Le 11/01/2010 16:31, Matt Harrison a écrit : > On Mon, Jan 11, 2010 at 04:09:07PM +0100, Xavier Parizet wrote: >> Le 10/01/2010 22:26, Matt Harrison a ??crit : >>> I say OT because it's my understanding of DKIM that lets me down here, not >>> Gentoo. I'm >>> just not sure who to ask or even if it could be something Gentoo related. >>> >>> I've recently updated my postfix home mail server to use amavis-new for >>> virus and spam >>> filtering rather than procmail/spamassassin. >>> >>> It seems to be working well and I've also enabled some other goodies like >>> DKIM signing >>> and verification. I haven't confirmed signing is working yet, so maybe a >>> side effect >>> of this email is that someone can confirm this for me ;) >> >> Your mail is not DKIM-Signed, check your setup. > > Ok, thanks for checking, it appears that outbound messages weren't being > passed to > amavis, I think I've rectified that now. > > I can see the message being scanned in the logs, but not necessarily being > signed > though. Inbound messages generate warnings such as: > > dkim: not signing, no applicable private key for domains ruby-forum.com.....
Seems that either you forgot to setup the DNS for ruby-forum.com with the public key, or you don't own ruby-forum.com, as well as his private key. Keep in mind that signing is done according to the "From:" header content. > but my outbound messages just scan clean. I've tried without sender maps and > with > limiting them to my domain. > >>> The main query I have is that a lot of the mail I get, in this case from >>> various >>> mailing lists, appears to failed DKIM verification. [SNIP] >> >> 90% chance the emails failing DKIM verification had their email subject >> modified >> to add "[gentoo-user]" in it by the mlmmj program that manage the >> mailing-list, >> which mainly concerns topic starts (ie first mails about one topic). > > That would make a lot of sense, I'm not sure if it's just the first messages > that are > doing it, but I have a feeling that others in a thread are also failing. After some checking, it appears that Reply-To: header is also modified by mlmmj, and so DKIM verification fails too for these ones. > > Thanks for your input Xavier, I think I need to get over to the amavis or > postfix > guys, like Stroller said, to really figure out what is happening. -- Xavier Parizet YaGB : http://gentooist.com GPG : C7DC B10E FC21 63BE B453 D239 F6E6 DF65 1569 91BF
signature.asc
Description: OpenPGP digital signature