Matthias,
> > The cleanest way to differentiate mail submitted from inside
> > from inbound mail is to provide a dedicated mailer (MSA) for
> > mail submission, which accepts only authenticated mail or mail
> > from internal networks. All mail from such MSA can then be
> > passed to amavisd on a d
> My guess is that the $originating flag is not set for mail
> coming from inside, so amavisd thinks this is an inbound mail,
> which is not to be signed.
> ...
> The cleanest way to differentiate mail submitted from inside
> from inbound mail is to provide a dedicated mailer (MSA) for
> mail subm
Matthias,
> I work for a university institute and administrate its servers
> "incidently".
> Currently I am putting some work into our mail server configuration
> (sendmail 8.13.1 with amavisd-new-2.6.4). Recently I got amavis to
> verify DKIM signed mails. Now my plan was to sign outgoing Emails
I work for a university institute and administrate its servers
"incidently".
Currently I am putting some work into our mail server configuration
(sendmail 8.13.1 with amavisd-new-2.6.4). Recently I got amavis to
verify DKIM signed mails. Now my plan was to sign outgoing Emails
ourselves.
Th
Florian,
> >> So, if someone from outside mails to one of my hosted mailing lists,
> >> and these lists change the subject or add a footer, it's fairly normal
> >> that the Authentication-Result shows softfail for DKIM, right?
> > Yes, as received by the final recipient, member of a mailing list.
Florian,
[...]
> So, it seems as soon as the original sender domain is local, the
> respective key is used to sign, rather than the lists key. Is this
> correct, or wrong?
> anyone has an idea?
Sorry for delay.
Will come to your message 'really-soon-now' :), like tomorrow...
Mark
Hello,
> What still confuses me is the following:
>
> me@localdomain => another@localdomain
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=localdomain
>
> me@localdomain => another@externaldomain
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=localdomain
>
> another@externaldom
Florian,
> > - a mail is received, existing DKIM signatures are verified, and
> > the Authentication-Results is added if a recipient address is local;
>
> I guess that is determined according to local_domains_acl?
Yes.
(or better: according to @local_domains_maps)
> > if there were any pre-ex
Hi Mark,
2011/1/18 Mark Martinec :
> The DKIM signature tags? You need to read the RFC 4871 section 3.5.
> For public key tags see section 3.6.1 of the same document.
Thanks, will do!
>> So, if someone from outside mails to one of my hosted mailing lists,
>> and these lists change the subject o
Hi Mark,
2011/1/19 Mark Martinec :
> - a mail is received, existing DKIM signatures are verified, and
> the Authentication-Results is added if a recipient address is local;
I guess that is determined according to local_domains_acl?
> if there were any pre-existing Authentication-Results heade
Hi Mark,
2011/1/21 Mark Martinec :
> I'm adding this to 2.7.0-pre13:
>
> - updated generating of Authentication-Results headear field according to
> RFC 5451 - previously it followed a draft-kucherawy-sender-auth-header.
> This header field is now also inserted for the new DKIM signatures as
>
Florian,
> > > I'm not sure if there is any value in adding Authentication-Results
> > for a signature that is just being added.
>
> It would help in validating the e-mail easier, but this of course can
> be achieved by different means. It was just not clear to me that this
> is the supposed beha
Florian,
> > I see - you are expecting an Authentication-Results header field
> > to be added even if a signature is just being added in the same
> > mail transaction.
> > So far it doesn't work this way, the Authentication-Results is added
> > based on existing (if any) signatures in a message. O
Hi Mark,
wow, thanks for the fast reply!
2011/1/19 Mark Martinec :
> I see - you are expecting an Authentication-Results header field
> to be added even if a signature is just being added in the same
> mail transaction.
exactly. This would help me to determine the validity of e-mails from
user1
Florian,
> I just reply to this issue right now, because I think it might be
> crucial for diagnosing the rest. :-)
>
> I just tried sending, with the configuration as shown before, from the
> SMTP via port 587, from user1@domain to user2@domain. This results in
> the following headers:
[...]
> S
Hello,
a quick addition:
2011/1/19 Florian Effenberger :
> Hi Mark,
> So, the message is passed through amavisd, spamassassin is invoked,
> and DKIM signatures are being added -- however, the
> Authentication-Results header is missing. This seems to happen from
> all local users to all local use
Hi Mark,
> Authentication-Result header field is only added for local recipients.
> Perhaps your mailing list's domain is not considered local?
I just reply to this issue right now, because I think it might be
crucial for diagnosing the rest. :-)
I just tried sending, with the configuration as s
Florian,
> Is there a dedicated DKIM documentation for amavis? I only found
> information at the "bits and pieces" page
Yes, that's where most of the DKIM-related docs is.
Besides, each newly introduced config settings is documented
in release notes when it was introduced.
> but have a few other
Hi Mark,
thanks a lot for your reply, much appreciated!
Is there a dedicated DKIM documentation for amavis? I only found
information at the "bits and pieces" page, but have a few other
questions, so before asking this list, I'd like to do RTFM, especially
if it's not RTF-RFC. :-) Apart from an ex
Florian,
> I currently work on implementing DKIM signing in my amavisd-new with
> Postfix. All key tests result in passed, and sending signed e-mail out
> of lists results in correct verification.
>
> However, I have problems with signing my hosted mailing lists -- as
> footers are added and subj
Hello,
2011/1/9 Florian Effenberger :
> Therefore, I decided to sign all mailing lists myself with third-party
> signatures, so they get out with valid signatures. It looks, however,
> as if amavisd-new only adds third-party signatures when the sender is
> not from one of my hosted domains. This
Hello,
I currently work on implementing DKIM signing in my amavisd-new with
Postfix. All key tests result in passed, and sending signed e-mail out
of lists results in correct verification.
However, I have problems with signing my hosted mailing lists -- as
footers are added and subjects are modif
On tor 12 nov 2009 13:19:35 CET, Eric Magutu wrote
> Is there anyway that I can use iwayafrica.com instead of creating
> foo._domainkey.iwayafrica.com?
change how dkim works now ?
--
xpoint
--
Let Crystal Reports handl
> Is there anyway that I can use iwayafrica.com instead of creating
> foo._domainkey.iwayafrica.com?
No, but if you are managing the domain iwayafrica.com, you can add a
TXT reccord for foo._domainkey, you don't have to create a subdomain
_domainkey and the TXT reccord foo in that subdomain.
For
Eric,
> Is there anyway that I can use iwayafrica.com instead of creating
> foo._domainkey.iwayafrica.com?
No. The . "_domainkey" prefix is required by RFC 4871.
No recipient will be able to find your key if it is not where
it is supposed to be.
Mark
--
Hi,
Is there anyway that I can use iwayafrica.com instead of creating
foo._domainkey.iwayafrica.com?
On Wed, Nov 11, 2009 at 12:34 PM, Alrik Bronsema wrote:
> foo is the selector. See the instructions of the steps your followed
> in your first email.
> Or see:
> http://www.ijs.si/software/amavis
> I waited long enough and this is the result of dig iwayafrica.com txt
> iwayafrica.com.4INTXT"v=DKIM1\;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSeEyLeTZZtxB9x+UA9h0OxTP7/2e4OUBHzTvE1wbGOllqTCP4neXWP6RaJK9TZI6UkmQTn/VbmIIGFZH7plAOLrKSrjw1ICWZ4QsMBCwFZGdNfdZUyFG4KVxrwoBskEWqC
foo is the selector. See the instructions of the steps your followed
in your first email.
Or see:
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim-am-sign
It is explained there. That's what I followed.
Alrik
On Wed, Nov 11, 2009 at 10:28 AM, Eric Magutu wrote:
> How does the foo pa
How does the foo part come about?
I followed this guide
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim-impatient
what do i need to change ?
On Wed, Nov 11, 2009 at 12:14 PM, Alrik Bronsema wrote:
> When I do digg txt mydomain.com, I don't see the dkim key. But in my
> dns manager
When I do digg txt mydomain.com, I don't see the dkim key. But in my
dns manager, I see:
Name = abc._domainkey.mydomain.com
Value = v=DKIM1; p=MIGfMA0G..etc
In your case, the name should be "foo._domainkey.iwayafrica.com". But
I can't see the foo part.
Regards,
Alrik
On Wed, Nov 11, 2009 at 10:
Hi,
I waited long enough and this is the result of dig iwayafrica.com txt
iwayafrica.com.4INTXT"v=DKIM1\;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSeEyLeTZZtxB9x+UA9h0OxTP7/2e4OUBHzTvE1wbGOllqTCP4neXWP6RaJK9TZI6UkmQTn/VbmIIGFZH7plAOLrKSrjw1ICWZ4QsMBCwFZGdNfdZUyFG4KVxrwoBskEWqCPn
Hi,
Did you wait long enough for the key to propagate?
The dkim key was added correctly as TXT record in the correct name-value format?
Regards,
Alrik
On Wed, Nov 11, 2009 at 9:29 AM, Eric Magutu wrote:
> Hi,
> I am trying to use amavis to sign my mail. I am running exim 4.63 and
> amavisd-new
Hi,
I am trying to use amavis to sign my mail. I am running exim 4.63 and
amavisd-new-2.6.4 (20090625). I followed the following procedure
$ amavisd genrsa /var/db/dkim/example-foo.key.pem
add to amavisd.conf:
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
dkim_key('iwayafrica.com', 'f
Guy,
> I'm currently using amavisd-new with clamav (that's the main thing
> it's in use for at the moment) but I'm wanting to try using it for
> DKIM signing as well. I've tried DKIMproxy but the performance hit
> made it unacceptable.
