From owner-freebsd-questions@freebsd.org Mon Sep 3 19:34:31 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A80DAFF3F25 for ; Mon, 3 Sep 2018 19:34:31 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: from mail-yb1-xb29.google.com (mail-yb1-xb29.google.com [IPv6:2607:f8b0:4864:20::b29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 484E07385E for ; Mon, 3 Sep 2018 19:34:31 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: by mail-yb1-xb29.google.com with SMTP id t71-v6so492880ybi.7 for ; Mon, 03 Sep 2018 12:34:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=D1+7Gla5LUSCkqj29qKkN9vx4n7ZazLd8LuAKtvA0IM=; b=hnnokqG6K7efV5iNrsuqneo+lyu+0MwIpHem3MY6VdAdwI3j8BXA3H6wjJTkIPVVZC n7+X8Gyh/5Qoy52sgaktMnjexA1wBkN73NYGDfIJ9sgFzsIKDe+Hwaw+dH/phg84enrc dOqiqbEmBr0xU7v/tQ5a8IRc1lKE7SBOCiE5tRHSo4Lns79i84mKY587Nmd/wIEFsIMI a9tT2SZfpvMZFSp3/FghZigha2cmg+R+xj3em0bRNXGQHMrYTYxL6ANp7xUtwHQCRZt7 pHkwCV4jAn25ZY2hhVqOy7oLhkbjCFVXk0j7cBJH2YAL8OyqQ8pS5Qg/MgK6izCWvxW2 G1vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=D1+7Gla5LUSCkqj29qKkN9vx4n7ZazLd8LuAKtvA0IM=; b=e/DGTdETzLgd8ouy1X5yW4nj+lMV2TVfl1WWnR/L7bSswaSq106ybFBZp9UySwES7k IGM59edXsKvNIsl7eJ7rjkosMd6phtFEhX5ouRv8nZ7p1UR4QvCDLG0pamrdL8Mgp4Po zALW7DlqQbmuHiQJam+2nRPOrrS37dW9i/Ab4UkOZaiUXkSVOmJnVjC5HaQZnywQvaH1 6LQCFDJruu/TJf49ejjEyvGrRAR5xshoe/l2EBpjLyM+zWV2QVpPqQyK/Vz4LwZIgMbd UZPTu74GCMezQPjBm7kld2nHD5LaW/3dZ/F5D6APbQ7wTYVGEXh84znAX3zxTShFGuCx eLNQ== X-Gm-Message-State: APzg51BlekNbUcXuw/axxlsB1aYrzmWksKJoQqapKaOlv9b/lfpL12II FY73lgYWjeId5yZdaK8hd3J3gpq0MduOtJ/8kF/pgg== X-Google-Smtp-Source: ANB0VdZuqfrdin+lG1kU43rE9hfYolGI/ZPrX3wVIsrZ4aw6/TPt6Q40sJV2cWewMmJXlBwj2QQIaWS5x03jOpAKuJE= X-Received: by 2002:a25:e03:: with SMTP id 3-v6mr16476767ybo.456.1536003270612; Mon, 03 Sep 2018 12:34:30 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:2682:0:0:0:0:0 with HTTP; Mon, 3 Sep 2018 12:34:30 -0700 (PDT) In-Reply-To: <2d9ca6fc33b9aa430233bc0862b65453.squirrel@webmail.harte-lyne.ca> References: <2d9ca6fc33b9aa430233bc0862b65453.squirrel@webmail.harte-lyne.ca> From: William Dudley Date: Mon, 3 Sep 2018 15:34:30 -0400 Message-ID: Subject: Re: DKIM is driving me nuts To: "James B. Byrne" , freebsd-questions Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Sep 2018 19:34:31 -0000 I have an SPF record. That is not the problem. The problem is that the server has three names: casano.com mail.casano.com dudley.casano.com and I cannot figure out how opendkim chooses which key to use to sign emails. Does it look at Message-Id? Does it look at Reply-to: (unlikely) ? Whatever field it uses, changes depending on if I use Thunderbird, Mail (mailx), or the mailman listserve to send the email. Thanks, Bill Dudley This email is free of malware because I run Linux. On Mon, Sep 3, 2018 at 3:03 PM, James B. Byrne wrote: > > On Sun, September 2, 2018 19:06, William Dudley wrote: > > I'm trying to make DKIM work on my FreeBSD 10.3, stock sendmail > > system. > > Since I don't know if the problem is sendmail or opendkim or DNS or > > what, I'm asking here. > > > > You need a sender policy framework specification in your dns for the > domains you wish secured. You do not put the keys in this, just the > policy version, the authorised hosts, and the disposal option. > > Ours is: > > harte-lyne.ca. 172800 IN TXT > "v=spf1 ip4:209.47.176.16/26 ip4:216.185.71.0/26 > ip4:216.185.71.128/26 -all" > > The ~all at the end is called a soft fail. It means that recipients > may accept mail from another server, but that the sender should be > viewed with suspicion. If you change the disposal option to -all you > are directing the recipient to reject mail from any server other than > these. The soft fail approach is safer and recommended. > > If you employ dkim without a dns entry for your sender policy > framework, or with invalid SPF or multiple SPF dns records, then the > correct behaviour is to reject all mail from the sender since the > policy cannot be determined. > > -- > *** e-Mail is NOT a SECURE channel *** > Do NOT transmit sensitive data via e-Mail > Do NOT open attachments nor follow links sent by e-Mail > > James B. Byrne mailto:ByrneJB@Harte-Lyne.ca > Harte & Lyne Limited http://www.harte-lyne.ca > 9 Brockley Drive vox: +1 905 561 1241 > Hamilton, Ontario fax: +1 905 561 0757 > Canada L8E 3C3 > >