Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 4 Sep 2018 11:48:43 -0400
From:      William Dudley <wfdudley@gmail.com>
To:        "James B. Byrne" <byrnejb@harte-lyne.ca>, Chris Gordon <freebsd@theory14.net>
Cc:        freebsd-questions <freebsd-questions@freebsd.org>
Subject:   Re: DKIM is driving me nuts
Message-ID:  <CAFsnNZJ8em-FPE7z1bPhG3wQ7K8qk-Nq_m01Uqa4zzOzR6qbeQ@mail.gmail.com>
In-Reply-To: <CAFsnNZ++4xxgjiRa3t_RGV4cQ5hF7k8=p9HU87NHXfpQ6grPyg@mail.gmail.com>
References:  <mailman.104.1535976002.94972.freebsd-questions@freebsd.org> <2d9ca6fc33b9aa430233bc0862b65453.squirrel@webmail.harte-lyne.ca> <CAFsnNZ+iHrnQAzJPwj+b8i4ML0c=dXOsn3UzhhyDrTB6EHn=hg@mail.gmail.com> <a57ff4870e5d68211e673a5383892017.squirrel@webmail.harte-lyne.ca> <CAFsnNZL-C+_VTw7YXvUeyM_BfiikZqgADo+S5KP_zpu7xcUvAg@mail.gmail.com> <47bf9a4f8499073f6b29bf7b29d82039.squirrel@webmail.harte-lyne.ca> <CAFsnNZ++4xxgjiRa3t_RGV4cQ5hF7k8=p9HU87NHXfpQ6grPyg@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
I have decided to abandon this quest.

The intersection of DKIM and Mailman is a huge cluster f--k, and will not
be sorted out
any time soon, if ever.

Since I value the mailing lists I host, and am unwilling to stop those
services,
it makes sense to give up on DKIM.

DKIM doesn't solve any problems (except for one poor schmuck who has a ".
us.army.mil"
email address, that rejects all email without DKIM), I don't find DKIM
valuable
enough to fight with it any more.

Thanks to all for their suggestions.  I have learned somethings, which was
the point,
after all.

Bill Dudley


This email is free of malware because I run Linux.

On Tue, Sep 4, 2018 at 11:32 AM, William Dudley <wfdudley@gmail.com> wrote:

> Zoneminder only lets me create a TXT record for machine names of
> the form "something.casano.com".  Their "default" SPF record is attached
> to "*.casano.com".  I created additional TXT SPF records for "
> dudley.casano.com"
> and "mail.casano.com", but that made no difference in the DKIM
> performance.
>
> dig -t txt '*.casano.com'
>
> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> -t txt *.casano.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22642
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;*.casano.com.                  IN      TXT
>
> ;; ANSWER SECTION:
> *.casano.com.           21599   IN      TXT     "v=spf1 a mx -all"
>
> ;; Query time: 88 msec
> ;; SERVER: 8.8.8.8#53(8.8.8.8)
> ;; WHEN: Tue Sep 04 11:21:40 EDT 2018
> ;; MSG SIZE  rcvd: 70
>
> Google is happy with my SPF records, all my emails to gmail pass SPF
> checks.
> Somehow, they know to lookup *.casano.com.
>
> The problem I'm having is that SOME of my DKIM mail passes the check,
> and some doesn't.  The difference appears to be based on what MUA/client
> I use to send the email.
>
> Email sent using Thunderbird on another machine on my LAN passes DKIM
> checks.
> Emails sent using "mailx" or my mailman list server fail DKIM checks.
>
> For both the Thunderbird case and the mailx case, the "From:" field is "
> dud@casano.com",
> and yet in one case, DKIM passes, and in the other, it doesn't.
>
> Chris' assertion that the DKIM key is chosen based on the From: field is
> backed up by the man page for opendkim.conf(5), but there's a lot in the
> paragraphs on SigningTable and I'll be staring at that until little drops
> of blood
> appear on my forehead.
>
> Thanks,
> Bill Dudley
>
>
> This email is free of malware because I run Linux.
>
> On Tue, Sep 4, 2018 at 10:41 AM, James B. Byrne <byrnejb@harte-lyne.ca>
> wrote:
>
>>
>> On Tue, September 4, 2018 10:28, William Dudley wrote:
>> > my domain is not "casaMo.com", so all of your research is irrelevant.
>> >
>> drill casano.com txt
>> ;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 39400
>> ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>> ;; QUESTION SECTION:
>> ;; casano.com.  IN      TXT
>>
>> ;; ANSWER SECTION:
>>
>> ;; AUTHORITY SECTION:
>>
>> ;; ADDITIONAL SECTION:
>>
>> ;; Query time: 2 msec
>> ;; SERVER: 216.185.71.33
>> ;; WHEN: Tue Sep  4 10:30:40 2018
>> ;; MSG SIZE  rcvd: 28
>>
>> If your senders have from addresses like username@casano.com then I
>> believe that this is still a problem, if not the only one.
>>
>> --
>> ***          e-Mail is NOT a SECURE channel          ***
>>         Do NOT transmit sensitive data via e-Mail
>>  Do NOT open attachments nor follow links sent by e-Mail
>>
>> James B. Byrne                mailto:ByrneJB@Harte-Lyne.ca
>> Harte & Lyne Limited          http://www.harte-lyne.ca
>> 9 Brockley Drive              vox: +1 905 561 1241
>> Hamilton, Ontario             fax: +1 905 561 0757
>> Canada  L8E 3C3
>>
>>
>



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?CAFsnNZJ8em-FPE7z1bPhG3wQ7K8qk-Nq_m01Uqa4zzOzR6qbeQ>