dkim-ops
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [dkim-ops] No signature on incoming mail

2010-04-12 01:26:04
from [Ernie Grossmann] [Permanent Link] 


Date: Sun, 11 Apr 2010 03:00:53 +0000
From: johnl(_at_)taugh(_dot_)com
To: dkim-ops(_at_)mipassoc(_dot_)org
Subject: Re: [dkim-ops] No signature on incoming mail
CC: ernieg92(_at_)hotmail(_dot_)com


Do most senders *NOT* use DK or DKIM signatures? Do I have a problem
with my DNS?


Most mail is still unsigned, but the signed fraction is considerably
above 0.01%.


How can I troubleshoot/fix?


Send yourself mail from a Yahoo or Gmail account, both of which sign
their mail, and turn on all the log options to see what's happening.

R's,
John


Thanks for the info.  I think I *may* have figured it out.  Knowing that not 
much mail is signed is helpful.
 
Amavis-new does check domain key signatures.  But I also have the dkim-filter 
installed.
 
When sending from my Yahoo account to my personal account (on mail server), 
there is no log entry for dkim-filter daemon (almost all mail says "no 
signature data").  I have not (figured out how to) enable verbose logging, so 
I'm assuming the absence of a dkim-filter message in the mail.log means no 
error.
 
The header from the actual email is (usernames removed):
Return-Path: <@yahoo.com>
X-Original-To: @edge06.net
Delivered-To: @edge06.net
Received: from localhost (bluebird01 [127.0.0.1])
 by bluebird01.edge06.net (Postfix) with ESMTP id CABEC175E6
 for <@edge06.net>; Sun, 11 Apr 2010 22:39:18 -0600 (MDT)
Authentication-Results: bluebird01.edge06.net; domainkeys=pass (testing) 
header(_dot_)from=(_at_)yahoo(_dot_)com
Authentication-Results: bluebird01.edge06.net; dkim=pass
 (1024-bit key; insecure key) header(_dot_)i=(_at_)yahoo(_dot_)com;
 x-dkim-adsp=none (insecure policy)
X-Virus-Scanned: Debian amavisd-new at edge06.net
X-Spam-Flag: NO
X-Spam-Score: -1.782
X-Spam-Level: 
X-Spam-Status: No, score=-1.782 tagged_above=-999 required=3.5
 tests=[AWL=-0.314, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13,
 HTML_MESSAGE=0.001] autolearn=no
Authentication-Results: bluebird01.edge06.net (amavisd-new);
 domainkeys=softfail (invalid, public key: DNS query timeout for
 s1024._domainkey.yahoo.com) header(_dot_)from=(_at_)yahoo(_dot_)com
Received: from bluebird01.edge06.net ([127.0.0.1])
 by localhost (bluebird01.edge06.net [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id C6Qzfc7EaePr for <@edge06.net>;
 Sun, 11 Apr 2010 22:38:46 -0600 (MDT)
Received: from web56506.mail.re3.yahoo.com (web56506.mail.re3.yahoo.com 
[66.196.97.35])
 by bluebird01.edge06.net (Postfix) with SMTP id 5AF7DD14
 for <@edge06.net>; Sun, 11 Apr 2010 22:38:35 -0600 (MDT)
Authentication-Results: bluebird01.edge06.net; domainkeys=pass (testing) 
header(_dot_)from=(_at_)yahoo(_dot_)com
Authentication-Results: bluebird01.edge06.net; dkim=pass
 (1024-bit key; insecure key) header(_dot_)i=(_at_)yahoo(_dot_)com;
 x-dkim-adsp=none (insecure policy)
Received: (qmail 59893 invoked by uid 60001); 12 Apr 2010 04:38:35 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; 
t=1271047115; bh=FYv+TRcRZ3oSKb649dCiT53VuO6BIlx7TSHt498BRrU=; 
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
 
b=THkLxHyCYZGqlb1S0cyLp0eBOvqUAlE1lWKcoFTqyBLNjmBx/DSw7jKP8fDckChY+aavfJhwK4zZulhS4VKHWUOICnqJNWnhfwZDJLBoZjY+x3zFWvmcIRgcXNn9NvzDIqxDHhP57bEMGaHE2/WqbPy5b2hZfRkVHJrrfyzLo/c=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
 
b=UTwmtNhSk7Yw9kum0YW0AczEh+LnR1qnENx6Nsg9U4mG5POsvjoTRO1i9yUCG5q12sMngnWgh0fVOoA8nGfR2S8NO8t0FAYtmWE2zw/bIPN8kEaAKpJzAyqTN9MTRuk0JzrRjFP7HbetyfcXJKpssWjo5ysF6sLOSI0PpxRT1f4=;
Message-ID: 
<441721(_dot_)59871(_dot_)qm(_at_)web56506(_dot_)mail(_dot_)re3(_dot_)yahoo(_dot_)com>
X-YMail-OSG: uTEm18sVM1kpsuQ_8QOu1Ofbv3fepmBeMKI_oEogP1qjljE
 qVHVuwNFacPRoiqoiGVwe63mooJku20dIe23bJ3qOfXa_YpLH3LClNwgDVL5
 WN.8Z5jeGgEkkqozHdFLWGHq5aEmfz3LPgeU2eLASfh43DY_tDDfBtkUs2fQ
 ttMXGjB7FWrWwty0gNcvQxjkR9woo_aq7e3cI6pNe0Mz6E4Erl4eoNRWVXnt
 M4c6oNh5SGd5kourh8_F7JGAFz2DXd89cPGF2vjwpkmrZkIti0uCofTp3.Ad
 i.nzZ4vOVpSo-
Received: from [63.230.70.220] by web56506.mail.re3.yahoo.com via HTTP; Sun, 11 
Apr 2010 21:38:35 PDT
X-Mailer: YahooMailRC/348.3 YahooMailWebService/0.8.100.260964
Date: Sun, 11 Apr 2010 21:38:35 -0700 (PDT)
 
That appears to be a good signature, correct?  
 
If so, then I guess I'll need to contact the amavis mailing list to figure out 
why it is failing on the signature verification since dkim-filter is okay.
 
Thanks again.
Ernie Grossmann
 
 
                                          
_________________________________________________________________
The New Busy is not the old busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [dkim-ops] No signature on incoming mail, Murray S. Kucherawy
Next by Date:  Re: [dkim-ops] No signature on incoming mail, Ernie Grossmann
Previous by Thread:  Re: [dkim-ops] No signature on incoming mail, John Levine
Next by Thread:  Re: [dkim-ops] No signature on incoming mail, Murray S. Kucherawy
Indexes:  [Date] [Thread] [Top] [All Lists]