From owner-freebsd-questions@freebsd.org Wed Sep 5 20:00:03 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D3709FFB50E for ; Wed, 5 Sep 2018 20:00:02 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: from mail-yb1-xb30.google.com (mail-yb1-xb30.google.com [IPv6:2607:f8b0:4864:20::b30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6B903709C7 for ; Wed, 5 Sep 2018 20:00:02 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: by mail-yb1-xb30.google.com with SMTP id y20-v6so3179807ybi.13 for ; Wed, 05 Sep 2018 13:00:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=7ddfVqoTB7u/6+iqimaIYvPHEJl1TIndlVbq96TuUo0=; b=Ld2lbpYG1UEblUezC5OYluFP4pegwdF2UGuZXwxhEO5n2ftqROQ2H0AbgiuLX2Dtja yLgqjTPKjqdvlr1VRys8bEYnfGa4sL9VRBRmrNnVsgym/vO5lfhu+AtAko0Mv6fuXT6P 7F6hcpIsL8bJBpxlSn3I597Dg3ISLbDdspVnh601QKuLwIzdgPX+WEGdBKZEdqodBlRx tFAJTwUHzc7xUqktaD52BRbgC0KlAXRZPr2j740f6BvlwIIzhEDWHMtqTP1pr+uK5IKI nl/eHksgwwiIFVfx8XCJlFsXG0Z9vKLWWETzKNaUleOYP5EhTxe5KYGMyDZQVJNlmN4A zt/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=7ddfVqoTB7u/6+iqimaIYvPHEJl1TIndlVbq96TuUo0=; b=SFanaz5wK8OZ+IMeCFvtfNDg7qt7R4cuEOh+O+QeSRsWs+AfT1TPRa6QXqPZbD+Hgl LFsN380IgcJL1ccNbYUWxH4y/e4MCtlIJ7dNO3CfHeX8ZI/Gf1RQrbkycl29VYYUtz1u 4JjopszSU3ODvWfWaCF5UTf4E7S+IsEG11wPmAwcZgihdEz8vNFJOGKGrUvRfD8QQ0S9 0TpgwIjqOJGIYqcr51N5g1cL5TIrwhNUvRCnspTuS+FyhaySl12nmYVDnug7VS3VQM14 7ntHlQJQ3yqTfm05K+JSH4bD6zfnzNu9XFZoELsdS1arA515vV8a7KlWyl5HxmNHGkuc iYZQ== X-Gm-Message-State: APzg51BEk7LxXF6OD+IzaAViOPRng3s1FK0PdGPxfE8lYueSS69zrh3V NjoZDXi2KatIduJOC5xoJrxklIgI3OPVg57QTL8Y4g== X-Google-Smtp-Source: ANB0Vda0sGaVJACdnMGWZdfRypHX2Fph02s+c9zTlaIjyQnLyAojcDzcEsbP76M9qfrajcGnk61y3hIdi3EBplxpZmM= X-Received: by 2002:a5b:c41:: with SMTP id d1-v6mr22065455ybr.136.1536177601790; Wed, 05 Sep 2018 13:00:01 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:aa33:0:0:0:0:0 with HTTP; Wed, 5 Sep 2018 13:00:01 -0700 (PDT) In-Reply-To: <20180905180704.89453200414382@ary.local> References: <20180905180704.89453200414382@ary.local> From: William Dudley Date: Wed, 5 Sep 2018 16:00:01 -0400 Message-ID: Subject: Re: DKIM is driving me nuts To: John Levine Cc: freebsd-questions Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Sep 2018 20:00:03 -0000 No, this is not that case. This is the simplest possible use-case: type "Mail wfdudley@gmail.com" on the command line of my casano.com server and send a simple one line email with DKIM signing turned on. Google (and others) say the message fails DKIM "bad signature". Send the identical message from Thunderbird, and the message passes DKIM checks at the other end. Something is different between using Mail/mailx and using Thunderbird, and I've given up trying to figure out what. The fact that the intersection of Mailman and DKIM requires more black-art stuff just re-inforces my decision to give up on DKIM. Thanks, Bill Dudley This email is free of malware because I run Linux. On Wed, Sep 5, 2018 at 2:07 PM, John Levine wrote: > In article mail.gmail.com> you write: > >1. It's "impossible" (read: "I'm not spending any more time on this") to > >get DKIM > >working with different MUAs. I can get it to work when I send email using > >Thunderbird, > >but not when I send email from the command line (mailx). "Works" means > >that the > >inserted DKIM headers pass the checks at the other end. > > If they're failing because it says "message has been modfied" that > should be all the hint you need. Sendmail conflates submission and > relay, and has a sometimes unfortunate tendency to helpfully clean up > message headers on the way through, which of course breaks DKIM > signatures. I haven't run sendmail in 20 years but as I recall there > should be some way to run submitted mail through sendmail once to > clean up the headers, then DKIM sign it, then send it along for relay. > That's what everyone else does. > > R's, > John >