with b.eml: signing-milter -g postfix -m /var/secure_files/cert/signers.cdb -s inet:9991 -t 60 -u postfix -b &>/dev/null </dev/null & without b.eml: signing-milter -g postfix -m /var/secure_files/cert/signers.cdb -s inet:9991 -t 60 -u postfix &>/dev/null </dev/null &
So to compare, I need to save a copy of the mail *before* it goes through the milter. Both Andreas and you said that my mails that I put into signing-milter were "garbage".
-----Ursprungligt meddelande----- From: Wietse Venema
Sent: Wednesday, March 04, 2015 9:42 PM To: Postfix usersSubject: Re: Have tested lots of solutions now with signing-milter. What is the problem?
Sebastian Nielsen:
its not DKIM that fails. Its S/MIME.
Does not matter (S/Mime signs body parts so there are no header issues).
But how can I retain a copy of message before milter? Could then remove thehashcash milter and DKIM milter (since those does not change that -b does succeed validation and no -b does fail validation) and send a test mail.
You need a copy of the signed mail, before and after transmission to a system where it fails to verify. One way to get the before- transmission copy is to use a virtual alias (or always_bcc, or sender/recipient_bcc_maps) that delivers a local copy. Or you grab it with a network sniffer as it is being sent to a remote system. If that copy still verifies correctly, the message is modified elsewhere.Wietse
--- Begin Message ---with b
smime.p7s
Description: S/MIME cryptographic signature
--- End Message ---
--- Begin Message ---signed without b
Description: S/MIME cryptographic signature
--- End Message ---
smime.p7s
Description: S/MIME cryptographic signature
