Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 3 Sep 2018 15:34:30 -0400
From:      William Dudley <wfdudley@gmail.com>
To:        "James B. Byrne" <byrnejb@harte-lyne.ca>,  freebsd-questions <freebsd-questions@freebsd.org>
Subject:   Re: DKIM is driving me nuts
Message-ID:  <CAFsnNZ+iHrnQAzJPwj+b8i4ML0c=dXOsn3UzhhyDrTB6EHn=hg@mail.gmail.com>
In-Reply-To: <2d9ca6fc33b9aa430233bc0862b65453.squirrel@webmail.harte-lyne.ca>
References:  <mailman.104.1535976002.94972.freebsd-questions@freebsd.org> <2d9ca6fc33b9aa430233bc0862b65453.squirrel@webmail.harte-lyne.ca>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
I have an SPF record.

That is not the problem.

The problem is that the server has three names:

casano.com
mail.casano.com
dudley.casano.com

and I cannot figure out how opendkim chooses which key
to use to sign emails.  Does it look at Message-Id?  Does it look
at Reply-to: (unlikely) ?  Whatever field it uses, changes depending
on if I use Thunderbird, Mail (mailx), or the mailman listserve to send
the email.

Thanks,
Bill Dudley


This email is free of malware because I run Linux.

On Mon, Sep 3, 2018 at 3:03 PM, James B. Byrne <byrnejb@harte-lyne.ca>
wrote:

>
> On Sun, September 2, 2018 19:06, William Dudley wrote:
> > I'm trying to make DKIM work on my FreeBSD 10.3, stock sendmail
> > system.
> > Since I don't know if the problem is sendmail or opendkim or DNS or
> > what, I'm asking here.
> >
>
> You need a sender policy framework specification in your dns for the
> domains you wish secured.  You do not put the keys in this, just the
> policy version, the authorised hosts, and the disposal option.
>
> Ours is:
>
> harte-lyne.ca.          172800  IN      TXT
>    "v=spf1 ip4:209.47.176.16/26 ip4:216.185.71.0/26
> ip4:216.185.71.128/26 -all"
>
> The ~all at the end is called a soft fail. It means that recipients
> may accept mail from another server, but that the sender should be
> viewed with suspicion. If you change the disposal option to -all you
> are directing the recipient to reject mail from any server other than
> these. The soft fail approach is safer and recommended.
>
> If you employ dkim without a dns entry for your sender policy
> framework, or with invalid SPF or multiple SPF dns records, then the
> correct behaviour is to reject all mail from the sender since the
> policy cannot be determined.
>
> --
> ***          e-Mail is NOT a SECURE channel          ***
>         Do NOT transmit sensitive data via e-Mail
>  Do NOT open attachments nor follow links sent by e-Mail
>
> James B. Byrne                mailto:ByrneJB@Harte-Lyne.ca
> Harte & Lyne Limited          http://www.harte-lyne.ca
> 9 Brockley Drive              vox: +1 905 561 1241
> Hamilton, Ontario             fax: +1 905 561 0757
> Canada  L8E 3C3
>
>



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?CAFsnNZ+iHrnQAzJPwj+b8i4ML0c=dXOsn3UzhhyDrTB6EHn=hg>