I have checked resent emails with port25.com, that also displays error Result: fail (wrong body hash: expected Sp7UU11MCfYMc32P8gQRPzpZ6q6+b1lsV0oNi8Cn0Lk=)
I have also removed t= tag after which resent emails are delivered to Inbox but DKIM verification is still failing. Thanks, Shahid On Mon, Aug 16, 2010 at 9:04 AM, Jerry M <[email protected]> wrote: > I was comparing your mailet tag to mine. I noticed you added a t= value. > You may have just dummied up the value to post on the forum as you did the > domain name. But if that is the real value, it's very small number = very > old time stamp (basically 40 years old). No idea if google would be upset > with that, and even more curious why it would only affect resends. But just > looking for anything that might be the culprit. > > Also, the 'sender' on a resent email is the original sender. So > technically, JAMES is signing an email from a domain it doesn't own. > port25.com gives me a different result when I send an email with the from > address at the actual domain that is signing vs. when I send an email that > is on another domain hosted on my server. They both 'pass'. But it's noted > that the from address is different. Not sure if that could be a problem > with resends and google since the from address is completely different than > the signing domain. But that still begs the question why it worked on my > test. I just don't know enough about the theory of what is considered an > acceptable signature vs. what is not. I'll keep researching. > > Jerry > > On 8/15/2010 10:37 PM, Jerry M wrote: > >> Shahid, >> >> I set up for all inbound email to one of my james accounts to resend to a >> gmail account. I guess it's good news for me, but bad news for you... gmail >> says the resend was signed correctly. This was a single test from an >> outside business email address that I have. Hardly an exhaustive test. As >> Stephano mentioned, it could be a formatting thing on the inbound mail, >> which I suspect can vary greatly from sender to sender. So I'm going to >> leave the resend active for a while and watch as I get additional real >> emails from various sources and see if I get any failures and subsequently >> can detect a pattern. >> >> If you can test on an email account that no 'real' traffic is coming into, >> you might try bouncing to the port25.com tester email address I mentioned >> below just to see what it tells you. You'll get more info than gmail gives >> regarding DKIM. The only thing is that port25.com sends the analysis >> info back to the sender. So if this is a live email and you are bouncing to >> port25.com test, the sender will get the analysis reply (probably not >> what you want..). Hence the recommendation to do it on a dormant/test email >> account. >> >> Let me know if you get any additional info. >> >> Jerry >> >> >> On 8/15/2010 10:20 PM, Shahid Faiz wrote: >> >>> Hi Jerry, >>> >>> Yes, you are right. Mails which are sent directly to my gmail account are >>> verified and delivered to my inbox whereas mails sent using Resend are >>> not >>> verified and thats why those mails land in Spam. >>> >>> Yes, I have also guessed that there were no parameters required. I will >>> try >>> looking into ConvertTo7Bit code if that will help. >>> >>> Thank you very much for the help. >>> >>> - Shahid >>> >>> On Mon, Aug 16, 2010 at 8:12 AM, Jerry M<[email protected]> wrote: >>> >>> So you are using resend mailet to send inbound mail that you receive on >>>> to >>>> a gmail account, right? And mail you send directly is signed correctly, >>>> but >>>> inbound mail that resends to gmail is failing. Is that correct? >>>> >>>> I finally got everything up and running with DKIM. I did a direct send >>>> to >>>> gmail and to the port25.com tester ([email protected]). >>>> Everything looks good now. I'll try adding a resend to gmail to try to >>>> duplicate your scenario. >>>> >>>> On the advise Stephano gave you about the convertTo7Bit mailet, I added >>>> it >>>> ahead of the DKIMSign mailet. There was zero documentation on it. So I >>>> just guessed that there were no parameters. I assume it's doing it's >>>> job. >>>> But I really don't know if it's doing anything. I still don't know >>>> what >>>> that third mailet is for. But I'm not using it, and DKIM is working. >>>> >>>> I'll let you know what I find after adding the resend to gmail. >>>> >>>> Jerry >>>> >>>> >>>> >>>> On 8/15/2010 9:32 PM, Shahid Faiz wrote: >>>> >>>> i have configured ConvertoTo7Bit but no success. following are james >>>>> configurations. Is there anything missing in ConvertTo7Bit >>>>> configuration? >>>>> >>>>> <mailet match="All" class="ConvertTo7Bit"> >>>>> </mailet> >>>>> <!--<mailet match="All" class="LogMessage"> >>>>> </mailet> --> >>>>> >>>>> <mailet match="All" class="DKIMSign"> >>>>> <signatureTemplate>v=1; s=default; d=mydomain.com; >>>>> h=from:to:received:received; t=12345; a=rsa-sha256; bh=; >>>>> b=;</signatureTemplate> >>>>> <privateKey> >>>>> -----PRIVATE KEY IN PEM FORMAT----- >>>>> </privateKey> >>>>> </mailet> >>>>> >>>>> <!-- Attempt remote delivery using the specified repository for >>>>> the >>>>> spool, --> >>>>> <!-- using delay time to retry delivery and the maximum number of >>>>> retries --> >>>>> <mailet match="All" class="RemoteDelivery"> >>>>> <outgoing> file://var/mail/outgoing/</outgoing> >>>>> >>>>> >>>>> >>>>> On Sat, Aug 14, 2010 at 11:42 PM, Shahid Faiz<[email protected]> >>>>> wrote: >>>>> >>>>> >>>>> you are right this may be the problem. i haven't configured >>>>> ConvertTo7Bit >>>>> >>>>>> before DKIMSign and as James is running on linux where we have LF as >>>>>> EOL >>>>>> character. >>>>>> >>>>>> Thanks very much for the help. I will try this on Monday, hopefully >>>>>> this >>>>>> will solve the problem. >>>>>> >>>>>> - Shahid >>>>>> >>>>>> >>>>>> On Sat, Aug 14, 2010 at 9:52 PM, Stefano Bagnara<[email protected]> >>>>>> wrote: >>>>>> >>>>>> 2010/8/14 Shahid Faiz<[email protected]>: >>>>>> >>>>>>> Hi, >>>>>>>> >>>>>>>> jDKIM is configured properly and works perfectly fine for emails >>>>>>>> which >>>>>>>> I >>>>>>>> sent out using any email client but when I bounce emails using >>>>>>>> Resend >>>>>>>> >>>>>>>> mailet >>>>>>> >>>>>>> gmail says* **dkim=neutral (body hash did not verify).* DKIMSign >>>>>>>> mailet >>>>>>>> >>>>>>>> is >>>>>>> >>>>>>> configured as the last one in transport processor. any hint or help >>>>>>>> what >>>>>>>> >>>>>>>> is >>>>>>> >>>>>>> missing? >>>>>>>> >>>>>>>> Have you configured a ConvertTo7Bit mailet (bundled with jdkim) >>>>>>> just >>>>>>> before the DKIMSign mailet? >>>>>>> >>>>>>> DKIM may have issues with LF (\n) newlines. DKIM expects only CRLF >>>>>>> (\r\n) otherwise signing is not possible. >>>>>>> >>>>>>> Stefano >>>>>>> >>>>>>> --------------------------------------------------------------------- >>>>>>> >>>>>>> To unsubscribe, e-mail: [email protected] >>>>>>> For additional commands, e-mail: [email protected] >>>>>>> >>>>>>> >>>>>>> >>>>>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [email protected] >>>> For additional commands, e-mail: [email protected] >>>> >>>> >>>> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> >> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
