I was thinking that specific email that was received might be
retrieved, stripped of its dkim headers and resent under controlled
conditions to see what broke.
I've seen two emails recently - on a moderately busy server that hosts
some high traffic discussion lists, as well as personal mail for half
a dozen people who are "heavy" users of email .. that failed dkim
validation and signature verification was disabled .. on the latest
exim and its libdkim, on debian. Both seem to be random spam - one
forwarded through a friend's pobox account and sent originally from a
webmail .. and the second being some kind of send to a friend feature
on a video site, that's being abused to send nigerian spam to a
mailing list address.
As spam isn't particularly noted for good construction ..
/var/log/exim4/mainlog.6.gz:2010-02-18 19:23:55 1NiJT8-0001OV-VA DKIM:
Error while running this message through validation, disabling
signature verification.
/var/log/exim4/mainlog.6.gz:2010-02-18 19:23:55 1NiJT8-0001OV-VA <=
SRS0=KHZi=KD=sify(_dot_)com=campaignback(_at_)bounce2(_dot_)pobox(_dot_)com
H=sienna.pobox.com [64.74.157.51]:56699 I=[204.74.68.40]:25 P=esmtp
S=31396
id=20100219032201(_dot_)18875(_dot_)qmail(_at_)portal(_dot_)bulkmail(_dot_)com
T="Great
hotel deals from India and across the globe" from
<SRS0=KHZi=KD=sify(_dot_)com=campaignback(_at_)bounce2(_dot_)pobox(_dot_)com>
for
xyz(_at_)frodo(_dot_)hserus(_dot_)net
/var/log/exim4/mainlog.6.gz:2010-02-18 19:23:55 cwd=/var/spool/exim4 3
args: /usr/sbin/exim4 -Mc 1NiJT8-0001OV-VA
/var/log/exim4/mainlog.6.gz:2010-02-18 19:23:55 1NiJT8-0001OV-VA =>
xyz <xyz(_at_)frodo(_dot_)hserus(_dot_)net>
F=<SRS0=KHZi=KD=sify(_dot_)com=campaignback(_at_)bounce2(_dot_)pobox(_dot_)com>
R=localuser
T=local_delivery S=31556
/var/log/exim4/mainlog.6.gz:2010-02-18 19:23:55 1NiJT8-0001OV-VA Completed
/var/log/exim4/mainlog.9.gz:2010-02-16 03:52:27 1NhLyd-0000Wr-7z DKIM:
Error while running this message through validation, disabling
signature verification.
/var/log/exim4/mainlog.9.gz:2010-02-16 03:52:27 1NhLyd-0000Wr-7z <=
messages(_at_)livevideo(_dot_)com H=(livevideo.com) [207.7.146.81]:4201
I=[204.74.68.40]:25 P=smtp S=75499 id=634018895491215047(_at_)LVML11
T="Join kufo.george on LiveVideo!" from <messages(_at_)livevideo(_dot_)com> for
listname(_at_)lists(_dot_)linux-delhi(_dot_)org
/var/log/exim4/mainlog.9.gz:2010-02-16 03:52:27 cwd=/var/spool/exim4 3
args: /usr/sbin/exim4 -Mc 1NhLyd-0000Wr-7z
/var/log/exim4/mainlog.9.gz:2010-02-16 03:52:27 1NhLyd-0000Wr-7z =>
listname <listname(_at_)lists(_dot_)linux-delhi(_dot_)org>
F=<messages(_at_)livevideo(_dot_)com>
R=mailman_router T=mailman_transport S=75553
/var/log/exim4/mainlog.9.gz:2010-02-16 03:52:27 1NhLyd-0000Wr-7z Completed
On Wed, Feb 24, 2010 at 7:21 PM, Michael Thomas <mike(_at_)mtcc(_dot_)com>
wrote:
I'm sort of dubious about this. Unless you're using z=, your chances of
figuring out why something broke are slim to none. With z=, your chances
of figuring it out are merely slim.
Mike, with far too much experience at that
On 02/24/2010 02:17 AM, Suresh Ramasubramanian wrote:
I support this. The rest of Barry's charter proposal is OK by me.
thanks
suresh
On Wed, Feb 24, 2010 at 3:27 PM, Franck Martin<franck(_at_)genius(_dot_)com>
wrote:
Shouldn't we move forward Murray's draft "quickly" that allows to report
back broken DKIM signature to the validating domain?
This would allow to collect information on why signature gets broken
making the DKIM draft stronger.
--
Suresh Ramasubramanian (ops(_dot_)lists(_at_)gmail(_dot_)com)
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html