>
> I've been reading the documentation at
> http://www.ijs.si
Hi,
I'm currently using amavisd-new with clamav (that's the main thing
it's in use for at the moment) but I'm wanting to try using it for
DKIM signing as well. I've tried DKIMproxy but the performance hit
made it unacceptable.
I've been reading the documentation at
http://www.ijs.si/software/amav
Josh,
> How do you configure amavisd-new to sign the envelope_sender?
> Is this by using the d= flag to force the domain used?
Yes, this is currently the only way, by using
the @dkim_signature_options_bysender_maps.
Note that @dkim_signature_options_bysender_maps can be
replaced by a policy bank
Benny Pedersen wrote:
> is From: and envelope_sender diff for your sending users ?, if so are both
> domains a dkim sign domain ?
No, when users send mail the envelope_sender is the same as the From:.
When automated processes send mail on behalf of the users then the
envelope_sender is different
On Tue, June 9, 2009 18:34, Josh Miller wrote:
> No, I set the sender as an email address that will bring the bounced
> mail back to a very specific mail box for un-subscribe processing and
> the email header from address as the person who should receive the mail
> should the recipient intend to r
Benny Pedersen wrote:
> mailman + amavisd-new here always sign the envelope_sender, so no problem
> for me, but i belive the OP problem is that envelope changes in mta before
> signing ?
>
How do you configure amavisd-new to sign the envelope_sender? Is this
by using the d= flag to force the do
Benny Pedersen wrote:
> On Tue, June 9, 2009 00:03, Josh Miller wrote:
>> Is there any way to tell amavisd-new (or is this a Mail::DKIM question?)
>> to sign based on the envelope sender domain instead?
>
> why allow From: and envelope_sender to be diff in the first place ?
>
> imho its your mta
On Tue, June 9, 2009 02:41, Mark Martinec wrote:
> Benny Pedersen wrote:
>> why allow From: and envelope_sender to be diff in the first place ?
>> imho its your mta borking auth up for you, and you want dkim to sign
>> the mess ?
> Sometimes you have no choice. Consider mailing lists for example.
Josh,
> I currently sign outgoing email with DKIM via amavisd-new 2.6.2 for over
> 1000 domains on a single host and noticed today that it is signing based
> on the email header from domain rather than the envelope header sender
> domain.
Yes, this is the first choice, if at all possible. The mai
On Tue, June 9, 2009 00:03, Josh Miller wrote:
> Is there any way to tell amavisd-new (or is this a Mail::DKIM question?)
> to sign based on the envelope sender domain instead?
why allow From: and envelope_sender to be diff in the first place ?
imho its your mta borking auth up for you, and you
I currently sign outgoing email with DKIM via amavisd-new 2.6.2 for over
1000 domains on a single host and noticed today that it is signing based
on the email header from domain rather than the envelope header sender
domain.
Is there any way to tell amavisd-new (or is this a Mail::DKIM question
Michael,
> I saw my email comeing back from a listserver scored as dkim failed.
>
> (I tested my dkim signatures with sendmail and dkim.org, showed no
> problems)
>
> the suggestions on the list seem to indicate a different set of default
> headers be used during signing.
> (I noticed, at least, t
> I saw my email comeing back from a listserver scored as dkim failed.
(I
> tested my dkim signatures with sendmail and dkim.org, showed no problems)
the
> suggestions on the list seem to indicate a different set of default
headers
> be used during signing.
(I noticed, at least, that the listser
I saw my email comeing back from a listserver scored as dkim failed.
(I tested my dkim signatures with sendmail and dkim.org, showed no problems)
the suggestions on the list seem to indicate a different set of default
headers be used during signing.
(I noticed, at least, that the listserver stri
At 09:48 AM 7/7/2007, Michael Scheidell wrote:
>Seems if you use dkim to sign outgoing email through amavisd-new policy
>bank and forward-method, the 'disclaimer' added to message does not pass
>the body test. since it seems to sign the message before the disclaimer
>is added.
>
>Q) how do I get it
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Bill Landry
> Sent: Saturday, July 07, 2007 11:05 AM
> To: amavis-user@lists.sourceforge.net
> Subject: Re: [AMaViS-user] Dkim signing and altermime /
> disclaimer
Michael Scheidell wrote the following on 7/7/2007 7:48 AM -0800:
> Seems if you use dkim to sign outgoing email through amavisd-new policy
> bank and forward-method, the 'disclaimer' added to message does not pass
> the body test. since it seems to sign the message before the disclaimer
> is added.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Michael Scheidell
> Sent: Saturday, July 07, 2007 10:49 AM
> To: amavis-user@lists.sourceforge.net
> Subject: [AMaViS-user] Dkim signing and altermime / disclaimer failure
>
Seems if you use dkim to sign outgoing email through amavisd-new policy
bank and forward-method, the 'disclaimer' added to message does not pass
the body test. since it seems to sign the message before the disclaimer
is added.
Q) how do I get it to sign AFTER mangling (do I do it in amavisd.conf?)
52 matches
Mail list logo
