DKIM is driving me nuts
wfdudley at gmail.com
Tue Sep 4 15:48:45 UTC 2018
I have decided to abandon this quest.
The intersection of DKIM and Mailman is a huge cluster f--k, and will not
be sorted out
any time soon, if ever.
Since I value the mailing lists I host, and am unwilling to stop those
it makes sense to give up on DKIM.
DKIM doesn't solve any problems (except for one poor schmuck who has a ".
email address, that rejects all email without DKIM), I don't find DKIM
enough to fight with it any more.
Thanks to all for their suggestions. I have learned somethings, which was
This email is free of malware because I run Linux.
On Tue, Sep 4, 2018 at 11:32 AM, William Dudley <wfdudley at gmail.com> wrote:
> Zoneminder only lets me create a TXT record for machine names of
> the form "something.casano.com". Their "default" SPF record is attached
> to "*.casano.com". I created additional TXT SPF records for "
> and "mail.casano.com", but that made no difference in the DKIM
> dig -t txt '*.casano.com'
> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> -t txt *.casano.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22642
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;*.casano.com. IN TXT
> ;; ANSWER SECTION:
> *.casano.com. 21599 IN TXT "v=spf1 a mx -all"
> ;; Query time: 88 msec
> ;; SERVER: 126.96.36.199#53(188.8.131.52)
> ;; WHEN: Tue Sep 04 11:21:40 EDT 2018
> ;; MSG SIZE rcvd: 70
> Google is happy with my SPF records, all my emails to gmail pass SPF
> Somehow, they know to lookup *.casano.com.
> The problem I'm having is that SOME of my DKIM mail passes the check,
> and some doesn't. The difference appears to be based on what MUA/client
> I use to send the email.
> Email sent using Thunderbird on another machine on my LAN passes DKIM
> Emails sent using "mailx" or my mailman list server fail DKIM checks.
> For both the Thunderbird case and the mailx case, the "From:" field is "
> dud at casano.com",
> and yet in one case, DKIM passes, and in the other, it doesn't.
> Chris' assertion that the DKIM key is chosen based on the From: field is
> backed up by the man page for opendkim.conf(5), but there's a lot in the
> paragraphs on SigningTable and I'll be staring at that until little drops
> of blood
> appear on my forehead.
> Bill Dudley
> This email is free of malware because I run Linux.
> On Tue, Sep 4, 2018 at 10:41 AM, James B. Byrne <byrnejb at harte-lyne.ca>
>> On Tue, September 4, 2018 10:28, William Dudley wrote:
>> > my domain is not "casaMo.com", so all of your research is irrelevant.
>> drill casano.com txt
>> ;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 39400
>> ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>> ;; QUESTION SECTION:
>> ;; casano.com. IN TXT
>> ;; ANSWER SECTION:
>> ;; AUTHORITY SECTION:
>> ;; ADDITIONAL SECTION:
>> ;; Query time: 2 msec
>> ;; SERVER: 184.108.40.206
>> ;; WHEN: Tue Sep 4 10:30:40 2018
>> ;; MSG SIZE rcvd: 28
>> If your senders have from addresses like username at casano.com then I
>> believe that this is still a problem, if not the only one.
>> *** e-Mail is NOT a SECURE channel ***
>> Do NOT transmit sensitive data via e-Mail
>> Do NOT open attachments nor follow links sent by e-Mail
>> James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
>> Harte & Lyne Limited http://www.harte-lyne.ca
>> 9 Brockley Drive vox: +1 905 561 1241
>> Hamilton, Ontario fax: +1 905 561 0757
>> Canada L8E 3C3
More information about the freebsd-questions