Re: T_DKIM_INVALID false positives with Gmail
On Mon, 19 Mar 2018 11:53:19 -0400 Bill Cole wrote: > On 19 Mar 2018, at 11:29, Sebastian Arcus wrote: > > > I've been seeing a number of false positives recently from > > T_DKIM_INVALID with Gmail emails. Are some Gmail servers > > misconfigured, > There are LOTS of ways to break a DKIM signature. Including signing non-existent List-* headers and then posting to a mailing list. DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=open-t.co.uk; s=20170820; h=Content-Transfer-Encoding:Content-Type: MIME-Version:Date:Message-ID:Subject:From:To:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive;...
Re: T_DKIM_INVALID false positives with Gmail
No, because DKIM is verifying the unmodified header/body (more complicated than that). -- Kevin A. McGrail Asst. Treasurer & VP Fundraising, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171 On Mon, Mar 19, 2018 at 11:55 AM, Sebastian Arcus wrote: > On 19/03/18 15:53, Bill Cole wrote: > >> On 19 Mar 2018, at 11:29, Sebastian Arcus wrote: >> >> I've been seeing a number of false positives recently from T_DKIM_INVALID >>> with Gmail emails. Are some Gmail servers misconfigured, or could something >>> be going on at my end? The DKIM record which is flagged as invalid is below: >>> >>> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; >>> s=20161025; h=mime-version:from:date:message-id:subject:to;bh=8wlgvdpEOm >>> UO2ugslPxRkFYA/ZThwu2bWy5VmlR76ug=; >>> b=gRcnOIzmENqS8a91mSdETdXvyH6df7u0tSwsadk6CMD0KtAbzuM3ojHW+kPEo7AB1i >>> vnbCDc/vsR6H7pP0k3hZmF7z/dAaeZWD4RVzqM+Fv70oHy4af64j+fGSekOCM9o4ShRQ >>> Vk3KyF+69sKTK3rRWEnfrcgi/pN2DJWDvrIBRjmFOZYKNVN+8elaVM9DOO7tEMLYuw7T >>> +sVaUMNt8MuPxRhrskJYOIxK8zzkcJHYV+1TuWJuqZAHRVwgnDWX7q3Wx0GwrX+3lKpm >>> 3A1+F5dBVjH4dXvdfIESm5XpV8b9uBn9daGWrUgkR+PB23XsL9QkxEqCRXdgII3FRxtQ >>> Ps6A== >>> >> >> There are LOTS of ways to break a DKIM signature. Whether that one is >> broken can't be checked and how it might have been broken can't be guessed >> at without the full *unmodified* headers and body of the message. >> > > I use Exim to pass stuff directly to SA. Could I attach the DKIM header in > a text file and send it to the list? >
Re: T_DKIM_INVALID false positives with Gmail
On 19/03/18 15:53, Bill Cole wrote: On 19 Mar 2018, at 11:29, Sebastian Arcus wrote: I've been seeing a number of false positives recently from T_DKIM_INVALID with Gmail emails. Are some Gmail servers misconfigured, or could something be going on at my end? The DKIM record which is flagged as invalid is below: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=mime-version:from:date:message-id:subject:to;bh=8wlgvdpEOmUO2ugslPxRkFYA/ZThwu2bWy5VmlR76ug=; b=gRcnOIzmENqS8a91mSdETdXvyH6df7u0tSwsadk6CMD0KtAbzuM3ojHW+kPEo7AB1i vnbCDc/vsR6H7pP0k3hZmF7z/dAaeZWD4RVzqM+Fv70oHy4af64j+fGSekOCM9o4ShRQ Vk3KyF+69sKTK3rRWEnfrcgi/pN2DJWDvrIBRjmFOZYKNVN+8elaVM9DOO7tEMLYuw7T +sVaUMNt8MuPxRhrskJYOIxK8zzkcJHYV+1TuWJuqZAHRVwgnDWX7q3Wx0GwrX+3lKpm 3A1+F5dBVjH4dXvdfIESm5XpV8b9uBn9daGWrUgkR+PB23XsL9QkxEqCRXdgII3FRxtQ Ps6A== There are LOTS of ways to break a DKIM signature. Whether that one is broken can't be checked and how it might have been broken can't be guessed at without the full *unmodified* headers and body of the message. I use Exim to pass stuff directly to SA. Could I attach the DKIM header in a text file and send it to the list?
