Re: Spamassassin always says DKIM_INVALID

2020-01-16 Thread David Jones 
Do you have anything modifying the Subject or altering the message body (like a 
signature/disclaimer or external email warning) after opendkim and before the 
spamass-milter?

From: Alex Woick 
Date: Tuesday, January 14, 2020 at 7:38 AM
To: "users@spamassassin.apache.org" 
Subject: Spamassassin always says DKIM_INVALID

Spamassassin (3.4.3, the same with previous) declares all or almost all the 
incoming DKIM-signed messages as DKIM_INVALID, and I'm not understanding why.
I'm running opendkim on the mail server as milter with Postfix, and the 
opendkim headers say the same dkim signatures are all valid.

Example headers of some mail from this list.
Opendkim says ok:

Authentication-Results: mail.wombaz.de;

dkim=pass (2048-bit key) header.d=linkcheck.co.uk 
header.i=@linkcheck.co.uk header.b="PXrrNHdB"


But Spamassassin says it's invalid:

X-Spam-Status: No, score=-15.5 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL,

DKIM_INVALID,DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,

MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS,TXREP,

USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.3


Link to complete message:
https://pastebin.com/raw/1DLtnuRX

Spamassassin is running as spamc/spamd, and is embedded in Postfix with 
spamass-milter. System is running on CentOS 7.

Postfix milter config is this:

smtpd_milters =

  unix:/var/run/opendkim-postfix/sock,

  unix:/var/run/opendmarc-postfix/sock,

  unix:/var/run/clamav-milter/clamav-milter.socket,

  unix:/run/spamass-milter/postfix/sock


Any idea how to find out why Spamassassin isn't able to successfully verify 
dkim sigs, while at the same time Opendkim says it's valid? I just activated 
the dkim plugin of Spamassassin but didn't configure anything dkim-related, 
since there is nothing specific to do.

Alex

Re: SA Safelist fail

2020-01-16 Thread Benny Pedersen 

Henry Castro skrev den 2020-01-16 21:06:


Are you having any issues with the lists below:



sa-accredit.habeas.com
sa-trusted.bondedsender.org



All DNS/TXT queries to them are failing for all of my systems.


yes seem here aswell

i have added habeas.com and bondedsender.org to dns deny in local.cf

SA Safelist fail

2020-01-16 Thread Henry Castro 
Hi,

Are you having any issues with the lists below:

sa-accredit.habeas.com
sa-trusted.bondedsender.org

All DNS/TXT queries to them are failing for all of my systems.

Henry Castro





The information contained in this email is intended only for the person or 
entity to whom it is addressed and may contain confidential and/or privileged 
material; unauthorized use of this information is prohibited. If you have 
received this in error, please notify the sender and delete the material 
immediately. Thank you.

L'information contenue dans ce courriel ne s'adresse qu'? la personne ou ? 
l'entit? ? qui elle est dirig?e; elle peut contenir des renseignements de 
nature privil?gi?e et/ou confidentielle. Toute utilisation non autoris?e est 
interdite. Si vous avez re?u ce courriel par erreur, SVP en aviser l'exp?diteur 
et le d?truire imm?diatement. Merci.