Re: [qmailtoaster] some problems

[Eric Shubert]

Eric Shubert wrote:
> Ok, but this is going to be a bit terse. You're cutting into my programming
> time. :( (I'm working on qtp-install-rpmforge script, in case anyone's
> wondering)
> 
> SPF was dreamed up by yahoo (IIRC)

This is wrong. MSN is associated with SPF/SPF2.

. The configuration for this is contained
> in the domain's TXT record. See http://www.openspf.org/
> 
> DK was dreamed up by google.

This is wrong too. DK/DKIM are brainchilds of yahoo.

Just thought I'd set the record straight.

> The configuration for consists of the private
> key used for signing and stored on the server, as well as some public
> information. The public information is published in 2 DNS TXT records. One
> is named "_domainkey.yourdomain.com", and contains "o=-" (and some other
> optional fields). The second is named
> "somekeyname._domainkey.yourdomain.com", and contains 2 fields - the key
> type and the public key value. I'm guessing you've already seen the wiki, or
> you probably wouldn't be this far along.
> 
> See http://en.wikipedia.org/wiki/DomainKeys for (much) more.
> 
> P.S. Google is your friend.
> 
> Tek Support wrote:
>> Ok, now I'm confused.  A long time ago I added an SPF TXT record to
>> our company's DNS.  I thought that was DK.  Now with the newly
>> installed CentOS 5 QmailToaster near the bottom of the instructions
>> (10. Add domainkeys:), I thought this was DKIM since I had already had
>> the SPF.
>>
>> What is the difference between the SPF and DK?  And then what is the
>> difference between DK and DKIM?
>>
>> Thanks
>> John
>>
>>
>>
>>
>>
>> On Thu, Aug 28, 2008 at 2:56 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>>> As I understand it, a yahoo customer can mark an email coming from you as
>>> spam, and whammy, just like that your server gets deferred. Kinda suks if
>>> you ask me. I think you can contact them and go through some sort of process
>>> to get un-deferred. I wouldn't want to try to go that route unless it was
>>> absolutely necessary though (I've heard horror stories).
>>>
>>> And one more thing, it's DK we're talking about, *not* DKIM. DKIM is
>>> different, sort of a successor to DK. DKIM is *not* implemented in the
>>> toaster in any fashion (and probably won't be any time soon).
>>>
>>> Tek Support wrote:
 I appreciate you doing a test to yahoo, it gives me one more piece to
 the puzzle.  I've never seriously considered the Mac to be any part of
 the real problem.  But it's where I am in the process of elimination.
 I would like to turn off DKIM but Yahoo is so strange, the sometimes
 will block emails that are not spam, have the correct RDNS and also
 have a good DKIM signature.  So I've been hopeful that as I implement
 each new little thing like DKIM, that yahoo will stop being so
 retarted on what they block/deffer and put into the spam folder.  I've
 had valid emails from someone for months, and then all of a sudden
 they are put into my spam folder.  But I can't expect yahoo to accept
 my emails if I'm using DKIM and my HASH doesn't work right.  So like
 you've suggested, maybe I'll just turn it off.

 Thanks
 John





 On Thu, Aug 28, 2008 at 11:08 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
> FWIW, I just had my Mac user send a test to yahoo, and it came through 
> just
> fine:
>
> Authentication-Results: mta230.mail.re4.yahoo.com from=shubes.net;
> domainkeys=pass (ok)
> ...
> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=shubes.net;
> b=UncEkJWJcam4+5rGNSbusen0silI486Nm9KxTZRLuJoA5qQ55efjifjFRc6VKxQX;
> Received: by simscan 1.3.1 ppid: 26131, pid: 26134, t: 0.0166s scanners:
> clamav: 0.93.3
>
> Eric Shubert wrote:
>> I'd look very carefully at the Mac's configuration. I have a Mac user on 
>> a
>> toaster signing with DKs, and haven't heard of any undeliverables. Not 
>> sure
>> there's much if anything going to yahoo from there though.
>>
>> Then I'd consider turning off DK signatures. Not many servers actively 
>> use
>> them. Even google groups (google 'invented' DKs) only uses DKs in test 
>> mode
>> (last I checked, several months ago).
>>
>> Tek Support wrote:
>>> Yes that's correct, both are in the same domain.
>>>
>>> Thanks
>>> John
>>>
>>>
>>>
>>> On Wed, Aug 27, 2008 at 10:24 PM, Eric Shubert <[EMAIL PROTECTED]> 
>>> wrote:
 That's an odd one, all right. And I think you've described the 
 situation
 pretty well (at least I think I understand what's happening).

 Both instances are sending from exactly the same domain, right?

 Tek Support wrote:
> You know, I don't think it has anything to do with simscan.  A staff
> member in the office using a Mac laptop is sending mail to port 587
> (no TLS option available in her Mac - only SSL, but she

Re: [qmailtoaster] some problems

[Tek Support]

Well, keep programming and I'll stop asking silly questions.  I could
have looked that up myself, but didn't.  I am going to turn off
domainkey and leave my spf.  If domainkey becomes more of a
requirement then I and everyone else will have to deal with it more
then.

Thanks for your help, good luck getting your programming done.
John





On Thu, Aug 28, 2008 at 8:49 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
> Ok, but this is going to be a bit terse. You're cutting into my programming
> time. :( (I'm working on qtp-install-rpmforge script, in case anyone's
> wondering)
>
> SPF was dreamed up by yahoo (IIRC). The configuration for this is contained
> in the domain's TXT record. See http://www.openspf.org/
>
> DK was dreamed up by google. The configuration for consists of the private
> key used for signing and stored on the server, as well as some public
> information. The public information is published in 2 DNS TXT records. One
> is named "_domainkey.yourdomain.com", and contains "o=-" (and some other
> optional fields). The second is named
> "somekeyname._domainkey.yourdomain.com", and contains 2 fields - the key
> type and the public key value. I'm guessing you've already seen the wiki, or
> you probably wouldn't be this far along.
>
> See http://en.wikipedia.org/wiki/DomainKeys for (much) more.
>
> P.S. Google is your friend.
>
> Tek Support wrote:
>> Ok, now I'm confused.  A long time ago I added an SPF TXT record to
>> our company's DNS.  I thought that was DK.  Now with the newly
>> installed CentOS 5 QmailToaster near the bottom of the instructions
>> (10. Add domainkeys:), I thought this was DKIM since I had already had
>> the SPF.
>>
>> What is the difference between the SPF and DK?  And then what is the
>> difference between DK and DKIM?
>>
>> Thanks
>> John
>>
>>
>>
>>
>>
>> On Thu, Aug 28, 2008 at 2:56 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>>> As I understand it, a yahoo customer can mark an email coming from you as
>>> spam, and whammy, just like that your server gets deferred. Kinda suks if
>>> you ask me. I think you can contact them and go through some sort of process
>>> to get un-deferred. I wouldn't want to try to go that route unless it was
>>> absolutely necessary though (I've heard horror stories).
>>>
>>> And one more thing, it's DK we're talking about, *not* DKIM. DKIM is
>>> different, sort of a successor to DK. DKIM is *not* implemented in the
>>> toaster in any fashion (and probably won't be any time soon).
>>>
>>> Tek Support wrote:
 I appreciate you doing a test to yahoo, it gives me one more piece to
 the puzzle.  I've never seriously considered the Mac to be any part of
 the real problem.  But it's where I am in the process of elimination.
 I would like to turn off DKIM but Yahoo is so strange, the sometimes
 will block emails that are not spam, have the correct RDNS and also
 have a good DKIM signature.  So I've been hopeful that as I implement
 each new little thing like DKIM, that yahoo will stop being so
 retarted on what they block/deffer and put into the spam folder.  I've
 had valid emails from someone for months, and then all of a sudden
 they are put into my spam folder.  But I can't expect yahoo to accept
 my emails if I'm using DKIM and my HASH doesn't work right.  So like
 you've suggested, maybe I'll just turn it off.

 Thanks
 John





 On Thu, Aug 28, 2008 at 11:08 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
> FWIW, I just had my Mac user send a test to yahoo, and it came through 
> just
> fine:
>
> Authentication-Results: mta230.mail.re4.yahoo.com from=shubes.net;
> domainkeys=pass (ok)
> ...
> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=shubes.net;
> b=UncEkJWJcam4+5rGNSbusen0silI486Nm9KxTZRLuJoA5qQ55efjifjFRc6VKxQX;
> Received: by simscan 1.3.1 ppid: 26131, pid: 26134, t: 0.0166s scanners:
> clamav: 0.93.3
>
> Eric Shubert wrote:
>> I'd look very carefully at the Mac's configuration. I have a Mac user on 
>> a
>> toaster signing with DKs, and haven't heard of any undeliverables. Not 
>> sure
>> there's much if anything going to yahoo from there though.
>>
>> Then I'd consider turning off DK signatures. Not many servers actively 
>> use
>> them. Even google groups (google 'invented' DKs) only uses DKs in test 
>> mode
>> (last I checked, several months ago).
>>
>> Tek Support wrote:
>>> Yes that's correct, both are in the same domain.
>>>
>>> Thanks
>>> John
>>>
>>>
>>>
>>> On Wed, Aug 27, 2008 at 10:24 PM, Eric Shubert <[EMAIL PROTECTED]> 
>>> wrote:
 That's an odd one, all right. And I think you've described the 
 situation
 pretty well (at least I think I understand what's happening).

 Both instances are sending from exactly the same domain, right?

 Te

Re: [qmailtoaster] some problems

[Eric Shubert]

Ok, but this is going to be a bit terse. You're cutting into my programming
time. :( (I'm working on qtp-install-rpmforge script, in case anyone's
wondering)

SPF was dreamed up by yahoo (IIRC). The configuration for this is contained
in the domain's TXT record. See http://www.openspf.org/

DK was dreamed up by google. The configuration for consists of the private
key used for signing and stored on the server, as well as some public
information. The public information is published in 2 DNS TXT records. One
is named "_domainkey.yourdomain.com", and contains "o=-" (and some other
optional fields). The second is named
"somekeyname._domainkey.yourdomain.com", and contains 2 fields - the key
type and the public key value. I'm guessing you've already seen the wiki, or
you probably wouldn't be this far along.

See http://en.wikipedia.org/wiki/DomainKeys for (much) more.

P.S. Google is your friend.

Tek Support wrote:
> Ok, now I'm confused.  A long time ago I added an SPF TXT record to
> our company's DNS.  I thought that was DK.  Now with the newly
> installed CentOS 5 QmailToaster near the bottom of the instructions
> (10. Add domainkeys:), I thought this was DKIM since I had already had
> the SPF.
> 
> What is the difference between the SPF and DK?  And then what is the
> difference between DK and DKIM?
> 
> Thanks
> John
> 
> 
> 
> 
> 
> On Thu, Aug 28, 2008 at 2:56 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>> As I understand it, a yahoo customer can mark an email coming from you as
>> spam, and whammy, just like that your server gets deferred. Kinda suks if
>> you ask me. I think you can contact them and go through some sort of process
>> to get un-deferred. I wouldn't want to try to go that route unless it was
>> absolutely necessary though (I've heard horror stories).
>>
>> And one more thing, it's DK we're talking about, *not* DKIM. DKIM is
>> different, sort of a successor to DK. DKIM is *not* implemented in the
>> toaster in any fashion (and probably won't be any time soon).
>>
>> Tek Support wrote:
>>> I appreciate you doing a test to yahoo, it gives me one more piece to
>>> the puzzle.  I've never seriously considered the Mac to be any part of
>>> the real problem.  But it's where I am in the process of elimination.
>>> I would like to turn off DKIM but Yahoo is so strange, the sometimes
>>> will block emails that are not spam, have the correct RDNS and also
>>> have a good DKIM signature.  So I've been hopeful that as I implement
>>> each new little thing like DKIM, that yahoo will stop being so
>>> retarted on what they block/deffer and put into the spam folder.  I've
>>> had valid emails from someone for months, and then all of a sudden
>>> they are put into my spam folder.  But I can't expect yahoo to accept
>>> my emails if I'm using DKIM and my HASH doesn't work right.  So like
>>> you've suggested, maybe I'll just turn it off.
>>>
>>> Thanks
>>> John
>>>
>>>
>>>
>>>
>>>
>>> On Thu, Aug 28, 2008 at 11:08 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
 FWIW, I just had my Mac user send a test to yahoo, and it came through just
 fine:

 Authentication-Results: mta230.mail.re4.yahoo.com from=shubes.net;
 domainkeys=pass (ok)
 ...
 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=shubes.net;
 b=UncEkJWJcam4+5rGNSbusen0silI486Nm9KxTZRLuJoA5qQ55efjifjFRc6VKxQX;
 Received: by simscan 1.3.1 ppid: 26131, pid: 26134, t: 0.0166s scanners:
 clamav: 0.93.3

 Eric Shubert wrote:
> I'd look very carefully at the Mac's configuration. I have a Mac user on a
> toaster signing with DKs, and haven't heard of any undeliverables. Not 
> sure
> there's much if anything going to yahoo from there though.
>
> Then I'd consider turning off DK signatures. Not many servers actively use
> them. Even google groups (google 'invented' DKs) only uses DKs in test 
> mode
> (last I checked, several months ago).
>
> Tek Support wrote:
>> Yes that's correct, both are in the same domain.
>>
>> Thanks
>> John
>>
>>
>>
>> On Wed, Aug 27, 2008 at 10:24 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>>> That's an odd one, all right. And I think you've described the situation
>>> pretty well (at least I think I understand what's happening).
>>>
>>> Both instances are sending from exactly the same domain, right?
>>>
>>> Tek Support wrote:
 You know, I don't think it has anything to do with simscan.  A staff
 member in the office using a Mac laptop is sending mail to port 587
 (no TLS option available in her Mac - only SSL, but she is in the
 local office and the Mail Server is in the local office, and she is
 not sending her password over the internet, so it's probably fine to
 go without TLS in her case).  Anyway, when she sends an email to port
 587 into our mail server to yahoo, it fails with domainkey failed
 error he

Re: [qmailtoaster] some problems

[Eric Shubert]

I'm not sure, but I think it's the end of the previous line, that yahoo
doesn't format properly when it shows you the header details.

Tek Support wrote:
> Another question I have is what is this header for?
> 
> /m:47/d:   7860
> 
> Thanks
> John
> 
> 
> 
> 
> On Thu, Aug 28, 2008 at 7:47 PM, Tek Support <[EMAIL PROTECTED]> wrote:
>> Ok, now I'm confused.  A long time ago I added an SPF TXT record to
>> our company's DNS.  I thought that was DK.  Now with the newly
>> installed CentOS 5 QmailToaster near the bottom of the instructions
>> (10. Add domainkeys:), I thought this was DKIM since I had already had
>> the SPF.
>>
>> What is the difference between the SPF and DK?  And then what is the
>> difference between DK and DKIM?
>>
>> Thanks
>> John
>>
>>
>>
>>
>>
>> On Thu, Aug 28, 2008 at 2:56 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>>> As I understand it, a yahoo customer can mark an email coming from you as
>>> spam, and whammy, just like that your server gets deferred. Kinda suks if
>>> you ask me. I think you can contact them and go through some sort of process
>>> to get un-deferred. I wouldn't want to try to go that route unless it was
>>> absolutely necessary though (I've heard horror stories).
>>>
>>> And one more thing, it's DK we're talking about, *not* DKIM. DKIM is
>>> different, sort of a successor to DK. DKIM is *not* implemented in the
>>> toaster in any fashion (and probably won't be any time soon).
>>>
>>> Tek Support wrote:
 I appreciate you doing a test to yahoo, it gives me one more piece to
 the puzzle.  I've never seriously considered the Mac to be any part of
 the real problem.  But it's where I am in the process of elimination.
 I would like to turn off DKIM but Yahoo is so strange, the sometimes
 will block emails that are not spam, have the correct RDNS and also
 have a good DKIM signature.  So I've been hopeful that as I implement
 each new little thing like DKIM, that yahoo will stop being so
 retarted on what they block/deffer and put into the spam folder.  I've
 had valid emails from someone for months, and then all of a sudden
 they are put into my spam folder.  But I can't expect yahoo to accept
 my emails if I'm using DKIM and my HASH doesn't work right.  So like
 you've suggested, maybe I'll just turn it off.

 Thanks
 John





 On Thu, Aug 28, 2008 at 11:08 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
> FWIW, I just had my Mac user send a test to yahoo, and it came through 
> just
> fine:
>
> Authentication-Results: mta230.mail.re4.yahoo.com from=shubes.net;
> domainkeys=pass (ok)
> ...
> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=shubes.net;
> b=UncEkJWJcam4+5rGNSbusen0silI486Nm9KxTZRLuJoA5qQ55efjifjFRc6VKxQX;
> Received: by simscan 1.3.1 ppid: 26131, pid: 26134, t: 0.0166s scanners:
> clamav: 0.93.3
>
> Eric Shubert wrote:
>> I'd look very carefully at the Mac's configuration. I have a Mac user on 
>> a
>> toaster signing with DKs, and haven't heard of any undeliverables. Not 
>> sure
>> there's much if anything going to yahoo from there though.
>>
>> Then I'd consider turning off DK signatures. Not many servers actively 
>> use
>> them. Even google groups (google 'invented' DKs) only uses DKs in test 
>> mode
>> (last I checked, several months ago).
>>
>> Tek Support wrote:
>>> Yes that's correct, both are in the same domain.
>>>
>>> Thanks
>>> John
>>>
>>>
>>>
>>> On Wed, Aug 27, 2008 at 10:24 PM, Eric Shubert <[EMAIL PROTECTED]> 
>>> wrote:
 That's an odd one, all right. And I think you've described the 
 situation
 pretty well (at least I think I understand what's happening).

 Both instances are sending from exactly the same domain, right?

 Tek Support wrote:
> You know, I don't think it has anything to do with simscan.  A staff
> member in the office using a Mac laptop is sending mail to port 587
> (no TLS option available in her Mac - only SSL, but she is in the
> local office and the Mail Server is in the local office, and she is
> not sending her password over the internet, so it's probably fine to
> go without TLS in her case).  Anyway, when she sends an email to port
> 587 into our mail server to yahoo, it fails with domainkey failed
> error header.  When I send via PC and Thuderbird into our external
> firewall port forwarded into Mail Server port 587 with or without TLS
> to yahoo (I've tried both ways), it works perfectly and the domainkey
> header suceeded.
>
> In both instances (Mac internal office, PC external - internet),
> simscan is listed below the Domainkey header.  So since mine works and
> her's does not, I don't think it is sims

Re: [qmailtoaster] some problems

[Tek Support]

Another question I have is what is this header for?

/m:47/d:   7860

Thanks
John




On Thu, Aug 28, 2008 at 7:47 PM, Tek Support <[EMAIL PROTECTED]> wrote:
> Ok, now I'm confused.  A long time ago I added an SPF TXT record to
> our company's DNS.  I thought that was DK.  Now with the newly
> installed CentOS 5 QmailToaster near the bottom of the instructions
> (10. Add domainkeys:), I thought this was DKIM since I had already had
> the SPF.
>
> What is the difference between the SPF and DK?  And then what is the
> difference between DK and DKIM?
>
> Thanks
> John
>
>
>
>
>
> On Thu, Aug 28, 2008 at 2:56 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>> As I understand it, a yahoo customer can mark an email coming from you as
>> spam, and whammy, just like that your server gets deferred. Kinda suks if
>> you ask me. I think you can contact them and go through some sort of process
>> to get un-deferred. I wouldn't want to try to go that route unless it was
>> absolutely necessary though (I've heard horror stories).
>>
>> And one more thing, it's DK we're talking about, *not* DKIM. DKIM is
>> different, sort of a successor to DK. DKIM is *not* implemented in the
>> toaster in any fashion (and probably won't be any time soon).
>>
>> Tek Support wrote:
>>> I appreciate you doing a test to yahoo, it gives me one more piece to
>>> the puzzle.  I've never seriously considered the Mac to be any part of
>>> the real problem.  But it's where I am in the process of elimination.
>>> I would like to turn off DKIM but Yahoo is so strange, the sometimes
>>> will block emails that are not spam, have the correct RDNS and also
>>> have a good DKIM signature.  So I've been hopeful that as I implement
>>> each new little thing like DKIM, that yahoo will stop being so
>>> retarted on what they block/deffer and put into the spam folder.  I've
>>> had valid emails from someone for months, and then all of a sudden
>>> they are put into my spam folder.  But I can't expect yahoo to accept
>>> my emails if I'm using DKIM and my HASH doesn't work right.  So like
>>> you've suggested, maybe I'll just turn it off.
>>>
>>> Thanks
>>> John
>>>
>>>
>>>
>>>
>>>
>>> On Thu, Aug 28, 2008 at 11:08 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
 FWIW, I just had my Mac user send a test to yahoo, and it came through just
 fine:

 Authentication-Results: mta230.mail.re4.yahoo.com from=shubes.net;
 domainkeys=pass (ok)
 ...
 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=shubes.net;
 b=UncEkJWJcam4+5rGNSbusen0silI486Nm9KxTZRLuJoA5qQ55efjifjFRc6VKxQX;
 Received: by simscan 1.3.1 ppid: 26131, pid: 26134, t: 0.0166s scanners:
 clamav: 0.93.3

 Eric Shubert wrote:
> I'd look very carefully at the Mac's configuration. I have a Mac user on a
> toaster signing with DKs, and haven't heard of any undeliverables. Not 
> sure
> there's much if anything going to yahoo from there though.
>
> Then I'd consider turning off DK signatures. Not many servers actively use
> them. Even google groups (google 'invented' DKs) only uses DKs in test 
> mode
> (last I checked, several months ago).
>
> Tek Support wrote:
>> Yes that's correct, both are in the same domain.
>>
>> Thanks
>> John
>>
>>
>>
>> On Wed, Aug 27, 2008 at 10:24 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>>> That's an odd one, all right. And I think you've described the situation
>>> pretty well (at least I think I understand what's happening).
>>>
>>> Both instances are sending from exactly the same domain, right?
>>>
>>> Tek Support wrote:
 You know, I don't think it has anything to do with simscan.  A staff
 member in the office using a Mac laptop is sending mail to port 587
 (no TLS option available in her Mac - only SSL, but she is in the
 local office and the Mail Server is in the local office, and she is
 not sending her password over the internet, so it's probably fine to
 go without TLS in her case).  Anyway, when she sends an email to port
 587 into our mail server to yahoo, it fails with domainkey failed
 error header.  When I send via PC and Thuderbird into our external
 firewall port forwarded into Mail Server port 587 with or without TLS
 to yahoo (I've tried both ways), it works perfectly and the domainkey
 header suceeded.

 In both instances (Mac internal office, PC external - internet),
 simscan is listed below the Domainkey header.  So since mine works and
 her's does not, I don't think it is simscan/clamav.  It's happening to
 both of our emails, so that would not appear to be a problem.

 But, what in the world could it be?  I'm obviously going to have to go
 into the office and try sending from my Thunderbird out to yahoo and
 see if that still works.  But no matter i

Re: [qmailtoaster] some problems

[Tek Support]

Ok, now I'm confused.  A long time ago I added an SPF TXT record to
our company's DNS.  I thought that was DK.  Now with the newly
installed CentOS 5 QmailToaster near the bottom of the instructions
(10. Add domainkeys:), I thought this was DKIM since I had already had
the SPF.

What is the difference between the SPF and DK?  And then what is the
difference between DK and DKIM?

Thanks
John





On Thu, Aug 28, 2008 at 2:56 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
> As I understand it, a yahoo customer can mark an email coming from you as
> spam, and whammy, just like that your server gets deferred. Kinda suks if
> you ask me. I think you can contact them and go through some sort of process
> to get un-deferred. I wouldn't want to try to go that route unless it was
> absolutely necessary though (I've heard horror stories).
>
> And one more thing, it's DK we're talking about, *not* DKIM. DKIM is
> different, sort of a successor to DK. DKIM is *not* implemented in the
> toaster in any fashion (and probably won't be any time soon).
>
> Tek Support wrote:
>> I appreciate you doing a test to yahoo, it gives me one more piece to
>> the puzzle.  I've never seriously considered the Mac to be any part of
>> the real problem.  But it's where I am in the process of elimination.
>> I would like to turn off DKIM but Yahoo is so strange, the sometimes
>> will block emails that are not spam, have the correct RDNS and also
>> have a good DKIM signature.  So I've been hopeful that as I implement
>> each new little thing like DKIM, that yahoo will stop being so
>> retarted on what they block/deffer and put into the spam folder.  I've
>> had valid emails from someone for months, and then all of a sudden
>> they are put into my spam folder.  But I can't expect yahoo to accept
>> my emails if I'm using DKIM and my HASH doesn't work right.  So like
>> you've suggested, maybe I'll just turn it off.
>>
>> Thanks
>> John
>>
>>
>>
>>
>>
>> On Thu, Aug 28, 2008 at 11:08 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>>> FWIW, I just had my Mac user send a test to yahoo, and it came through just
>>> fine:
>>>
>>> Authentication-Results: mta230.mail.re4.yahoo.com from=shubes.net;
>>> domainkeys=pass (ok)
>>> ...
>>> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=shubes.net;
>>> b=UncEkJWJcam4+5rGNSbusen0silI486Nm9KxTZRLuJoA5qQ55efjifjFRc6VKxQX;
>>> Received: by simscan 1.3.1 ppid: 26131, pid: 26134, t: 0.0166s scanners:
>>> clamav: 0.93.3
>>>
>>> Eric Shubert wrote:
 I'd look very carefully at the Mac's configuration. I have a Mac user on a
 toaster signing with DKs, and haven't heard of any undeliverables. Not sure
 there's much if anything going to yahoo from there though.

 Then I'd consider turning off DK signatures. Not many servers actively use
 them. Even google groups (google 'invented' DKs) only uses DKs in test mode
 (last I checked, several months ago).

 Tek Support wrote:
> Yes that's correct, both are in the same domain.
>
> Thanks
> John
>
>
>
> On Wed, Aug 27, 2008 at 10:24 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>> That's an odd one, all right. And I think you've described the situation
>> pretty well (at least I think I understand what's happening).
>>
>> Both instances are sending from exactly the same domain, right?
>>
>> Tek Support wrote:
>>> You know, I don't think it has anything to do with simscan.  A staff
>>> member in the office using a Mac laptop is sending mail to port 587
>>> (no TLS option available in her Mac - only SSL, but she is in the
>>> local office and the Mail Server is in the local office, and she is
>>> not sending her password over the internet, so it's probably fine to
>>> go without TLS in her case).  Anyway, when she sends an email to port
>>> 587 into our mail server to yahoo, it fails with domainkey failed
>>> error header.  When I send via PC and Thuderbird into our external
>>> firewall port forwarded into Mail Server port 587 with or without TLS
>>> to yahoo (I've tried both ways), it works perfectly and the domainkey
>>> header suceeded.
>>>
>>> In both instances (Mac internal office, PC external - internet),
>>> simscan is listed below the Domainkey header.  So since mine works and
>>> her's does not, I don't think it is simscan/clamav.  It's happening to
>>> both of our emails, so that would not appear to be a problem.
>>>
>>> But, what in the world could it be?  I'm obviously going to have to go
>>> into the office and try sending from my Thunderbird out to yahoo and
>>> see if that still works.  But no matter if it does or does not, how
>>> could Mac Mail or PC Thunderbird have anything to do with the headers
>>> and HASH that would cause domainkeys to fail or suceed since they are
>>> only calculated and added after the message has been handed off to
>>> port 587 on the Mail

Re: [qmailtoaster] some problems

[Eric Shubert]

As I understand it, a yahoo customer can mark an email coming from you as
spam, and whammy, just like that your server gets deferred. Kinda suks if
you ask me. I think you can contact them and go through some sort of process
to get un-deferred. I wouldn't want to try to go that route unless it was
absolutely necessary though (I've heard horror stories).

And one more thing, it's DK we're talking about, *not* DKIM. DKIM is
different, sort of a successor to DK. DKIM is *not* implemented in the
toaster in any fashion (and probably won't be any time soon).

Tek Support wrote:
> I appreciate you doing a test to yahoo, it gives me one more piece to
> the puzzle.  I've never seriously considered the Mac to be any part of
> the real problem.  But it's where I am in the process of elimination.
> I would like to turn off DKIM but Yahoo is so strange, the sometimes
> will block emails that are not spam, have the correct RDNS and also
> have a good DKIM signature.  So I've been hopeful that as I implement
> each new little thing like DKIM, that yahoo will stop being so
> retarted on what they block/deffer and put into the spam folder.  I've
> had valid emails from someone for months, and then all of a sudden
> they are put into my spam folder.  But I can't expect yahoo to accept
> my emails if I'm using DKIM and my HASH doesn't work right.  So like
> you've suggested, maybe I'll just turn it off.
> 
> Thanks
> John
> 
> 
> 
> 
> 
> On Thu, Aug 28, 2008 at 11:08 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>> FWIW, I just had my Mac user send a test to yahoo, and it came through just
>> fine:
>>
>> Authentication-Results: mta230.mail.re4.yahoo.com from=shubes.net;
>> domainkeys=pass (ok)
>> ...
>> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=shubes.net;
>> b=UncEkJWJcam4+5rGNSbusen0silI486Nm9KxTZRLuJoA5qQ55efjifjFRc6VKxQX;
>> Received: by simscan 1.3.1 ppid: 26131, pid: 26134, t: 0.0166s scanners:
>> clamav: 0.93.3
>>
>> Eric Shubert wrote:
>>> I'd look very carefully at the Mac's configuration. I have a Mac user on a
>>> toaster signing with DKs, and haven't heard of any undeliverables. Not sure
>>> there's much if anything going to yahoo from there though.
>>>
>>> Then I'd consider turning off DK signatures. Not many servers actively use
>>> them. Even google groups (google 'invented' DKs) only uses DKs in test mode
>>> (last I checked, several months ago).
>>>
>>> Tek Support wrote:
 Yes that's correct, both are in the same domain.

 Thanks
 John



 On Wed, Aug 27, 2008 at 10:24 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
> That's an odd one, all right. And I think you've described the situation
> pretty well (at least I think I understand what's happening).
>
> Both instances are sending from exactly the same domain, right?
>
> Tek Support wrote:
>> You know, I don't think it has anything to do with simscan.  A staff
>> member in the office using a Mac laptop is sending mail to port 587
>> (no TLS option available in her Mac - only SSL, but she is in the
>> local office and the Mail Server is in the local office, and she is
>> not sending her password over the internet, so it's probably fine to
>> go without TLS in her case).  Anyway, when she sends an email to port
>> 587 into our mail server to yahoo, it fails with domainkey failed
>> error header.  When I send via PC and Thuderbird into our external
>> firewall port forwarded into Mail Server port 587 with or without TLS
>> to yahoo (I've tried both ways), it works perfectly and the domainkey
>> header suceeded.
>>
>> In both instances (Mac internal office, PC external - internet),
>> simscan is listed below the Domainkey header.  So since mine works and
>> her's does not, I don't think it is simscan/clamav.  It's happening to
>> both of our emails, so that would not appear to be a problem.
>>
>> But, what in the world could it be?  I'm obviously going to have to go
>> into the office and try sending from my Thunderbird out to yahoo and
>> see if that still works.  But no matter if it does or does not, how
>> could Mac Mail or PC Thunderbird have anything to do with the headers
>> and HASH that would cause domainkeys to fail or suceed since they are
>> only calculated and added after the message has been handed off to
>> port 587 on the Mail Server?
>>
>> For referrence, the external firewall only does a packet forwarding
>> into our mail server for traffic on port 587, and does not rewrite
>> anything.
>>
>> Thanks
>> John
>>
>>
>>
>>
>>
>> On Wed, Aug 27, 2008 at 9:06 PM, Tek Support <[EMAIL PROTECTED]> wrote:
>>> Well, we probably don't need it that bad that then.
>>>
>>> Thanks
>>> John
>>>
>>>
>>>
>>> On Wed, Aug 27, 2008 at 10:37 AM, Eric Shubert <[EMAIL PROTECTED]> 
>>> wrote:
 I don't know, sho

Re: [qmailtoaster] some problems

[Tek Support]

I appreciate you doing a test to yahoo, it gives me one more piece to
the puzzle.  I've never seriously considered the Mac to be any part of
the real problem.  But it's where I am in the process of elimination.
I would like to turn off DKIM but Yahoo is so strange, the sometimes
will block emails that are not spam, have the correct RDNS and also
have a good DKIM signature.  So I've been hopeful that as I implement
each new little thing like DKIM, that yahoo will stop being so
retarted on what they block/deffer and put into the spam folder.  I've
had valid emails from someone for months, and then all of a sudden
they are put into my spam folder.  But I can't expect yahoo to accept
my emails if I'm using DKIM and my HASH doesn't work right.  So like
you've suggested, maybe I'll just turn it off.

Thanks
John





On Thu, Aug 28, 2008 at 11:08 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
> FWIW, I just had my Mac user send a test to yahoo, and it came through just
> fine:
>
> Authentication-Results: mta230.mail.re4.yahoo.com from=shubes.net;
> domainkeys=pass (ok)
> ...
> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=shubes.net;
> b=UncEkJWJcam4+5rGNSbusen0silI486Nm9KxTZRLuJoA5qQ55efjifjFRc6VKxQX;
> Received: by simscan 1.3.1 ppid: 26131, pid: 26134, t: 0.0166s scanners:
> clamav: 0.93.3
>
> Eric Shubert wrote:
>> I'd look very carefully at the Mac's configuration. I have a Mac user on a
>> toaster signing with DKs, and haven't heard of any undeliverables. Not sure
>> there's much if anything going to yahoo from there though.
>>
>> Then I'd consider turning off DK signatures. Not many servers actively use
>> them. Even google groups (google 'invented' DKs) only uses DKs in test mode
>> (last I checked, several months ago).
>>
>> Tek Support wrote:
>>> Yes that's correct, both are in the same domain.
>>>
>>> Thanks
>>> John
>>>
>>>
>>>
>>> On Wed, Aug 27, 2008 at 10:24 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
 That's an odd one, all right. And I think you've described the situation
 pretty well (at least I think I understand what's happening).

 Both instances are sending from exactly the same domain, right?

 Tek Support wrote:
> You know, I don't think it has anything to do with simscan.  A staff
> member in the office using a Mac laptop is sending mail to port 587
> (no TLS option available in her Mac - only SSL, but she is in the
> local office and the Mail Server is in the local office, and she is
> not sending her password over the internet, so it's probably fine to
> go without TLS in her case).  Anyway, when she sends an email to port
> 587 into our mail server to yahoo, it fails with domainkey failed
> error header.  When I send via PC and Thuderbird into our external
> firewall port forwarded into Mail Server port 587 with or without TLS
> to yahoo (I've tried both ways), it works perfectly and the domainkey
> header suceeded.
>
> In both instances (Mac internal office, PC external - internet),
> simscan is listed below the Domainkey header.  So since mine works and
> her's does not, I don't think it is simscan/clamav.  It's happening to
> both of our emails, so that would not appear to be a problem.
>
> But, what in the world could it be?  I'm obviously going to have to go
> into the office and try sending from my Thunderbird out to yahoo and
> see if that still works.  But no matter if it does or does not, how
> could Mac Mail or PC Thunderbird have anything to do with the headers
> and HASH that would cause domainkeys to fail or suceed since they are
> only calculated and added after the message has been handed off to
> port 587 on the Mail Server?
>
> For referrence, the external firewall only does a packet forwarding
> into our mail server for traffic on port 587, and does not rewrite
> anything.
>
> Thanks
> John
>
>
>
>
>
> On Wed, Aug 27, 2008 at 9:06 PM, Tek Support <[EMAIL PROTECTED]> wrote:
>> Well, we probably don't need it that bad that then.
>>
>> Thanks
>> John
>>
>>
>>
>> On Wed, Aug 27, 2008 at 10:37 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>>> I don't know, short of looking at the code. That would be in the 
>>> (heavily
>>> patched) source code for the qmail-smtp program. Looking that up would 
>>> not
>>> be a trivial exercise.
>>>
>>> Tek Support wrote:
 As you said (would have to), how do I determine the order they are
 run?  Is it simply that the DKIM header is added on top of the
 simscan, thus simscan first and dkim 2nd?

 Thanks
 John



 On Tue, Aug 26, 2008 at 2:14 PM, Eric Shubert <[EMAIL PROTECTED]> 
 wrote:
> Simscan does scan outbound mail, but scans only for viruses (clamav), 
> not
> spam (spamassassin). This

Re: [qmailtoaster] some problems

[Eric Shubert]

FWIW, I just had my Mac user send a test to yahoo, and it came through just
fine:

Authentication-Results: mta230.mail.re4.yahoo.com from=shubes.net;
domainkeys=pass (ok)
...
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=shubes.net;
b=UncEkJWJcam4+5rGNSbusen0silI486Nm9KxTZRLuJoA5qQ55efjifjFRc6VKxQX;
Received: by simscan 1.3.1 ppid: 26131, pid: 26134, t: 0.0166s scanners:
clamav: 0.93.3

Eric Shubert wrote:
> I'd look very carefully at the Mac's configuration. I have a Mac user on a
> toaster signing with DKs, and haven't heard of any undeliverables. Not sure
> there's much if anything going to yahoo from there though.
> 
> Then I'd consider turning off DK signatures. Not many servers actively use
> them. Even google groups (google 'invented' DKs) only uses DKs in test mode
> (last I checked, several months ago).
> 
> Tek Support wrote:
>> Yes that's correct, both are in the same domain.
>>
>> Thanks
>> John
>>
>>
>>
>> On Wed, Aug 27, 2008 at 10:24 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>>> That's an odd one, all right. And I think you've described the situation
>>> pretty well (at least I think I understand what's happening).
>>>
>>> Both instances are sending from exactly the same domain, right?
>>>
>>> Tek Support wrote:
 You know, I don't think it has anything to do with simscan.  A staff
 member in the office using a Mac laptop is sending mail to port 587
 (no TLS option available in her Mac - only SSL, but she is in the
 local office and the Mail Server is in the local office, and she is
 not sending her password over the internet, so it's probably fine to
 go without TLS in her case).  Anyway, when she sends an email to port
 587 into our mail server to yahoo, it fails with domainkey failed
 error header.  When I send via PC and Thuderbird into our external
 firewall port forwarded into Mail Server port 587 with or without TLS
 to yahoo (I've tried both ways), it works perfectly and the domainkey
 header suceeded.

 In both instances (Mac internal office, PC external - internet),
 simscan is listed below the Domainkey header.  So since mine works and
 her's does not, I don't think it is simscan/clamav.  It's happening to
 both of our emails, so that would not appear to be a problem.

 But, what in the world could it be?  I'm obviously going to have to go
 into the office and try sending from my Thunderbird out to yahoo and
 see if that still works.  But no matter if it does or does not, how
 could Mac Mail or PC Thunderbird have anything to do with the headers
 and HASH that would cause domainkeys to fail or suceed since they are
 only calculated and added after the message has been handed off to
 port 587 on the Mail Server?

 For referrence, the external firewall only does a packet forwarding
 into our mail server for traffic on port 587, and does not rewrite
 anything.

 Thanks
 John





 On Wed, Aug 27, 2008 at 9:06 PM, Tek Support <[EMAIL PROTECTED]> wrote:
> Well, we probably don't need it that bad that then.
>
> Thanks
> John
>
>
>
> On Wed, Aug 27, 2008 at 10:37 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>> I don't know, short of looking at the code. That would be in the (heavily
>> patched) source code for the qmail-smtp program. Looking that up would 
>> not
>> be a trivial exercise.
>>
>> Tek Support wrote:
>>> As you said (would have to), how do I determine the order they are
>>> run?  Is it simply that the DKIM header is added on top of the
>>> simscan, thus simscan first and dkim 2nd?
>>>
>>> Thanks
>>> John
>>>
>>>
>>>
>>> On Tue, Aug 26, 2008 at 2:14 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
 Simscan does scan outbound mail, but scans only for viruses (clamav), 
 not
 spam (spamassassin). This is consistent with the message you're seeing.

 Adding the DK signature would (have to) happen after this scan.

