You know, I don't think it has anything to do with simscan.  A staff
member in the office using a Mac laptop is sending mail to port 587
(no TLS option available in her Mac - only SSL, but she is in the
local office and the Mail Server is in the local office, and she is
not sending her password over the internet, so it's probably fine to
go without TLS in her case).  Anyway, when she sends an email to port
587 into our mail server to yahoo, it fails with domainkey failed
error header.  When I send via PC and Thuderbird into our external
firewall port forwarded into Mail Server port 587 with or without TLS
to yahoo (I've tried both ways), it works perfectly and the domainkey
header suceeded.

In both instances (Mac internal office, PC external - internet),
simscan is listed below the Domainkey header.  So since mine works and
her's does not, I don't think it is simscan/clamav.  It's happening to
both of our emails, so that would not appear to be a problem.

But, what in the world could it be?  I'm obviously going to have to go
into the office and try sending from my Thunderbird out to yahoo and
see if that still works.  But no matter if it does or does not, how
could Mac Mail or PC Thunderbird have anything to do with the headers
and HASH that would cause domainkeys to fail or suceed since they are
only calculated and added after the message has been handed off to
port 587 on the Mail Server?

For referrence, the external firewall only does a packet forwarding
into our mail server for traffic on port 587, and does not rewrite
anything.

Thanks
John





On Wed, Aug 27, 2008 at 9:06 PM, Tek Support <[EMAIL PROTECTED]> wrote:
> Well, we probably don't need it that bad that then.
>
> Thanks
> John
>
>
>
> On Wed, Aug 27, 2008 at 10:37 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>> I don't know, short of looking at the code. That would be in the (heavily
>> patched) source code for the qmail-smtp program. Looking that up would not
>> be a trivial exercise.
>>
>> Tek Support wrote:
>>> As you said (would have to), how do I determine the order they are
>>> run?  Is it simply that the DKIM header is added on top of the
>>> simscan, thus simscan first and dkim 2nd?
>>>
>>> Thanks
>>> John
>>>
>>>
>>>
>>> On Tue, Aug 26, 2008 at 2:14 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>>>> Simscan does scan outbound mail, but scans only for viruses (clamav), not
>>>> spam (spamassassin). This is consistent with the message you're seeing.
>>>>
>>>> Adding the DK signature would (have to) happen after this scan.
>>>>
>>>> Tek Support wrote:
>>>>> Hi Eric, thanks for the quick reply.  The reason I think it's doing
>>>>> outbound scanning is a specific line in the header, maybe you can shed
>>>>> some light on it.  In an email sent from mydomain to my yahoo accout
>>>>> these are in the headers.  The line I'm interrested in, is possibly
>>>>> added by yahoo, but I think it's from me.
>>>>>
>>>>> Received:   by simscan 1.3.1 ppid: 4768, pid: 4895, t: 0.0658s
>>>>> scanners: attach: 1.3.1 clamav: 0.93.3
>>>>>
>>>>> Wouldn't simscan be run on my box, and if so, would it be done before
>>>>> DKIM or after?
>>>>>
>>>>> Thanks
>>>>> John
>>>>>
>>>>>
>>>>>
>>>>> On Tue, Aug 26, 2008 at 9:42 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>>>>>> Tek Support wrote:
>>>>>>> Hi all, recently I had asked if there was a reason to use the port 587
>>>>>>> if I installed spamdyke (because spamdyke authenticated my dynamic
>>>>>>> users and ignored the rbls).  Well, maybe I've found something that
>>>>>>> would still require me to use 587 instead of port 25.  I would
>>>>>>> appreciate any info.
>>>>>>>
>>>>>>> As of right now, my staff are using port 25 for outbound - I just
>>>>>>> didn't see the need to have another port open to the outside when
>>>>>>> after installing spamdyke, they were able to send and were not blocked
>>>>>>> as "dynamic".  But the staff have been having trouble sending to
>>>>>>> yahoo.com, and in looking at the headers on a message that finally
>>>>>>> arrived into yahoo (and gmail) the headers show this:
>>>>>>>
>>>>>>> Authentication-Results:   mta553.mail.mud.yahoo.com from=mydomain.com;
>>>>>>> domainkeys=fail (bad sig)
>>>>>>>
>>>>>>> But I had gone through the process step by step and tested my DKIM
>>>>>>> with the sourceforge.net sites, and those showed that my dkim seemed
>>>>>>> accurate.  So, anyway in a brilliant flash of light I decided to try
>>>>>>> port 587, and on my first try I got these headers in an email sent to
>>>>>>> yahoo and gmail:
>>>>>>>
>>>>>>> Received-SPF: pass ....
>>>>>>> DomainKey-Status: good
>>>>>>> Authentication-Results: mx.google.com; spf=pass ...
>>>>>>>
>>>>>>> So, I guess my question would be, does something in the spam checking
>>>>>>> on outbound emails from pop3/smtp users (not imap and squirrelmail)
>>>>>>> with spamdyke, rewrite the headers after the dkim has processed the
>>>>>>> email which would cause my DKIM hash to be invalid when yahoo and
>>>>>>> gmail check it?
>>>>>> I don't believe that spam checking is enabled on outgoing mail, at least 
>>>>>> not
>>>>>> in the 'stock' toaster. So the answer is, not that I'm aware of.
>>>>>>
>>>>>> Note, squirrelmail gets a 'free pass' (open relay), due to the localhost
>>>>>> line in the /etc/tcprules/tcp.smtp file.
>>>>>>
>>>>>> Also, be aware that DK and DKIM are 2 different things. The toaster has a
>>>>>> (somewhat broken, at least on the incoming side) DK implementation. The
>>>>>> toaster has no DKIM capability.
>>>>>>
>>>>>> I suppose that DK might work (better) with the port 587 configuration 
>>>>>> than
>>>>>> with port 25. I wouldn't know why though, as I'm not familiar with the
>>>>>> problem(s) that DK has. We had a fellow in Russia on the list a while 
>>>>>> back
>>>>>> who fixed some things with it, but we haven't heard from him in quite a 
>>>>>> while.
>>>>>>
>>>>>>> CentOS 5
>>>>>>> x86_64bit
>>>>>>>
>>>>>>> Thanks
>>>>>>> John
>>>>>>>
>>>>>> --
>>>>>> -Eric 'shubes'
>>>>>>
>>>>
>>>> --
>>>> -Eric 'shubes'
>>>>
>>
>>
>> --
>> -Eric 'shubes'
>>
>> ---------------------------------------------------------------------
>>     QmailToaster hosted by: VR Hosted <http://www.vr.org>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>

---------------------------------------------------------------------
     QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to