From owner-freebsd-questions@freebsd.org Tue Sep 4 15:32:12 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1FED4FF2B76 for ; Tue, 4 Sep 2018 15:32:12 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: from mail-yw1-xc2e.google.com (mail-yw1-xc2e.google.com [IPv6:2607:f8b0:4864:20::c2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AC7107417A for ; Tue, 4 Sep 2018 15:32:11 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: by mail-yw1-xc2e.google.com with SMTP id n207-v6so1406318ywn.9 for ; Tue, 04 Sep 2018 08:32:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Dzj5g9ZUbXXRjWFE8wtjqsrY59oKncmGXUvOUlNOASI=; b=QnCrYONIW8KGj75baWYJKerRS0QGB7d+D1zEY1F782inQtN87LI0DMc2JMImWk9PhW wzeaMuRqjbL5nhhmQSIlb2FL/HScUuG+a/mKddwGLPNOViRP4MLU4uf2K0aKD1IV4+3l ER+U/5cuCVnTv+dBoTaJ9JSOPbZRBr9BYOj/5JBXxgbw5gqXq4FzX/iBVw8eKl98YkaU 3dboj5F0r8O1gekAbw5EckkdUARljSVlvGo7AGmjALY6kekTKHQpN2gqpO5Mbf1JjWiq oUwUBbRzCGuhNf+Z78ijU3UgQ+LQL3UiaBh27F4hU3Bq2N0QfZ5GLjKFC3+wN/QxL+Sn N5Tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Dzj5g9ZUbXXRjWFE8wtjqsrY59oKncmGXUvOUlNOASI=; b=GYlyJyvsOgHLB+Ks47zBcCReKfFB3CFPnYvuqP7CR4v5rmj4o7CXV9PdWockkS9ynH /orFAEmgGFdfTRHLkQw0SbaeRNS7fXA9Or04UEmK6iNuoMMks1pzqNoLbrbHNnDqRCca UVFrJES0cXlAP+2R/L5vFAFrvEQC+4Y1Va0zFrWK2J5WIuLW8i3NXrVWx1SsryLV7mQx 8sDxnZ3AAM36sfjM6r1xR+9UgrrK5dihoNOnLr5w9JNKTDV/VPaZ3Arb7W8Md8ORSUVB h1O8EJoGJtiwremoMWwDWYu/hSiLZaqw8+QziGWF8c8F9fofVsOZJGkWEADBbA40MK5G 6fPg== X-Gm-Message-State: APzg51A6qH/7k5Y61WFm2khVd206NMnSHqgymkhugw4Q9Uo1RpHKcnSy K1ZZWVR1gzw48gNaEM/ZjjpjKqRyZBUVZWLzgqjw2fwg X-Google-Smtp-Source: ANB0VdboX53aL4F2/mDf7LXA4UEFaEw4A0Z4EB/3KhUcKImtZdaHL38otKdOv9XOsHZrO9ndGqsNpd0JXoRGapL81AA= X-Received: by 2002:a81:530a:: with SMTP id h10-v6mr13481917ywb.411.1536075131072; Tue, 04 Sep 2018 08:32:11 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:2682:0:0:0:0:0 with HTTP; Tue, 4 Sep 2018 08:32:10 -0700 (PDT) In-Reply-To: <47bf9a4f8499073f6b29bf7b29d82039.squirrel@webmail.harte-lyne.ca> References: <2d9ca6fc33b9aa430233bc0862b65453.squirrel@webmail.harte-lyne.ca> <47bf9a4f8499073f6b29bf7b29d82039.squirrel@webmail.harte-lyne.ca> From: William Dudley Date: Tue, 4 Sep 2018 11:32:10 -0400 Message-ID: Subject: Re: DKIM is driving me nuts To: "James B. Byrne" , Chris Gordon Cc: freebsd-questions Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Sep 2018 15:32:12 -0000 Zoneminder only lets me create a TXT record for machine names of the form "something.casano.com". Their "default" SPF record is attached to "*.casano.com". I created additional TXT SPF records for " dudley.casano.com" and "mail.casano.com", but that made no difference in the DKIM performance. dig -t txt '*.casano.com' ; <<>> DiG 9.10.3-P4-Ubuntu <<>> -t txt *.casano.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22642 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;*.casano.com. IN TXT ;; ANSWER SECTION: *.casano.com. 21599 IN TXT "v=spf1 a mx -all" ;; Query time: 88 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Sep 04 11:21:40 EDT 2018 ;; MSG SIZE rcvd: 70 Google is happy with my SPF records, all my emails to gmail pass SPF checks. Somehow, they know to lookup *.casano.com. The problem I'm having is that SOME of my DKIM mail passes the check, and some doesn't. The difference appears to be based on what MUA/client I use to send the email. Email sent using Thunderbird on another machine on my LAN passes DKIM checks. Emails sent using "mailx" or my mailman list server fail DKIM checks. For both the Thunderbird case and the mailx case, the "From:" field is " dud@casano.com", and yet in one case, DKIM passes, and in the other, it doesn't. Chris' assertion that the DKIM key is chosen based on the From: field is backed up by the man page for opendkim.conf(5), but there's a lot in the paragraphs on SigningTable and I'll be staring at that until little drops of blood appear on my forehead. Thanks, Bill Dudley This email is free of malware because I run Linux. On Tue, Sep 4, 2018 at 10:41 AM, James B. Byrne wrote: > > On Tue, September 4, 2018 10:28, William Dudley wrote: > > my domain is not "casaMo.com", so all of your research is irrelevant. > > > drill casano.com txt > ;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 39400 > ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > ;; QUESTION SECTION: > ;; casano.com. IN TXT > > ;; ANSWER SECTION: > > ;; AUTHORITY SECTION: > > ;; ADDITIONAL SECTION: > > ;; Query time: 2 msec > ;; SERVER: 216.185.71.33 > ;; WHEN: Tue Sep 4 10:30:40 2018 > ;; MSG SIZE rcvd: 28 > > If your senders have from addresses like username@casano.com then I > believe that this is still a problem, if not the only one. > > -- > *** e-Mail is NOT a SECURE channel *** > Do NOT transmit sensitive data via e-Mail > Do NOT open attachments nor follow links sent by e-Mail > > James B. Byrne mailto:ByrneJB@Harte-Lyne.ca > Harte & Lyne Limited http://www.harte-lyne.ca > 9 Brockley Drive vox: +1 905 561 1241 > Hamilton, Ontario fax: +1 905 561 0757 > Canada L8E 3C3 > >