 Tek Support wrote:
> Hi Eric, thanks for the quick reply.  The reason I think it's doing
> outbound scanning is a specific line in the header, maybe you can shed
> some light on it.  In an email sent from mydomain to my yahoo accout
> these are in the headers.  The line I'm interrested in, is possibly
> added by yahoo, but I think it's from me.
>
> Received:   by simscan 1.3.1 ppid: 4768, pid: 4895, t: 0.0658s
> scanners: attach: 1.3.1 clamav: 0.93.3
>
> Wouldn't simscan be run on my box, and if so, would it be done before
> DKIM or after?
>
> Thanks
> John
>
>
>
> On Tue, Aug 26, 2008 at 9:42 AM, Eric Shubert <[EMAIL PROTECTED]> 
> wrote:
>> Tek Support wrote:
>>> Hi all, recently I had asked if th

Re: [qmailtoaster] some problems

[Eric Shubert]

I'd look very carefully at the Mac's configuration. I have a Mac user on a
toaster signing with DKs, and haven't heard of any undeliverables. Not sure
there's much if anything going to yahoo from there though.

Then I'd consider turning off DK signatures. Not many servers actively use
them. Even google groups (google 'invented' DKs) only uses DKs in test mode
(last I checked, several months ago).

Tek Support wrote:
> Yes that's correct, both are in the same domain.
> 
> Thanks
> John
> 
> 
> 
> On Wed, Aug 27, 2008 at 10:24 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>> That's an odd one, all right. And I think you've described the situation
>> pretty well (at least I think I understand what's happening).
>>
>> Both instances are sending from exactly the same domain, right?
>>
>> Tek Support wrote:
>>> You know, I don't think it has anything to do with simscan.  A staff
>>> member in the office using a Mac laptop is sending mail to port 587
>>> (no TLS option available in her Mac - only SSL, but she is in the
>>> local office and the Mail Server is in the local office, and she is
>>> not sending her password over the internet, so it's probably fine to
>>> go without TLS in her case).  Anyway, when she sends an email to port
>>> 587 into our mail server to yahoo, it fails with domainkey failed
>>> error header.  When I send via PC and Thuderbird into our external
>>> firewall port forwarded into Mail Server port 587 with or without TLS
>>> to yahoo (I've tried both ways), it works perfectly and the domainkey
>>> header suceeded.
>>>
>>> In both instances (Mac internal office, PC external - internet),
>>> simscan is listed below the Domainkey header.  So since mine works and
>>> her's does not, I don't think it is simscan/clamav.  It's happening to
>>> both of our emails, so that would not appear to be a problem.
>>>
>>> But, what in the world could it be?  I'm obviously going to have to go
>>> into the office and try sending from my Thunderbird out to yahoo and
>>> see if that still works.  But no matter if it does or does not, how
>>> could Mac Mail or PC Thunderbird have anything to do with the headers
>>> and HASH that would cause domainkeys to fail or suceed since they are
>>> only calculated and added after the message has been handed off to
>>> port 587 on the Mail Server?
>>>
>>> For referrence, the external firewall only does a packet forwarding
>>> into our mail server for traffic on port 587, and does not rewrite
>>> anything.
>>>
>>> Thanks
>>> John
>>>
>>>
>>>
>>>
>>>
>>> On Wed, Aug 27, 2008 at 9:06 PM, Tek Support <[EMAIL PROTECTED]> wrote:
 Well, we probably don't need it that bad that then.

 Thanks
 John



 On Wed, Aug 27, 2008 at 10:37 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
> I don't know, short of looking at the code. That would be in the (heavily
> patched) source code for the qmail-smtp program. Looking that up would not
> be a trivial exercise.
>
> Tek Support wrote:
>> As you said (would have to), how do I determine the order they are
>> run?  Is it simply that the DKIM header is added on top of the
>> simscan, thus simscan first and dkim 2nd?
>>
>> Thanks
>> John
>>
>>
>>
>> On Tue, Aug 26, 2008 at 2:14 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>>> Simscan does scan outbound mail, but scans only for viruses (clamav), 
>>> not
>>> spam (spamassassin). This is consistent with the message you're seeing.
>>>
>>> Adding the DK signature would (have to) happen after this scan.
>>>
>>> Tek Support wrote:
 Hi Eric, thanks for the quick reply.  The reason I think it's doing
 outbound scanning is a specific line in the header, maybe you can shed
 some light on it.  In an email sent from mydomain to my yahoo accout
 these are in the headers.  The line I'm interrested in, is possibly
 added by yahoo, but I think it's from me.

 Received:   by simscan 1.3.1 ppid: 4768, pid: 4895, t: 0.0658s
 scanners: attach: 1.3.1 clamav: 0.93.3

 Wouldn't simscan be run on my box, and if so, would it be done before
 DKIM or after?

 Thanks
 John



 On Tue, Aug 26, 2008 at 9:42 AM, Eric Shubert <[EMAIL PROTECTED]> 
 wrote:
> Tek Support wrote:
>> Hi all, recently I had asked if there was a reason to use the port 
>> 587
>> if I installed spamdyke (because spamdyke authenticated my dynamic
>> users and ignored the rbls).  Well, maybe I've found something that
>> would still require me to use 587 instead of port 25.  I would
>> appreciate any info.
>>
>> As of right now, my staff are using port 25 for outbound - I just
>> didn't see the need to have another port open to the outside when
>> after installing spamdyke, they were able to send and were not

Re: [qmailtoaster] some problems

[Tek Support]

Yes that's correct, both are in the same domain.

Thanks
John



On Wed, Aug 27, 2008 at 10:24 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
> That's an odd one, all right. And I think you've described the situation
> pretty well (at least I think I understand what's happening).
>
> Both instances are sending from exactly the same domain, right?
>
> Tek Support wrote:
>> You know, I don't think it has anything to do with simscan.  A staff
>> member in the office using a Mac laptop is sending mail to port 587
>> (no TLS option available in her Mac - only SSL, but she is in the
>> local office and the Mail Server is in the local office, and she is
>> not sending her password over the internet, so it's probably fine to
>> go without TLS in her case).  Anyway, when she sends an email to port
>> 587 into our mail server to yahoo, it fails with domainkey failed
>> error header.  When I send via PC and Thuderbird into our external
>> firewall port forwarded into Mail Server port 587 with or without TLS
>> to yahoo (I've tried both ways), it works perfectly and the domainkey
>> header suceeded.
>>
>> In both instances (Mac internal office, PC external - internet),
>> simscan is listed below the Domainkey header.  So since mine works and
>> her's does not, I don't think it is simscan/clamav.  It's happening to
>> both of our emails, so that would not appear to be a problem.
>>
>> But, what in the world could it be?  I'm obviously going to have to go
>> into the office and try sending from my Thunderbird out to yahoo and
>> see if that still works.  But no matter if it does or does not, how
>> could Mac Mail or PC Thunderbird have anything to do with the headers
>> and HASH that would cause domainkeys to fail or suceed since they are
>> only calculated and added after the message has been handed off to
>> port 587 on the Mail Server?
>>
>> For referrence, the external firewall only does a packet forwarding
>> into our mail server for traffic on port 587, and does not rewrite
>> anything.
>>
>> Thanks
>> John
>>
>>
>>
>>
>>
>> On Wed, Aug 27, 2008 at 9:06 PM, Tek Support <[EMAIL PROTECTED]> wrote:
>>> Well, we probably don't need it that bad that then.
>>>
>>> Thanks
>>> John
>>>
>>>
>>>
>>> On Wed, Aug 27, 2008 at 10:37 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
 I don't know, short of looking at the code. That would be in the (heavily
 patched) source code for the qmail-smtp program. Looking that up would not
 be a trivial exercise.

 Tek Support wrote:
> As you said (would have to), how do I determine the order they are
> run?  Is it simply that the DKIM header is added on top of the
> simscan, thus simscan first and dkim 2nd?
>
> Thanks
> John
>
>
>
> On Tue, Aug 26, 2008 at 2:14 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>> Simscan does scan outbound mail, but scans only for viruses (clamav), not
>> spam (spamassassin). This is consistent with the message you're seeing.
>>
>> Adding the DK signature would (have to) happen after this scan.
>>
>> Tek Support wrote:
>>> Hi Eric, thanks for the quick reply.  The reason I think it's doing
>>> outbound scanning is a specific line in the header, maybe you can shed
>>> some light on it.  In an email sent from mydomain to my yahoo accout
>>> these are in the headers.  The line I'm interrested in, is possibly
>>> added by yahoo, but I think it's from me.
>>>
>>> Received:   by simscan 1.3.1 ppid: 4768, pid: 4895, t: 0.0658s
>>> scanners: attach: 1.3.1 clamav: 0.93.3
>>>
>>> Wouldn't simscan be run on my box, and if so, would it be done before
>>> DKIM or after?
>>>
>>> Thanks
>>> John
>>>
>>>
>>>
>>> On Tue, Aug 26, 2008 at 9:42 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
 Tek Support wrote:
> Hi all, recently I had asked if there was a reason to use the port 587
> if I installed spamdyke (because spamdyke authenticated my dynamic
> users and ignored the rbls).  Well, maybe I've found something that
> would still require me to use 587 instead of port 25.  I would
> appreciate any info.
>
> As of right now, my staff are using port 25 for outbound - I just
> didn't see the need to have another port open to the outside when
> after installing spamdyke, they were able to send and were not blocked
> as "dynamic".  But the staff have been having trouble sending to
> yahoo.com, and in looking at the headers on a message that finally
> arrived into yahoo (and gmail) the headers show this:
>
> Authentication-Results:   mta553.mail.mud.yahoo.com from=mydomain.com;
> domainkeys=fail (bad sig)
>
> But I had gone through the process step by step and tested my DKIM
> with the sourceforge.net sites, and those showed that my dkim seemed
> accurate.  So, anyway in a brilliant fl

Re: [qmailtoaster] some problems

[Eric Shubert]

That's an odd one, all right. And I think you've described the situation
pretty well (at least I think I understand what's happening).

Both instances are sending from exactly the same domain, right?

