From owner-freebsd-questions@freebsd.org Tue Sep 4 15:48:45 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F105AFF303D for ; Tue, 4 Sep 2018 15:48:44 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: from mail-yw1-xc2a.google.com (mail-yw1-xc2a.google.com [IPv6:2607:f8b0:4864:20::c2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8A9DD748E2 for ; Tue, 4 Sep 2018 15:48:44 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: by mail-yw1-xc2a.google.com with SMTP id 14-v6so1440757ywe.2 for ; Tue, 04 Sep 2018 08:48:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=mQwxPXyQ5PK1SoVBBH6QxQP+eFsFY48X6VgJWsRj/2c=; b=mHR0jw2/veh/AVDhmzQKPQeyG1hkRj/X1z8kAwfonT4qeDfXpQ2KAeq5mDWCB4sq8/ nBC5kVIQoIfr188UU9w99yJpyIkO4VvNC1rwxPUURN9pC8Ei8I68vmJb84vVQEvG6sj0 Hg54bTZNJ1DWWf2WwOStVM+wmdXGissKp81Tk92SIFhGQLAIDcTbGbHMR/5DSjyPmNqG cluDHhyAS2Lbznd1O3jihicyFfghkqBMZNWUM7FW0zFQh0qHBQ/3w7aaf9q2NNtyruqD buf9ulrghi5l9CTFfGVIAM5thCyt5uUP1Rg0j0c69PHZJj/2j2qnGOF5iFkmgoLo+GMd eWsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=mQwxPXyQ5PK1SoVBBH6QxQP+eFsFY48X6VgJWsRj/2c=; b=URAcjXeuyVwWOJweGD3rs3ZtOUqWkiNLqZyXHo8GPVU4XZhapXVfMZCp0reFtfq1lV l6WT7d0eeEQteJIYEatzjJ8BCZSlmS2HBw+Vyh/m4HdSThhJkVDuOLnIeR+Tajwc0nwM eX7QDLSDko+vKdS8eG9oExRPGsRkrJNxgWeaQUy5vbo35yUpRE6Ht7cJ42oa7qoEGSip vh9/XffApMBVqyUa5fRM/iJDXU0nVHGk0TIIyrzE6vDeX1QslYRm/OaAH5krOxDj6lMR zTjavIjgXIJyz1vsQjvgHi2ft+ilUR19Mxb2TzReZPjhMIPxoRBtobgvDw4S0LJ5kOYQ mQNQ== X-Gm-Message-State: APzg51A8rxd3t8C44ETewlCSYEr+yULbwTwysHKrWNk753OAcmzi4byK lQyM/4bTPJBPydcwBSBKNFG38M1JKDqZxdJyzRY= X-Google-Smtp-Source: ANB0VdayvAqo8pVUa6g1IINfSJ9TXNiSl+FuWmW/dgwSlD/7nHX7qRm1s2xs0hgMg1mU9EkW32pUN+aBBxgRAULf0UU= X-Received: by 2002:a81:de07:: with SMTP id k7-v6mr19034153ywj.335.1536076123812; Tue, 04 Sep 2018 08:48:43 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:2682:0:0:0:0:0 with HTTP; Tue, 4 Sep 2018 08:48:43 -0700 (PDT) In-Reply-To: References: <2d9ca6fc33b9aa430233bc0862b65453.squirrel@webmail.harte-lyne.ca> <47bf9a4f8499073f6b29bf7b29d82039.squirrel@webmail.harte-lyne.ca> From: William Dudley Date: Tue, 4 Sep 2018 11:48:43 -0400 Message-ID: Subject: Re: DKIM is driving me nuts To: "James B. Byrne" , Chris Gordon Cc: freebsd-questions Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Sep 2018 15:48:45 -0000 I have decided to abandon this quest. The intersection of DKIM and Mailman is a huge cluster f--k, and will not be sorted out any time soon, if ever. Since I value the mailing lists I host, and am unwilling to stop those services, it makes sense to give up on DKIM. DKIM doesn't solve any problems (except for one poor schmuck who has a ". us.army.mil" email address, that rejects all email without DKIM), I don't find DKIM valuable enough to fight with it any more. Thanks to all for their suggestions. I have learned somethings, which was the point, after all. Bill Dudley This email is free of malware because I run Linux. On Tue, Sep 4, 2018 at 11:32 AM, William Dudley wrote: > Zoneminder only lets me create a TXT record for machine names of > the form "something.casano.com". Their "default" SPF record is attached > to "*.casano.com". I created additional TXT SPF records for " > dudley.casano.com" > and "mail.casano.com", but that made no difference in the DKIM > performance. > > dig -t txt '*.casano.com' > > ; <<>> DiG 9.10.3-P4-Ubuntu <<>> -t txt *.casano.com > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22642 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 512 > ;; QUESTION SECTION: > ;*.casano.com. IN TXT > > ;; ANSWER SECTION: > *.casano.com. 21599 IN TXT "v=spf1 a mx -all" > > ;; Query time: 88 msec > ;; SERVER: 8.8.8.8#53(8.8.8.8) > ;; WHEN: Tue Sep 04 11:21:40 EDT 2018 > ;; MSG SIZE rcvd: 70 > > Google is happy with my SPF records, all my emails to gmail pass SPF > checks. > Somehow, they know to lookup *.casano.com. > > The problem I'm having is that SOME of my DKIM mail passes the check, > and some doesn't. The difference appears to be based on what MUA/client > I use to send the email. > > Email sent using Thunderbird on another machine on my LAN passes DKIM > checks. > Emails sent using "mailx" or my mailman list server fail DKIM checks. > > For both the Thunderbird case and the mailx case, the "From:" field is " > dud@casano.com", > and yet in one case, DKIM passes, and in the other, it doesn't. > > Chris' assertion that the DKIM key is chosen based on the From: field is > backed up by the man page for opendkim.conf(5), but there's a lot in the > paragraphs on SigningTable and I'll be staring at that until little drops > of blood > appear on my forehead. > > Thanks, > Bill Dudley > > > This email is free of malware because I run Linux. > > On Tue, Sep 4, 2018 at 10:41 AM, James B. Byrne > wrote: > >> >> On Tue, September 4, 2018 10:28, William Dudley wrote: >> > my domain is not "casaMo.com", so all of your research is irrelevant. >> > >> drill casano.com txt >> ;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 39400 >> ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 >> ;; QUESTION SECTION: >> ;; casano.com. IN TXT >> >> ;; ANSWER SECTION: >> >> ;; AUTHORITY SECTION: >> >> ;; ADDITIONAL SECTION: >> >> ;; Query time: 2 msec >> ;; SERVER: 216.185.71.33 >> ;; WHEN: Tue Sep 4 10:30:40 2018 >> ;; MSG SIZE rcvd: 28 >> >> If your senders have from addresses like username@casano.com then I >> believe that this is still a problem, if not the only one. >> >> -- >> *** e-Mail is NOT a SECURE channel *** >> Do NOT transmit sensitive data via e-Mail >> Do NOT open attachments nor follow links sent by e-Mail >> >> James B. Byrne mailto:ByrneJB@Harte-Lyne.ca >> Harte & Lyne Limited http://www.harte-lyne.ca >> 9 Brockley Drive vox: +1 905 561 1241 >> Hamilton, Ontario fax: +1 905 561 0757 >> Canada L8E 3C3 >> >> >