mail::SpamAssassin::DnsResolver May 19 11:35:03.231 [4856] dbg: dkim: performing public key lookup and signature verification May 19 11:35:03.979 [4856] dbg: dkim: VALID DKIM, i=@ietf.org, d=ietf.org, s=ietf1, a=rsa-sha256, c=relaxed/simple, key_bits=1024, pass, does not match author domain May 19 11:35:03.979 [4856] dbg: dkim: VALID DKIM, i=@ietf.org, d=ietf.org, s=ietf1, a=rsa-sha256, c=relaxed/simple, key_bits=1024, pass, does not match author domain May 19 11:35:03.979 [4856] dbg: dkim: FAILED DKIM, i=@iecc.com, d=iecc.com, s=fc88.5ec2f0d6.k2005, a=rsa-sha256, c=simple/simple, unknown key size, fail, does not match author domain May 19 11:35:03.980 [4856] dbg: dkim: FAILED DKIM, i=@taugh.com, d=taugh.com, s=fc88.5ec2f0d6.k2005, a=rsa-sha256, c=simple/simple, unknown key size, fail, matches author domain May 19 11:35:03.980 [4856] dbg: dkim: signature verification result: PASS May 19 11:35:03.983 [4856] dbg: dkim: adsp: performing lookup on _adsp._domainkey.taugh.com May 19 11:35:04.219 [4856] dbg: dkim: adsp result: U/unknown (dns: unknown), author domain 'taugh.com' May 19 11:35:04.238 [4856] dbg: dkim: VALID signature by ietf.org, author jo...@taugh.com, no valid matches May 19 11:35:04.238 [4856] dbg: dkim: VALID signature by ietf.org, author jo...@taugh.com, no valid matches May 19 11:35:04.238 [4856] dbg: dkim: FAILED signature by iecc.com, author jo...@taugh.com, no valid matches May 19 11:35:04.238 [4856] dbg: dkim: FAILED signature by taugh.com, author jo...@taugh.com, no valid matches May 19 11:35:04.238 [4856] dbg: dkim: author jo...@taugh.com, not in any dkim whitelist May 19 11:35:06.693 [4857] info: util: setuid: ruid=1000 euid=1000 rgid=1000 27 29 104 109 115 125 1000 egid=1000 27 29 104 109 115 125 1000 X-Spam-Checker-Version: SpamAssassin 4.0.0-r1845952 (2018-11-06) on pcale.tana X-Spam-Level: X-Spam-Status: No, score=-4.5 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H2,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.0-r1845952 Best Ale --
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc