From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1NU5J4-0004Ju-4W for garchives@archives.gentoo.org; Sun, 10 Jan 2010 21:26:42 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A9894E07AE; Sun, 10 Jan 2010 21:26:03 +0000 (UTC) Received: from genesis.genestate.com (unknown [212.21.116.18]) by pigeon.gentoo.org (Postfix) with ESMTP id 5BE1AE07AE for ; Sun, 10 Jan 2010 21:26:03 +0000 (UTC) Received: by genesis.genestate.com (Postfix, from userid 1000) id 81AFCA0AE; Sun, 10 Jan 2010 21:26:02 +0000 (GMT) Date: Sun, 10 Jan 2010 21:26:02 +0000 From: Matt Harrison To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] OT: amavis and DKIM verification Message-ID: <20100110212602.GA6296@genestate.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="d6Gm4EdcadzBjdND" Content-Disposition: inline X-Operating-System: Linux/2.6.27-gentoo-r8 (i686) X-Uptime: 1 day X-GPG-Key-ID: 0x177990AA X-GPG-Fingerprint: CAA7 F771 AACA DFF4 DA51 1A6F 746F AA31 1779 90AA User-Agent: Mutt/1.5.20 (2009-06-14) X-Archives-Salt: 824ea31e-ffb6-4625-b7f5-ebc33d933a37 X-Archives-Hash: 1d6365a164d18e91037655f130474378 --d6Gm4EdcadzBjdND Content-Type: text/plain; charset=us-ascii Content-Disposition: inline I say OT because it's my understanding of DKIM that lets me down here, not Gentoo. I'm just not sure who to ask or even if it could be something Gentoo related. I've recently updated my postfix home mail server to use amavis-new for virus and spam filtering rather than procmail/spamassassin. It seems to be working well and I've also enabled some other goodies like DKIM signing and verification. I haven't confirmed signing is working yet, so maybe a side effect of this email is that someone can confirm this for me ;) The main query I have is that a lot of the mail I get, in this case from various mailing lists, appears to failed DKIM verification. For example, several of the posters on this list are DKIM signing their mail either as part of gmail policy (or another big provider) or personal intent. Something in the region of 50% of signed mail on this list contains headers such as: Authentication-Results: genesis.genestate.com (amavisd-new); dkim=softfail (fail, message has been altered) header.i=@gmail.com Authentication-Results: genesis.genestate.com (amavisd-new); domainkeys=softfail (fail, message has been altered) header.from=xxxxxx@gmail.com Whereas the rest looks like this: Authentication-Results: genesis.genestate.com (amavisd-new); dkim=pass header.i=@gmail.com Authentication-Results: genesis.genestate.com (amavisd-new); domainkeys=pass header.from=xxxxxx@gmail.com Now I find it unreasonable to assume that 50% of the mail I receive is being actively tampered with, so it must be something getting twisted out of shape. All I'm trying to discover is whether it's something at my end that I need to fiddle with. I followed a few different guides to piece my setup together so it's quite possible I've overlooked or misconfigured something. If anyone knows about DKIM and might be able to shed a light on this, I'd love to hear. It's not a big problem, just a puzzle I'm interested in. Thanks Matt Harrison --d6Gm4EdcadzBjdND Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iEYEARECAAYFAktKReoACgkQdG+qMRd5kKoEOgCglmOZHJUTIlTYr6wVyaqbfO8c yrwAoIqLSY62XwvE/3fLZKiedXIDkD9T =msBJ -----END PGP SIGNATURE----- --d6Gm4EdcadzBjdND--