Tek Support wrote:
> You know, I don't think it has anything to do with simscan.  A staff
> member in the office using a Mac laptop is sending mail to port 587
> (no TLS option available in her Mac - only SSL, but she is in the
> local office and the Mail Server is in the local office, and she is
> not sending her password over the internet, so it's probably fine to
> go without TLS in her case).  Anyway, when she sends an email to port
> 587 into our mail server to yahoo, it fails with domainkey failed
> error header.  When I send via PC and Thuderbird into our external
> firewall port forwarded into Mail Server port 587 with or without TLS
> to yahoo (I've tried both ways), it works perfectly and the domainkey
> header suceeded.
> 
> In both instances (Mac internal office, PC external - internet),
> simscan is listed below the Domainkey header.  So since mine works and
> her's does not, I don't think it is simscan/clamav.  It's happening to
> both of our emails, so that would not appear to be a problem.
> 
> But, what in the world could it be?  I'm obviously going to have to go
> into the office and try sending from my Thunderbird out to yahoo and
> see if that still works.  But no matter if it does or does not, how
> could Mac Mail or PC Thunderbird have anything to do with the headers
> and HASH that would cause domainkeys to fail or suceed since they are
> only calculated and added after the message has been handed off to
> port 587 on the Mail Server?
> 
> For referrence, the external firewall only does a packet forwarding
> into our mail server for traffic on port 587, and does not rewrite
> anything.
> 
> Thanks
> John
> 
> 
> 
> 
> 
> On Wed, Aug 27, 2008 at 9:06 PM, Tek Support <[EMAIL PROTECTED]> wrote:
>> Well, we probably don't need it that bad that then.
>>
>> Thanks
>> John
>>
>>
>>
>> On Wed, Aug 27, 2008 at 10:37 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>>> I don't know, short of looking at the code. That would be in the (heavily
>>> patched) source code for the qmail-smtp program. Looking that up would not
>>> be a trivial exercise.
>>>
>>> Tek Support wrote:
 As you said (would have to), how do I determine the order they are
 run?  Is it simply that the DKIM header is added on top of the
 simscan, thus simscan first and dkim 2nd?

 Thanks
 John



 On Tue, Aug 26, 2008 at 2:14 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
> Simscan does scan outbound mail, but scans only for viruses (clamav), not
> spam (spamassassin). This is consistent with the message you're seeing.
>
> Adding the DK signature would (have to) happen after this scan.
>
> Tek Support wrote:
>> Hi Eric, thanks for the quick reply.  The reason I think it's doing
>> outbound scanning is a specific line in the header, maybe you can shed
>> some light on it.  In an email sent from mydomain to my yahoo accout
>> these are in the headers.  The line I'm interrested in, is possibly
>> added by yahoo, but I think it's from me.
>>
>> Received:   by simscan 1.3.1 ppid: 4768, pid: 4895, t: 0.0658s
>> scanners: attach: 1.3.1 clamav: 0.93.3
>>
>> Wouldn't simscan be run on my box, and if so, would it be done before
>> DKIM or after?
>>
>> Thanks
>> John
>>
>>
>>
>> On Tue, Aug 26, 2008 at 9:42 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>>> Tek Support wrote:
 Hi all, recently I had asked if there was a reason to use the port 587
 if I installed spamdyke (because spamdyke authenticated my dynamic
 users and ignored the rbls).  Well, maybe I've found something that
 would still require me to use 587 instead of port 25.  I would
 appreciate any info.

 As of right now, my staff are using port 25 for outbound - I just
 didn't see the need to have another port open to the outside when
 after installing spamdyke, they were able to send and were not blocked
 as "dynamic".  But the staff have been having trouble sending to
 yahoo.com, and in looking at the headers on a message that finally
 arrived into yahoo (and gmail) the headers show this:

 Authentication-Results:   mta553.mail.mud.yahoo.com from=mydomain.com;
 domainkeys=fail (bad sig)

 But I had gone through the process step by step and tested my DKIM
 with the sourceforge.net sites, and those showed that my dkim seemed
 accurate.  So, anyway in a brilliant flash of light I decided to try
 port 587, and on my first try I got these headers in an email sent to
 yahoo and gmail:

 Received-SPF: pass 
 DomainKey-Status: good
 Authentication-Results: mx

Re: [qmailtoaster] some problems

[Tek Support]

You know, I don't think it has anything to do with simscan.  A staff
member in the office using a Mac laptop is sending mail to port 587
(no TLS option available in her Mac - only SSL, but she is in the
local office and the Mail Server is in the local office, and she is
not sending her password over the internet, so it's probably fine to
go without TLS in her case).  Anyway, when she sends an email to port
587 into our mail server to yahoo, it fails with domainkey failed
error header.  When I send via PC and Thuderbird into our external
firewall port forwarded into Mail Server port 587 with or without TLS
to yahoo (I've tried both ways), it works perfectly and the domainkey
header suceeded.

In both instances (Mac internal office, PC external - internet),
simscan is listed below the Domainkey header.  So since mine works and
her's does not, I don't think it is simscan/clamav.  It's happening to
both of our emails, so that would not appear to be a problem.

But, what in the world could it be?  I'm obviously going to have to go
into the office and try sending from my Thunderbird out to yahoo and
see if that still works.  But no matter if it does or does not, how
could Mac Mail or PC Thunderbird have anything to do with the headers
and HASH that would cause domainkeys to fail or suceed since they are
only calculated and added after the message has been handed off to
port 587 on the Mail Server?

For referrence, the external firewall only does a packet forwarding
into our mail server for traffic on port 587, and does not rewrite
anything.

Thanks
John





On Wed, Aug 27, 2008 at 9:06 PM, Tek Support <[EMAIL PROTECTED]> wrote:
> Well, we probably don't need it that bad that then.
>
> Thanks
> John
>
>
>
> On Wed, Aug 27, 2008 at 10:37 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>> I don't know, short of looking at the code. That would be in the (heavily
>> patched) source code for the qmail-smtp program. Looking that up would not
>> be a trivial exercise.
>>
>> Tek Support wrote:
>>> As you said (would have to), how do I determine the order they are
>>> run?  Is it simply that the DKIM header is added on top of the
>>> simscan, thus simscan first and dkim 2nd?
>>>
>>> Thanks
>>> John
>>>
>>>
>>>
>>> On Tue, Aug 26, 2008 at 2:14 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
 Simscan does scan outbound mail, but scans only for viruses (clamav), not
 spam (spamassassin). This is consistent with the message you're seeing.

 Adding the DK signature would (have to) happen after this scan.

 Tek Support wrote:
> Hi Eric, thanks for the quick reply.  The reason I think it's doing
> outbound scanning is a specific line in the header, maybe you can shed
> some light on it.  In an email sent from mydomain to my yahoo accout
> these are in the headers.  The line I'm interrested in, is possibly
> added by yahoo, but I think it's from me.
>
> Received:   by simscan 1.3.1 ppid: 4768, pid: 4895, t: 0.0658s
> scanners: attach: 1.3.1 clamav: 0.93.3
>
> Wouldn't simscan be run on my box, and if so, would it be done before
> DKIM or after?
>
> Thanks
> John
>
>
>
> On Tue, Aug 26, 2008 at 9:42 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>> Tek Support wrote:
>>> Hi all, recently I had asked if there was a reason to use the port 587
>>> if I installed spamdyke (because spamdyke authenticated my dynamic
>>> users and ignored the rbls).  Well, maybe I've found something that
>>> would still require me to use 587 instead of port 25.  I would
>>> appreciate any info.
>>>
>>> As of right now, my staff are using port 25 for outbound - I just
>>> didn't see the need to have another port open to the outside when
>>> after installing spamdyke, they were able to send and were not blocked
>>> as "dynamic".  But the staff have been having trouble sending to
>>> yahoo.com, and in looking at the headers on a message that finally
>>> arrived into yahoo (and gmail) the headers show this:
>>>
>>> Authentication-Results:   mta553.mail.mud.yahoo.com from=mydomain.com;
>>> domainkeys=fail (bad sig)
>>>
>>> But I had gone through the process step by step and tested my DKIM
>>> with the sourceforge.net sites, and those showed that my dkim seemed
>>> accurate.  So, anyway in a brilliant flash of light I decided to try
>>> port 587, and on my first try I got these headers in an email sent to
>>> yahoo and gmail:
>>>
>>> Received-SPF: pass 
>>> DomainKey-Status: good
>>> Authentication-Results: mx.google.com; spf=pass ...
>>>
>>> So, I guess my question would be, does something in the spam checking
>>> on outbound emails from pop3/smtp users (not imap and squirrelmail)
>>> with spamdyke, rewrite the headers after the dkim has processed the
>>> email which would cause my DKIM hash to be invalid when yahoo and
>>> gmail check it?
>

Re: [qmailtoaster] some problems

[Tek Support]

Well, we probably don't need it that bad that then.

Thanks
John



On Wed, Aug 27, 2008 at 10:37 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
> I don't know, short of looking at the code. That would be in the (heavily
> patched) source code for the qmail-smtp program. Looking that up would not
> be a trivial exercise.
>
> Tek Support wrote:
>> As you said (would have to), how do I determine the order they are
>> run?  Is it simply that the DKIM header is added on top of the
>> simscan, thus simscan first and dkim 2nd?
>>
>> Thanks
>> John
>>
>>
>>
>> On Tue, Aug 26, 2008 at 2:14 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>>> Simscan does scan outbound mail, but scans only for viruses (clamav), not
>>> spam (spamassassin). This is consistent with the message you're seeing.
>>>
>>> Adding the DK signature would (have to) happen after this scan.
>>>
>>> Tek Support wrote:
 Hi Eric, thanks for the quick reply.  The reason I think it's doing
 outbound scanning is a specific line in the header, maybe you can shed
 some light on it.  In an email sent from mydomain to my yahoo accout
 these are in the headers.  The line I'm interrested in, is possibly
 added by yahoo, but I think it's from me.

 Received:   by simscan 1.3.1 ppid: 4768, pid: 4895, t: 0.0658s
 scanners: attach: 1.3.1 clamav: 0.93.3

 Wouldn't simscan be run on my box, and if so, would it be done before
 DKIM or after?

