DKIM is driving me nuts
wfdudley at gmail.com
Wed Sep 5 20:00:03 UTC 2018
No, this is not that case.
This is the simplest possible use-case:
type "Mail wfdudley at gmail.com" on the command line of my casano.com server
and send a simple one line email with DKIM signing turned on.
Google (and others) say the message fails DKIM "bad signature".
Send the identical message from Thunderbird, and the message passes DKIM
checks at the other end.
Something is different between using Mail/mailx and using Thunderbird,
and I've given up trying to figure out what.
The fact that the intersection of Mailman and DKIM requires more black-art
stuff just re-inforces my decision to give up on DKIM.
This email is free of malware because I run Linux.
On Wed, Sep 5, 2018 at 2:07 PM, John Levine <johnl at iecc.com> wrote:
> In article <CAFsnNZ+HXxrn7+3sYxWtBuA1+rCjvhbtrAg6Y5Tkm_icAte-fg@
> mail.gmail.com> you write:
> >1. It's "impossible" (read: "I'm not spending any more time on this") to
> >get DKIM
> >working with different MUAs. I can get it to work when I send email using
> >but not when I send email from the command line (mailx). "Works" means
> >that the
> >inserted DKIM headers pass the checks at the other end.
> If they're failing because it says "message has been modfied" that
> should be all the hint you need. Sendmail conflates submission and
> relay, and has a sometimes unfortunate tendency to helpfully clean up
> message headers on the way through, which of course breaks DKIM
> signatures. I haven't run sendmail in 20 years but as I recall there
> should be some way to run submitted mail through sendmail once to
> clean up the headers, then DKIM sign it, then send it along for relay.
> That's what everyone else does.
More information about the freebsd-questions