Re: T_DKIM_INVALID false positives with Gmail
On 19 Mar 2018, at 11:29, Sebastian Arcus wrote: I've been seeing a number of false positives recently from T_DKIM_INVALID with Gmail emails. Are some Gmail servers misconfigured, or could something be going on at my end? The DKIM record which is flagged as invalid is below: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=mime-version:from:date:message-id:subject:to;bh=8wlgvdpEOmUO2ugslPxRkFYA/ZThwu2bWy5VmlR76ug=; b=gRcnOIzmENqS8a91mSdETdXvyH6df7u0tSwsadk6CMD0KtAbzuM3ojHW+kPEo7AB1i vnbCDc/vsR6H7pP0k3hZmF7z/dAaeZWD4RVzqM+Fv70oHy4af64j+fGSekOCM9o4ShRQ Vk3KyF+69sKTK3rRWEnfrcgi/pN2DJWDvrIBRjmFOZYKNVN+8elaVM9DOO7tEMLYuw7T +sVaUMNt8MuPxRhrskJYOIxK8zzkcJHYV+1TuWJuqZAHRVwgnDWX7q3Wx0GwrX+3lKpm 3A1+F5dBVjH4dXvdfIESm5XpV8b9uBn9daGWrUgkR+PB23XsL9QkxEqCRXdgII3FRxtQ Ps6A== There are LOTS of ways to break a DKIM signature. Whether that one is broken can't be checked and how it might have been broken can't be guessed at without the full *unmodified* headers and body of the message.
Re: T_DKIM_INVALID false positives with Gmail
What glue are you using for SA? DKIM is pretty fragile depending on the signature and implementation. One \n\r changed to \n for example which some SMTP transports will do can cause a failure. I pretty much consider DKIM a 100% if it works and generally worthless if it fails technology right now BUT should get better as people realize they can't muck with things mid transport. Regards, KAM -- Kevin A. McGrail Asst. Treasurer & VP Fundraising, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171 On Mon, Mar 19, 2018 at 11:29 AM, Sebastian Arcus wrote: > I've been seeing a number of false positives recently from T_DKIM_INVALID > with Gmail emails. Are some Gmail servers misconfigured, or could something > be going on at my end? The DKIM record which is flagged as invalid is below: > > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; > s=20161025; h=mime-version:from:date:message-id:subject:to;bh=8wlgvdpEOm > UO2ugslPxRkFYA/ZThwu2bWy5VmlR76ug=; > b=gRcnOIzmENqS8a91mSdETdXvyH6df7u0tSwsadk6CMD0KtAbzuM3ojHW+kPEo7AB1i > vnbCDc/vsR6H7pP0k3hZmF7z/dAaeZWD4RVzqM+Fv70oHy4af64j+fGSekOCM9o4ShRQ > Vk3KyF+69sKTK3rRWEnfrcgi/pN2DJWDvrIBRjmFOZYKNVN+8elaVM9DOO7tEMLYuw7T > +sVaUMNt8MuPxRhrskJYOIxK8zzkcJHYV+1TuWJuqZAHRVwgnDWX7q3Wx0GwrX+3lKpm > 3A1+F5dBVjH4dXvdfIESm5XpV8b9uBn9daGWrUgkR+PB23XsL9QkxEqCRXdgII3FRxtQ > Ps6A== >
T_DKIM_INVALID false positives with Gmail
I've been seeing a number of false positives recently from T_DKIM_INVALID with Gmail emails. Are some Gmail servers misconfigured, or could something be going on at my end? The DKIM record which is flagged as invalid is below: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=mime-version:from:date:message-id:subject:to;bh=8wlgvdpEOmUO2ugslPxRkFYA/ZThwu2bWy5VmlR76ug=; b=gRcnOIzmENqS8a91mSdETdXvyH6df7u0tSwsadk6CMD0KtAbzuM3ojHW+kPEo7AB1i vnbCDc/vsR6H7pP0k3hZmF7z/dAaeZWD4RVzqM+Fv70oHy4af64j+fGSekOCM9o4ShRQ Vk3KyF+69sKTK3rRWEnfrcgi/pN2DJWDvrIBRjmFOZYKNVN+8elaVM9DOO7tEMLYuw7T +sVaUMNt8MuPxRhrskJYOIxK8zzkcJHYV+1TuWJuqZAHRVwgnDWX7q3Wx0GwrX+3lKpm 3A1+F5dBVjH4dXvdfIESm5XpV8b9uBn9daGWrUgkR+PB23XsL9QkxEqCRXdgII3FRxtQ Ps6A==