 Thanks
 John



 On Tue, Aug 26, 2008 at 9:42 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
> Tek Support wrote:
>> Hi all, recently I had asked if there was a reason to use the port 587
>> if I installed spamdyke (because spamdyke authenticated my dynamic
>> users and ignored the rbls).  Well, maybe I've found something that
>> would still require me to use 587 instead of port 25.  I would
>> appreciate any info.
>>
>> As of right now, my staff are using port 25 for outbound - I just
>> didn't see the need to have another port open to the outside when
>> after installing spamdyke, they were able to send and were not blocked
>> as "dynamic".  But the staff have been having trouble sending to
>> yahoo.com, and in looking at the headers on a message that finally
>> arrived into yahoo (and gmail) the headers show this:
>>
>> Authentication-Results:   mta553.mail.mud.yahoo.com from=mydomain.com;
>> domainkeys=fail (bad sig)
>>
>> But I had gone through the process step by step and tested my DKIM
>> with the sourceforge.net sites, and those showed that my dkim seemed
>> accurate.  So, anyway in a brilliant flash of light I decided to try
>> port 587, and on my first try I got these headers in an email sent to
>> yahoo and gmail:
>>
>> Received-SPF: pass 
>> DomainKey-Status: good
>> Authentication-Results: mx.google.com; spf=pass ...
>>
>> So, I guess my question would be, does something in the spam checking
>> on outbound emails from pop3/smtp users (not imap and squirrelmail)
>> with spamdyke, rewrite the headers after the dkim has processed the
>> email which would cause my DKIM hash to be invalid when yahoo and
>> gmail check it?
> I don't believe that spam checking is enabled on outgoing mail, at least 
> not
> in the 'stock' toaster. So the answer is, not that I'm aware of.
>
> Note, squirrelmail gets a 'free pass' (open relay), due to the localhost
> line in the /etc/tcprules/tcp.smtp file.
>
> Also, be aware that DK and DKIM are 2 different things. The toaster has a
> (somewhat broken, at least on the incoming side) DK implementation. The
> toaster has no DKIM capability.
>
> I suppose that DK might work (better) with the port 587 configuration than
> with port 25. I wouldn't know why though, as I'm not familiar with the
> problem(s) that DK has. We had a fellow in Russia on the list a while back
> who fixed some things with it, but we haven't heard from him in quite a 
> while.
>
>> CentOS 5
>> x86_64bit
>>
>> Thanks
>> John
>>
> --
> -Eric 'shubes'
>
>>>
>>> --
>>> -Eric 'shubes'
>>>
>
>
> --
> -Eric 'shubes'
>
> -
> QmailToaster hosted by: VR Hosted 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
 QmailToaster hosted by: VR Hosted 
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [qmailtoaster] some problems

[Eric Shubert]

I don't know, short of looking at the code. That would be in the (heavily
patched) source code for the qmail-smtp program. Looking that up would not
be a trivial exercise.

Tek Support wrote:
> As you said (would have to), how do I determine the order they are
> run?  Is it simply that the DKIM header is added on top of the
> simscan, thus simscan first and dkim 2nd?
> 
> Thanks
> John
> 
> 
> 
> On Tue, Aug 26, 2008 at 2:14 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>> Simscan does scan outbound mail, but scans only for viruses (clamav), not
>> spam (spamassassin). This is consistent with the message you're seeing.
>>
>> Adding the DK signature would (have to) happen after this scan.
>>
>> Tek Support wrote:
>>> Hi Eric, thanks for the quick reply.  The reason I think it's doing
>>> outbound scanning is a specific line in the header, maybe you can shed
>>> some light on it.  In an email sent from mydomain to my yahoo accout
>>> these are in the headers.  The line I'm interrested in, is possibly
>>> added by yahoo, but I think it's from me.
>>>
>>> Received:   by simscan 1.3.1 ppid: 4768, pid: 4895, t: 0.0658s
>>> scanners: attach: 1.3.1 clamav: 0.93.3
>>>
>>> Wouldn't simscan be run on my box, and if so, would it be done before
>>> DKIM or after?
>>>
>>> Thanks
>>> John
>>>
>>>
>>>
>>> On Tue, Aug 26, 2008 at 9:42 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
 Tek Support wrote:
> Hi all, recently I had asked if there was a reason to use the port 587
> if I installed spamdyke (because spamdyke authenticated my dynamic
> users and ignored the rbls).  Well, maybe I've found something that
> would still require me to use 587 instead of port 25.  I would
> appreciate any info.
>
> As of right now, my staff are using port 25 for outbound - I just
> didn't see the need to have another port open to the outside when
> after installing spamdyke, they were able to send and were not blocked
> as "dynamic".  But the staff have been having trouble sending to
> yahoo.com, and in looking at the headers on a message that finally
> arrived into yahoo (and gmail) the headers show this:
>
> Authentication-Results:   mta553.mail.mud.yahoo.com from=mydomain.com;
> domainkeys=fail (bad sig)
>
> But I had gone through the process step by step and tested my DKIM
> with the sourceforge.net sites, and those showed that my dkim seemed
> accurate.  So, anyway in a brilliant flash of light I decided to try
> port 587, and on my first try I got these headers in an email sent to
> yahoo and gmail:
>
> Received-SPF: pass 
> DomainKey-Status: good
> Authentication-Results: mx.google.com; spf=pass ...
>
> So, I guess my question would be, does something in the spam checking
> on outbound emails from pop3/smtp users (not imap and squirrelmail)
> with spamdyke, rewrite the headers after the dkim has processed the
> email which would cause my DKIM hash to be invalid when yahoo and
> gmail check it?
 I don't believe that spam checking is enabled on outgoing mail, at least 
 not
 in the 'stock' toaster. So the answer is, not that I'm aware of.

 Note, squirrelmail gets a 'free pass' (open relay), due to the localhost
 line in the /etc/tcprules/tcp.smtp file.

 Also, be aware that DK and DKIM are 2 different things. The toaster has a
 (somewhat broken, at least on the incoming side) DK implementation. The
 toaster has no DKIM capability.

 I suppose that DK might work (better) with the port 587 configuration than
 with port 25. I wouldn't know why though, as I'm not familiar with the
 problem(s) that DK has. We had a fellow in Russia on the list a while back
 who fixed some things with it, but we haven't heard from him in quite a 
 while.

> CentOS 5
> x86_64bit
>
> Thanks
> John
>
 --
 -Eric 'shubes'

>>
>> --
>> -Eric 'shubes'
>>


-- 
-Eric 'shubes'

-
 QmailToaster hosted by: VR Hosted 
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [qmailtoaster] some problems

[Tek Support]

As you said (would have to), how do I determine the order they are
run?  Is it simply that the DKIM header is added on top of the
simscan, thus simscan first and dkim 2nd?

Thanks
John



On Tue, Aug 26, 2008 at 2:14 PM, Eric Shubert <[EMAIL PROTECTED]> wrote:
> Simscan does scan outbound mail, but scans only for viruses (clamav), not
> spam (spamassassin). This is consistent with the message you're seeing.
>
> Adding the DK signature would (have to) happen after this scan.
>
> Tek Support wrote:
>> Hi Eric, thanks for the quick reply.  The reason I think it's doing
>> outbound scanning is a specific line in the header, maybe you can shed
>> some light on it.  In an email sent from mydomain to my yahoo accout
>> these are in the headers.  The line I'm interrested in, is possibly
>> added by yahoo, but I think it's from me.
>>
>> Received:   by simscan 1.3.1 ppid: 4768, pid: 4895, t: 0.0658s
>> scanners: attach: 1.3.1 clamav: 0.93.3
>>
>> Wouldn't simscan be run on my box, and if so, would it be done before
>> DKIM or after?
>>
>> Thanks
>> John
>>
>>
>>
>> On Tue, Aug 26, 2008 at 9:42 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>>> Tek Support wrote:
 Hi all, recently I had asked if there was a reason to use the port 587
 if I installed spamdyke (because spamdyke authenticated my dynamic
 users and ignored the rbls).  Well, maybe I've found something that
 would still require me to use 587 instead of port 25.  I would
 appreciate any info.

 As of right now, my staff are using port 25 for outbound - I just
 didn't see the need to have another port open to the outside when
 after installing spamdyke, they were able to send and were not blocked
 as "dynamic".  But the staff have been having trouble sending to
 yahoo.com, and in looking at the headers on a message that finally
 arrived into yahoo (and gmail) the headers show this:

 Authentication-Results:   mta553.mail.mud.yahoo.com from=mydomain.com;
 domainkeys=fail (bad sig)

 But I had gone through the process step by step and tested my DKIM
 with the sourceforge.net sites, and those showed that my dkim seemed
 accurate.  So, anyway in a brilliant flash of light I decided to try
 port 587, and on my first try I got these headers in an email sent to
 yahoo and gmail:

 Received-SPF: pass 
 DomainKey-Status: good
 Authentication-Results: mx.google.com; spf=pass ...

 So, I guess my question would be, does something in the spam checking
 on outbound emails from pop3/smtp users (not imap and squirrelmail)
 with spamdyke, rewrite the headers after the dkim has processed the
 email which would cause my DKIM hash to be invalid when yahoo and
 gmail check it?
>>> I don't believe that spam checking is enabled on outgoing mail, at least not
>>> in the 'stock' toaster. So the answer is, not that I'm aware of.
>>>
>>> Note, squirrelmail gets a 'free pass' (open relay), due to the localhost
>>> line in the /etc/tcprules/tcp.smtp file.
>>>
>>> Also, be aware that DK and DKIM are 2 different things. The toaster has a
>>> (somewhat broken, at least on the incoming side) DK implementation. The
>>> toaster has no DKIM capability.
>>>
>>> I suppose that DK might work (better) with the port 587 configuration than
>>> with port 25. I wouldn't know why though, as I'm not familiar with the
>>> problem(s) that DK has. We had a fellow in Russia on the list a while back
>>> who fixed some things with it, but we haven't heard from him in quite a 
>>> while.
>>>
 CentOS 5
 x86_64bit

 Thanks
 John

>>>
>>> --
>>> -Eric 'shubes'
>>>
>
>
> --
> -Eric 'shubes'
>
> -
> QmailToaster hosted by: VR Hosted 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
 QmailToaster hosted by: VR Hosted 
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [qmailtoaster] some problems

[Eric Shubert]

Simscan does scan outbound mail, but scans only for viruses (clamav), not
spam (spamassassin). This is consistent with the message you're seeing.

Adding the DK signature would (have to) happen after this scan.

