[EMAIL PROTECTED] (Justin Mason) writes: > It's pretty easy for normal mail transmission to break DK > signatures
It sure is. Kai's and Pollywog's problems prompted me to investigate why my own DK plugin was not verifying signatures from Yahoo! and gmail.com. I filled SA's DomainKeys plugin and Mail::DomainKeys::Signature.pm with debugging and got busy with -D. It turns out that gmail.com encodes its outgoing email as quoted-printable and signs the content-transfer-encoding header. sendmail converts quoted-printable to 8bit, changing Content-Transfer-Encoding accordingly, and the signature fails to verify. So, bang goes gmail. I didn't have any Yahoo correspondence lying around for me to test so I tried the autoresponders at dk.elandsys.com (thank you Matthew van Eerde for the pointers). In Domainkeys 0.80 we have: # FIXME: only needs to match the end of the domain $prms{'Sender'}->host eq $self->domain or $self->errorstr("domain " . $self->domain . " does not match address " . $prms{'Sender'}->host), return; ...and sure enough, elandsys.com does not match dk.elandsys.com. That is easily fixed. I see now why SA's default scores for DK rules are so low. On the upside, my implementation of hashcash was so old that upgrading it allowed me to add another four bits of work to each outgoing message. Go, hashcash! -- _________________________________________________________________________ Andrew Donkin Waikato University, Hamilton, New Zealand