DKIM is driving me nuts
William Dudley
wfdudley at gmail.com
Tue Sep 4 15:48:45 UTC 2018
I have decided to abandon this quest.
The intersection of DKIM and Mailman is a huge cluster f--k, and will not
be sorted out
any time soon, if ever.
Since I value the mailing lists I host, and am unwilling to stop those
services,
it makes sense to give up on DKIM.
DKIM doesn't solve any problems (except for one poor schmuck who has a ".
us.army.mil"
email address, that rejects all email without DKIM), I don't find DKIM
valuable
enough to fight with it any more.
Thanks to all for their suggestions. I have learned somethings, which was
the point,
after all.
Bill Dudley
This email is free of malware because I run Linux.
On Tue, Sep 4, 2018 at 11:32 AM, William Dudley <wfdudley at gmail.com> wrote:
> Zoneminder only lets me create a TXT record for machine names of
> the form "something.casano.com". Their "default" SPF record is attached
> to "*.casano.com". I created additional TXT SPF records for "
> dudley.casano.com"
> and "mail.casano.com", but that made no difference in the DKIM
> performance.
>
> dig -t txt '*.casano.com'
>
> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> -t txt *.casano.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22642
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;*.casano.com. IN TXT
>
> ;; ANSWER SECTION:
> *.casano.com. 21599 IN TXT "v=spf1 a mx -all"
>
> ;; Query time: 88 msec
> ;; SERVER: 8.8.8.8#53(8.8.8.8)
> ;; WHEN: Tue Sep 04 11:21:40 EDT 2018
> ;; MSG SIZE rcvd: 70
>
> Google is happy with my SPF records, all my emails to gmail pass SPF
> checks.
> Somehow, they know to lookup *.casano.com.
>
> The problem I'm having is that SOME of my DKIM mail passes the check,
> and some doesn't. The difference appears to be based on what MUA/client
> I use to send the email.
>
> Email sent using Thunderbird on another machine on my LAN passes DKIM
> checks.
> Emails sent using "mailx" or my mailman list server fail DKIM checks.
>
> For both the Thunderbird case and the mailx case, the "From:" field is "
> dud at casano.com",
> and yet in one case, DKIM passes, and in the other, it doesn't.
>
> Chris' assertion that the DKIM key is chosen based on the From: field is
> backed up by the man page for opendkim.conf(5), but there's a lot in the
> paragraphs on SigningTable and I'll be staring at that until little drops
> of blood
> appear on my forehead.
>
> Thanks,
> Bill Dudley
>
>
> This email is free of malware because I run Linux.
>
> On Tue, Sep 4, 2018 at 10:41 AM, James B. Byrne <byrnejb at harte-lyne.ca>
> wrote:
>
>>
>> On Tue, September 4, 2018 10:28, William Dudley wrote:
>> > my domain is not "casaMo.com", so all of your research is irrelevant.
>> >
>> drill casano.com txt
>> ;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 39400
>> ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>> ;; QUESTION SECTION:
>> ;; casano.com. IN TXT
>>
>> ;; ANSWER SECTION:
>>
>> ;; AUTHORITY SECTION:
>>
>> ;; ADDITIONAL SECTION:
>>
>> ;; Query time: 2 msec
>> ;; SERVER: 216.185.71.33
>> ;; WHEN: Tue Sep 4 10:30:40 2018
>> ;; MSG SIZE rcvd: 28
>>
>> If your senders have from addresses like username at casano.com then I
>> believe that this is still a problem, if not the only one.
>>
>> --
>> *** e-Mail is NOT a SECURE channel ***
>> Do NOT transmit sensitive data via e-Mail
>> Do NOT open attachments nor follow links sent by e-Mail
>>
>> James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
>> Harte & Lyne Limited http://www.harte-lyne.ca
>> 9 Brockley Drive vox: +1 905 561 1241
>> Hamilton, Ontario fax: +1 905 561 0757
>> Canada L8E 3C3
>>
>>
>
More information about the freebsd-questions
mailing list