Tek Support wrote:
> Hi Eric, thanks for the quick reply.  The reason I think it's doing
> outbound scanning is a specific line in the header, maybe you can shed
> some light on it.  In an email sent from mydomain to my yahoo accout
> these are in the headers.  The line I'm interrested in, is possibly
> added by yahoo, but I think it's from me.
> 
> Received:   by simscan 1.3.1 ppid: 4768, pid: 4895, t: 0.0658s
> scanners: attach: 1.3.1 clamav: 0.93.3
> 
> Wouldn't simscan be run on my box, and if so, would it be done before
> DKIM or after?
> 
> Thanks
> John
> 
> 
> 
> On Tue, Aug 26, 2008 at 9:42 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
>> Tek Support wrote:
>>> Hi all, recently I had asked if there was a reason to use the port 587
>>> if I installed spamdyke (because spamdyke authenticated my dynamic
>>> users and ignored the rbls).  Well, maybe I've found something that
>>> would still require me to use 587 instead of port 25.  I would
>>> appreciate any info.
>>>
>>> As of right now, my staff are using port 25 for outbound - I just
>>> didn't see the need to have another port open to the outside when
>>> after installing spamdyke, they were able to send and were not blocked
>>> as "dynamic".  But the staff have been having trouble sending to
>>> yahoo.com, and in looking at the headers on a message that finally
>>> arrived into yahoo (and gmail) the headers show this:
>>>
>>> Authentication-Results:   mta553.mail.mud.yahoo.com from=mydomain.com;
>>> domainkeys=fail (bad sig)
>>>
>>> But I had gone through the process step by step and tested my DKIM
>>> with the sourceforge.net sites, and those showed that my dkim seemed
>>> accurate.  So, anyway in a brilliant flash of light I decided to try
>>> port 587, and on my first try I got these headers in an email sent to
>>> yahoo and gmail:
>>>
>>> Received-SPF: pass 
>>> DomainKey-Status: good
>>> Authentication-Results: mx.google.com; spf=pass ...
>>>
>>> So, I guess my question would be, does something in the spam checking
>>> on outbound emails from pop3/smtp users (not imap and squirrelmail)
>>> with spamdyke, rewrite the headers after the dkim has processed the
>>> email which would cause my DKIM hash to be invalid when yahoo and
>>> gmail check it?
>> I don't believe that spam checking is enabled on outgoing mail, at least not
>> in the 'stock' toaster. So the answer is, not that I'm aware of.
>>
>> Note, squirrelmail gets a 'free pass' (open relay), due to the localhost
>> line in the /etc/tcprules/tcp.smtp file.
>>
>> Also, be aware that DK and DKIM are 2 different things. The toaster has a
>> (somewhat broken, at least on the incoming side) DK implementation. The
>> toaster has no DKIM capability.
>>
>> I suppose that DK might work (better) with the port 587 configuration than
>> with port 25. I wouldn't know why though, as I'm not familiar with the
>> problem(s) that DK has. We had a fellow in Russia on the list a while back
>> who fixed some things with it, but we haven't heard from him in quite a 
>> while.
>>
>>> CentOS 5
>>> x86_64bit
>>>
>>> Thanks
>>> John
>>>
>>
>> --
>> -Eric 'shubes'
>>


-- 
-Eric 'shubes'

-
 QmailToaster hosted by: VR Hosted 
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [qmailtoaster] some problems

[Tek Support]

Hi Eric, thanks for the quick reply.  The reason I think it's doing
outbound scanning is a specific line in the header, maybe you can shed
some light on it.  In an email sent from mydomain to my yahoo accout
these are in the headers.  The line I'm interrested in, is possibly
added by yahoo, but I think it's from me.

Received:   by simscan 1.3.1 ppid: 4768, pid: 4895, t: 0.0658s
scanners: attach: 1.3.1 clamav: 0.93.3

Wouldn't simscan be run on my box, and if so, would it be done before
DKIM or after?

Thanks
John



On Tue, Aug 26, 2008 at 9:42 AM, Eric Shubert <[EMAIL PROTECTED]> wrote:
> Tek Support wrote:
>> Hi all, recently I had asked if there was a reason to use the port 587
>> if I installed spamdyke (because spamdyke authenticated my dynamic
>> users and ignored the rbls).  Well, maybe I've found something that
>> would still require me to use 587 instead of port 25.  I would
>> appreciate any info.
>>
>> As of right now, my staff are using port 25 for outbound - I just
>> didn't see the need to have another port open to the outside when
>> after installing spamdyke, they were able to send and were not blocked
>> as "dynamic".  But the staff have been having trouble sending to
>> yahoo.com, and in looking at the headers on a message that finally
>> arrived into yahoo (and gmail) the headers show this:
>>
>> Authentication-Results:   mta553.mail.mud.yahoo.com from=mydomain.com;
>> domainkeys=fail (bad sig)
>>
>> But I had gone through the process step by step and tested my DKIM
>> with the sourceforge.net sites, and those showed that my dkim seemed
>> accurate.  So, anyway in a brilliant flash of light I decided to try
>> port 587, and on my first try I got these headers in an email sent to
>> yahoo and gmail:
>>
>> Received-SPF: pass 
>> DomainKey-Status: good
>> Authentication-Results: mx.google.com; spf=pass ...
>>
>> So, I guess my question would be, does something in the spam checking
>> on outbound emails from pop3/smtp users (not imap and squirrelmail)
>> with spamdyke, rewrite the headers after the dkim has processed the
>> email which would cause my DKIM hash to be invalid when yahoo and
>> gmail check it?
>
> I don't believe that spam checking is enabled on outgoing mail, at least not
> in the 'stock' toaster. So the answer is, not that I'm aware of.
>
> Note, squirrelmail gets a 'free pass' (open relay), due to the localhost
> line in the /etc/tcprules/tcp.smtp file.
>
> Also, be aware that DK and DKIM are 2 different things. The toaster has a
> (somewhat broken, at least on the incoming side) DK implementation. The
> toaster has no DKIM capability.
>
> I suppose that DK might work (better) with the port 587 configuration than
> with port 25. I wouldn't know why though, as I'm not familiar with the
> problem(s) that DK has. We had a fellow in Russia on the list a while back
> who fixed some things with it, but we haven't heard from him in quite a while.
>
>> CentOS 5
>> x86_64bit
>>
>> Thanks
>> John
>>
>
>
> --
> -Eric 'shubes'
>
> -
> QmailToaster hosted by: VR Hosted 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
 QmailToaster hosted by: VR Hosted 
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [qmailtoaster] some problems

[Eric Shubert]

Tek Support wrote:
> Hi all, recently I had asked if there was a reason to use the port 587
> if I installed spamdyke (because spamdyke authenticated my dynamic
> users and ignored the rbls).  Well, maybe I've found something that
> would still require me to use 587 instead of port 25.  I would
> appreciate any info.
> 
> As of right now, my staff are using port 25 for outbound - I just
> didn't see the need to have another port open to the outside when
> after installing spamdyke, they were able to send and were not blocked
> as "dynamic".  But the staff have been having trouble sending to
> yahoo.com, and in looking at the headers on a message that finally
> arrived into yahoo (and gmail) the headers show this:
> 
> Authentication-Results:   mta553.mail.mud.yahoo.com from=mydomain.com;
> domainkeys=fail (bad sig)
> 
> But I had gone through the process step by step and tested my DKIM
> with the sourceforge.net sites, and those showed that my dkim seemed
> accurate.  So, anyway in a brilliant flash of light I decided to try
> port 587, and on my first try I got these headers in an email sent to
> yahoo and gmail:
> 
> Received-SPF: pass 
> DomainKey-Status: good
> Authentication-Results: mx.google.com; spf=pass ...
> 
> So, I guess my question would be, does something in the spam checking
> on outbound emails from pop3/smtp users (not imap and squirrelmail)
> with spamdyke, rewrite the headers after the dkim has processed the
> email which would cause my DKIM hash to be invalid when yahoo and
> gmail check it?

I don't believe that spam checking is enabled on outgoing mail, at least not
in the 'stock' toaster. So the answer is, not that I'm aware of.

Note, squirrelmail gets a 'free pass' (open relay), due to the localhost
line in the /etc/tcprules/tcp.smtp file.

Also, be aware that DK and DKIM are 2 different things. The toaster has a
(somewhat broken, at least on the incoming side) DK implementation. The
toaster has no DKIM capability.

I suppose that DK might work (better) with the port 587 configuration than
with port 25. I wouldn't know why though, as I'm not familiar with the
problem(s) that DK has. We had a fellow in Russia on the list a while back
who fixed some things with it, but we haven't heard from him in quite a while.

> CentOS 5
> x86_64bit
> 
> Thanks
> John
> 


-- 
-Eric 'shubes'

-
 QmailToaster hosted by: VR Hosted 
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[qmailtoaster] some problems

[Tek Support]

Hi all, recently I had asked if there was a reason to use the port 587
if I installed spamdyke (because spamdyke authenticated my dynamic
users and ignored the rbls).  Well, maybe I've found something that
would still require me to use 587 instead of port 25.  I would
appreciate any info.

As of right now, my staff are using port 25 for outbound - I just
didn't see the need to have another port open to the outside when
after installing spamdyke, they were able to send and were not blocked
as "dynamic".  But the staff have been having trouble sending to
yahoo.com, and in looking at the headers on a message that finally
arrived into yahoo (and gmail) the headers show this:

Authentication-Results:   mta553.mail.mud.yahoo.com from=mydomain.com;
domainkeys=fail (bad sig)

But I had gone through the process step by step and tested my DKIM
with the sourceforge.net sites, and those showed that my dkim seemed
accurate.  So, anyway in a brilliant flash of light I decided to try
port 587, and on my first try I got these headers in an email sent to
yahoo and gmail:

Received-SPF: pass 
DomainKey-Status: good
Authentication-Results: mx.google.com; spf=pass ...

So, I guess my question would be, does something in the spam checking
on outbound emails from pop3/smtp users (not imap and squirrelmail)
with spamdyke, rewrite the headers after the dkim has processed the
email which would cause my DKIM hash to be invalid when yahoo and
gmail check it?

CentOS 5
x86_64bit

Thanks
John

-
 QmailToaster hosted by: VR Hosted 
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]