From owner-freebsd-questions@freebsd.org  Wed Sep  5 18:07:07 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1BAD2FF89FF
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Wed,  5 Sep 2018 18:07:07 +0000 (UTC) (envelope-from johnl@iecc.com)
Received: from gal.iecc.com (gal.iecc.com
 [IPv6:2001:470:1f07:1126:0:43:6f73:7461])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "gal.iecc.com", Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 96A168C984
 for <freebsd-questions@freebsd.org>; Wed,  5 Sep 2018 18:07:06 +0000 (UTC)
 (envelope-from johnl@iecc.com)
Received: (qmail 78724 invoked from network); 5 Sep 2018 18:07:05 -0000
Received: from ary.local ([IPv6:2001:470:1f07:1126::78:696d:6170])
 by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170])
 with ESMTP via TCP6; 05 Sep 2018 18:07:04 -0000
Received: by ary.local (Postfix, from userid 501)
 id 89453200414382; Wed,  5 Sep 2018 20:07:04 +0200 (CEST)
Date: 5 Sep 2018 20:07:04 +0200
Message-Id: <20180905180704.89453200414382@ary.local>
From: "John Levine" <johnl@iecc.com>
To: freebsd-questions@freebsd.org
Cc: wfdudley@gmail.com
Subject: Re: DKIM is driving me nuts
In-Reply-To: <CAFsnNZ+HXxrn7+3sYxWtBuA1+rCjvhbtrAg6Y5Tkm_icAte-fg@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Sep 2018 18:07:07 -0000

In article <CAFsnNZ+HXxrn7+3sYxWtBuA1+rCjvhbtrAg6Y5Tkm_icAte-fg@mail.gmail.com> you write:
>1. It's "impossible" (read: "I'm not spending any more time on this") to
>get DKIM
>working with different MUAs.  I can get it to work when I send email using
>Thunderbird,
>but not when I send email from the command line (mailx).  "Works" means
>that the
>inserted DKIM headers pass the checks at the other end.

If they're failing because it says "message has been modfied" that
should be all the hint you need.  Sendmail conflates submission and
relay, and has a sometimes unfortunate tendency to helpfully clean up
message headers on the way through, which of course breaks DKIM
signatures.  I haven't run sendmail in 20 years but as I recall there
should be some way to run submitted mail through sendmail once to
clean up the headers, then DKIM sign it, then send it along for relay.
That's what everyone else does.

R's,
John