Date: Tue, 4 Sep 2018 11:48:43 -0400 From: William Dudley <wfdudley@gmail.com> To: "James B. Byrne" <byrnejb@harte-lyne.ca>, Chris Gordon <freebsd@theory14.net> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: DKIM is driving me nuts Message-ID: <CAFsnNZJ8em-FPE7z1bPhG3wQ7K8qk-Nq_m01Uqa4zzOzR6qbeQ@mail.gmail.com> In-Reply-To: <CAFsnNZ%2B%2B4xxgjiRa3t_RGV4cQ5hF7k8=p9HU87NHXfpQ6grPyg@mail.gmail.com> References: <mailman.104.1535976002.94972.freebsd-questions@freebsd.org> <2d9ca6fc33b9aa430233bc0862b65453.squirrel@webmail.harte-lyne.ca> <CAFsnNZ%2BiHrnQAzJPwj%2Bb8i4ML0c=dXOsn3UzhhyDrTB6EHn=hg@mail.gmail.com> <a57ff4870e5d68211e673a5383892017.squirrel@webmail.harte-lyne.ca> <CAFsnNZL-C%2B_VTw7YXvUeyM_BfiikZqgADo%2BS5KP_zpu7xcUvAg@mail.gmail.com> <47bf9a4f8499073f6b29bf7b29d82039.squirrel@webmail.harte-lyne.ca> <CAFsnNZ%2B%2B4xxgjiRa3t_RGV4cQ5hF7k8=p9HU87NHXfpQ6grPyg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I have decided to abandon this quest. The intersection of DKIM and Mailman is a huge cluster f--k, and will not be sorted out any time soon, if ever. Since I value the mailing lists I host, and am unwilling to stop those services, it makes sense to give up on DKIM. DKIM doesn't solve any problems (except for one poor schmuck who has a ". us.army.mil" email address, that rejects all email without DKIM), I don't find DKIM valuable enough to fight with it any more. Thanks to all for their suggestions. I have learned somethings, which was the point, after all. Bill Dudley This email is free of malware because I run Linux. On Tue, Sep 4, 2018 at 11:32 AM, William Dudley <wfdudley@gmail.com> wrote: > Zoneminder only lets me create a TXT record for machine names of > the form "something.casano.com". Their "default" SPF record is attached > to "*.casano.com". I created additional TXT SPF records for " > dudley.casano.com" > and "mail.casano.com", but that made no difference in the DKIM > performance. > > dig -t txt '*.casano.com' > > ; <<>> DiG 9.10.3-P4-Ubuntu <<>> -t txt *.casano.com > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22642 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 512 > ;; QUESTION SECTION: > ;*.casano.com. IN TXT > > ;; ANSWER SECTION: > *.casano.com. 21599 IN TXT "v=spf1 a mx -all" > > ;; Query time: 88 msec > ;; SERVER: 8.8.8.8#53(8.8.8.8) > ;; WHEN: Tue Sep 04 11:21:40 EDT 2018 > ;; MSG SIZE rcvd: 70 > > Google is happy with my SPF records, all my emails to gmail pass SPF > checks. > Somehow, they know to lookup *.casano.com. > > The problem I'm having is that SOME of my DKIM mail passes the check, > and some doesn't. The difference appears to be based on what MUA/client > I use to send the email. > > Email sent using Thunderbird on another machine on my LAN passes DKIM > checks. > Emails sent using "mailx" or my mailman list server fail DKIM checks. > > For both the Thunderbird case and the mailx case, the "From:" field is " > dud@casano.com", > and yet in one case, DKIM passes, and in the other, it doesn't. > > Chris' assertion that the DKIM key is chosen based on the From: field is > backed up by the man page for opendkim.conf(5), but there's a lot in the > paragraphs on SigningTable and I'll be staring at that until little drops > of blood > appear on my forehead. > > Thanks, > Bill Dudley > > > This email is free of malware because I run Linux. > > On Tue, Sep 4, 2018 at 10:41 AM, James B. Byrne <byrnejb@harte-lyne.ca> > wrote: > >> >> On Tue, September 4, 2018 10:28, William Dudley wrote: >> > my domain is not "casaMo.com", so all of your research is irrelevant. >> > >> drill casano.com txt >> ;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 39400 >> ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 >> ;; QUESTION SECTION: >> ;; casano.com. IN TXT >> >> ;; ANSWER SECTION: >> >> ;; AUTHORITY SECTION: >> >> ;; ADDITIONAL SECTION: >> >> ;; Query time: 2 msec >> ;; SERVER: 216.185.71.33 >> ;; WHEN: Tue Sep 4 10:30:40 2018 >> ;; MSG SIZE rcvd: 28 >> >> If your senders have from addresses like username@casano.com then I >> believe that this is still a problem, if not the only one. >> >> -- >> *** e-Mail is NOT a SECURE channel *** >> Do NOT transmit sensitive data via e-Mail >> Do NOT open attachments nor follow links sent by e-Mail >> >> James B. Byrne mailto:ByrneJB@Harte-Lyne.ca >> Harte & Lyne Limited http://www.harte-lyne.ca >> 9 Brockley Drive vox: +1 905 561 1241 >> Hamilton, Ontario fax: +1 905 561 0757 >> Canada L8E 3C3 >> >> >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFsnNZJ8em-FPE7z1bPhG3wQ7K8qk-Nq_m01Uqa4zzOzR6qbeQ>