Michael Scheidell wrote:
> Ok, seems to work now, not sure why it wasn't.
>
> Thanks all.
>

Not sure why it wasn't either.

However, the test message I sent you, and CCed to my verizon address,
failed. but a copy sent back to my own yahoo account passed.

Looking at the messages, apparently verizon re-arranges the message
headers for no good reason.

The one to myself on yahoo had this header order..

X-Apparently-To:
X-Originating-IP:
Authentication-Results:
Received:
Received:
DomainKey-Signature:
Received:
X-YMail-OSG:
Message-ID:
Date:
From: xxxxxx@yahoo.com
User-Agent:
MIME-Version:
To: xxxxxx@yahoo.com
Subject: test
Content-Type:
Content-Transfer-Encoding:


The one sent to verizon had:

Received:
Received:
Received:
Date:
From: xxxxxx@yahoo.com
Subject:
X-Originating-IP:
To: xxxxxxx@verizon.net
Message-id:
MIME-version:
Content-type:
Content-transfer-encoding:
DomainKey-Signature:
X-YMail-OSG:
User-Agent:


So Verizon has moved the Subject, Content-*, Subject, From/Too, date,
message-id and even yahoo's own Received: header up above the DK signature.

This of course results in:

dbg: dkim: signature verification result: fail (message has been
altered)

and thus the message hits DKIM_POLICY_SIGNSOME and DKIM_SIGNED, but
not DKIM_VERIFIED.

Perhaps your earlier tests had a message that was somehow modified...