-----Original Message-----
From: dkim-ops-bounces(_at_)mipassoc(_dot_)org [mailto:dkim-ops-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of Allan E. Johannesen
Sent: Wednesday, August 26, 2009 8:37 AM
To: dkim-ops(_at_)mipassoc(_dot_)org
Cc: aej(_at_)wpi(_dot_)edu
Subject: [dkim-ops] Yahoo/BellSouth configuration
[...]
I turned off the DKIM filter, since I can't see the message until I do
that.
A message from them to me had this header:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bellsouth.net;
s=s1024; t=1251295577; bh=AWurPyCfrWyL7Q4VoVf/3EwEKj++xepXQ72Z/H6SNU0=;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-
Reply-To:MIME-Version:Content-Type;
b=NtTZuqgdUa6AbMvBYLAcplSRLag1MYv64CaLP9tngtSO4p7uuclGatImb9L7aRHaLFlXH
1LXPHPDH7DN05y4/JwxZSyg1lJND9iaNejALpGTeyuBSSE1NjBWAhh97Z1vpSWVEqvZL6x7
q7JmBJVxy8dMrpqdRg92ahgXJgUYJc0=
The problem is that bellsouth.net has no selector named s1024.
However,
yahoo.com does:
[...]
So, my question is about how our DKIM filter is supposed to know to
check
yahoo.com when given a domain of bellsouth.com in the DKIM-Signature
Is there a newer version than dkim-milter-2.8.3 which might understand
some new
magic about how to translate domain names given in the DKIM header?
My guess is Yahoo! is providing mailbox service for Bellsouth. They send mail
on behalf of bellsouth.net and are signing that mail with DKIM, but are
changing the "d=" to match the sending domain while still using their own keys.
This causes verifiers to (correctly!) go to bellsouth.net's DNS servers to get
the key but, as you've observed, it's not there, which makes verification
impossible.
There's no magic to apply here. The verifier is doing what the signer told it
to do, but what the signer said is unfortunately invalid.
Your best bet until this gets straightened out is to relax what the filter does
in response to key retrieval failures. Check the documentation for the filter
you're using for assistance.
-MSK
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops