postfix + mailman + dkimproxy

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

postfix + mailman + dkimproxy

Bob001
Hello there,
Can someone help me on this issue?
 
mailing list has two types of email members.
 
1. Email addresses on the same server where postfix, mailman, dkimproxy lives.
2. Email addresses on gmail/yahoo etc.
 
 
Now, whenever email goes to mailing list from type 1 users (whose email address is on same server), it says dkim=pass.
 
However, whever there is an email from type 2 users (gmail/yahoo account holders) to the mailinst list, it says dkim=fail.
 
 
Why would it not accept email as valid when it is coming from outside domain.
 
What should I change to have them treated equally?
 
 
Looks for some guidance on this complex issue.
 
- Regards,
Bob.
 
 
Reply | Threaded
Open this post in threaded view
|

Re: postfix + mailman + dkimproxy

Victor Duchovni
On Fri, Jun 20, 2008 at 11:15:38PM -0700, bob 001 wrote:

> However, whever there is an email from type 2 users (gmail/yahoo account
> holders) to the mailinst list, it says dkim=fail.

Does your list manager append a footer to list posts? Don't do that!
You may add "List-Help" and related headers, but don't modify the
message body.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: postfix + mailman + dkimproxy

Bob001
Thanks Viktor,
No, we are not adding anything and have completely disabled personalization too.
 
In fact, if I send emails from any account on same server where same mailing list and postfix resides, it doesn't have any broken key issue at all.
This confirms that there is no issue with mailman by itself since mailman will treat both email accounts in similar way..
 
It is only breaking for non-localhost email accounts.
 
Regards,
Bob.

On Sat, Jun 21, 2008 at 7:12 AM, Victor Duchovni <[hidden email]> wrote:
On Fri, Jun 20, 2008 at 11:15:38PM -0700, bob 001 wrote:

> However, whever there is an email from type 2 users (gmail/yahoo account
> holders) to the mailinst list, it says dkim=fail.

Does your list manager append a footer to list posts? Don't do that!
You may add "List-Help" and related headers, but don't modify the
message body.

--
       Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Reply | Threaded
Open this post in threaded view
|

Re: postfix + mailman + dkimproxy

mouss-2
bob 001 wrote:

> Thanks Viktor,
> No, we are not adding anything and have completely disabled personalization
> too.
>
> In fact, if I send emails from any account on same server where same mailing
> list and postfix resides, it doesn't have any broken key issue at all.
> This confirms that there is no issue with mailman by itself since mailman
> will treat both email accounts in similar way..
>
> It is only breaking for non-localhost email accounts.
>  

you don't re-sign such messages, do you?

can you post an example of a "borken sig" message (full unaltered
headers and body. use a test account and a test message possibly with a
test list, and post the copy you get on a server you manage, not on
gmail or yahoo).
Reply | Threaded
Open this post in threaded view
|

Re: postfix + mailman + dkimproxy

Bob001
Thanks Mouss. Yes..it looks it might be getting re-signed. How can we stop resigning, if the message is already signed?
Or is there a way to not to sign all messages that comes from outside domain and goes back to outside domains via mailist list?
 
here goes the details :-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Message 3:
From [hidden email]  Sat Jun 21 22:35:33 2008
X-Original-To: [hidden email]
X-Original-To: [hidden email]
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
        :subject:mime-version:content-type;
        bh=oF6FjeyeL+iWoPkeREOJ1XrwCDfDzSQEYNG6kgeLeII=;
        b=fwFL8rgMgaCjd+vyh68+QWXmwpC56lXPqjglnMimQsJFjKzD4gQcVyMyq/p0V1JYAL
        iEaJ6WLUclmbBur8HSvuZD36KLbv8YnnhT0EgCHZ4AraJ15ARKQjKBhlZYoTT9UVMN5t
        I8zbudR4+5Y94fuH+3C135BIh0JA0PKSoHQSM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:mime-version:content-type;
        b=rCqvisVdog92fMzi0N9u6cOndNbZwUWoM1r6yd8obstMeikSFpqu/ZgQTUpfiFsUN7
        b1DG4mOEGwtXxxeL/1yTh8B+LAMNY4nPZ98Yl3YdLodrniopI3lckoLvJ7nvlQfqgOWA
        NigK6Ez3iZxWfOWV/tmyd10874eGU0DrGC588=
Date: Sat, 21 Jun 2008 22:35:48 -0700
From: "tst chk" <[hidden email]>
To: [hidden email]
Subject: Testing_subject
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="----=_Part_2562_1896106.1214112948630"
X-BeenThere: [hidden email]
X-Mailman-Version: 2.1.10
Precedence: list
List-Id: <testlist.ageoftruth.org>
List-Unsubscribe: <http://ageoftruth.org/mailman/options/testlist>,
        <[hidden email]>
List-Archive: <http://ageoftruth.org/pipermail/testlist>
List-Post: <[hidden email]>
List-Help: <[hidden email]>
List-Subscribe: <http://ageoftruth.org/mailman/listinfo/testlist>,
        <[hidden email]>
Sender: [hidden email]
Errors-To: [hidden email]
------=_Part_2562_1896106.1214112948630
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Testing_Body
------=_Part_2562_1896106.1214112948630
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Testing_Body<br><br>
------=_Part_2562_1896106.1214112948630--
~~~~~~~~~~~~~~~~~~~~~~~~~~

Thanks for helping out.
- Regards,
Bob.

 
On Sat, Jun 21, 2008 at 4:31 PM, mouss <[hidden email]> wrote:
bob 001 wrote:
Thanks Viktor,
No, we are not adding anything and have completely disabled personalization
too.

In fact, if I send emails from any account on same server where same mailing
list and postfix resides, it doesn't have any broken key issue at all.
This confirms that there is no issue with mailman by itself since mailman
will treat both email accounts in similar way..

It is only breaking for non-localhost email accounts.
 

you don't re-sign such messages, do you?

can you post an example of a "borken sig" message (full unaltered headers and body. use a test account and a test message possibly with a test list, and post the copy you get on a server you manage, not on gmail or yahoo).