Date: Mon, 3 Sep 2018 15:34:30 -0400 From: William Dudley <wfdudley@gmail.com> To: "James B. Byrne" <byrnejb@harte-lyne.ca>, freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: DKIM is driving me nuts Message-ID: <CAFsnNZ%2BiHrnQAzJPwj%2Bb8i4ML0c=dXOsn3UzhhyDrTB6EHn=hg@mail.gmail.com> In-Reply-To: <2d9ca6fc33b9aa430233bc0862b65453.squirrel@webmail.harte-lyne.ca> References: <mailman.104.1535976002.94972.freebsd-questions@freebsd.org> <2d9ca6fc33b9aa430233bc0862b65453.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
I have an SPF record. That is not the problem. The problem is that the server has three names: casano.com mail.casano.com dudley.casano.com and I cannot figure out how opendkim chooses which key to use to sign emails. Does it look at Message-Id? Does it look at Reply-to: (unlikely) ? Whatever field it uses, changes depending on if I use Thunderbird, Mail (mailx), or the mailman listserve to send the email. Thanks, Bill Dudley This email is free of malware because I run Linux. On Mon, Sep 3, 2018 at 3:03 PM, James B. Byrne <byrnejb@harte-lyne.ca> wrote: > > On Sun, September 2, 2018 19:06, William Dudley wrote: > > I'm trying to make DKIM work on my FreeBSD 10.3, stock sendmail > > system. > > Since I don't know if the problem is sendmail or opendkim or DNS or > > what, I'm asking here. > > > > You need a sender policy framework specification in your dns for the > domains you wish secured. You do not put the keys in this, just the > policy version, the authorised hosts, and the disposal option. > > Ours is: > > harte-lyne.ca. 172800 IN TXT > "v=spf1 ip4:209.47.176.16/26 ip4:216.185.71.0/26 > ip4:216.185.71.128/26 -all" > > The ~all at the end is called a soft fail. It means that recipients > may accept mail from another server, but that the sender should be > viewed with suspicion. If you change the disposal option to -all you > are directing the recipient to reject mail from any server other than > these. The soft fail approach is safer and recommended. > > If you employ dkim without a dns entry for your sender policy > framework, or with invalid SPF or multiple SPF dns records, then the > correct behaviour is to reject all mail from the sender since the > policy cannot be determined. > > -- > *** e-Mail is NOT a SECURE channel *** > Do NOT transmit sensitive data via e-Mail > Do NOT open attachments nor follow links sent by e-Mail > > James B. Byrne mailto:ByrneJB@Harte-Lyne.ca > Harte & Lyne Limited http://www.harte-lyne.ca > 9 Brockley Drive vox: +1 905 561 1241 > Hamilton, Ontario fax: +1 905 561 0757 > Canada L8E 3C3 > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFsnNZ%2BiHrnQAzJPwj%2Bb8i4ML0c=dXOsn3UzhhyDrTB6EHn=hg>