This is a discussion on Re: DKIM vs DomainKeys plugins - SpamAssassin ; Michael Scheidell wrote: > Ok, seems to work now, not sure why it wasn't. > > Thanks all. > Not sure why it wasn't either. However, the test message I sent you, and CCed to my verizon address, failed. but ...
Michael Scheidell wrote:
> Ok, seems to work now, not sure why it wasn't.
>
> Thanks all.
>
Not sure why it wasn't either.
However, the test message I sent you, and CCed to my verizon address,
failed. but a copy sent back to my own yahoo account passed.
Looking at the messages, apparently verizon re-arranges the message
headers for no good reason.
The one to myself on yahoo had this header order..
X-Apparently-To:
X-Originating-IP:
Authentication-Results:
Received:
Received:
DomainKey-Signature:
Received:
X-YMail-OSG:
Message-ID:
Date:
From: xxxxxx@yahoo.com
User-Agent:
MIME-Version:
To: xxxxxx@yahoo.com
Subject: test
Content-Type:
Content-Transfer-Encoding:
The one sent to verizon had:
Received:
Received:
Received:
Date:
From: xxxxxx@yahoo.com
Subject:
X-Originating-IP:
To: xxxxxxx@verizon.net
Message-id:
MIME-version:
Content-type:
Content-transfer-encoding:
DomainKey-Signature:
X-YMail-OSG:
User-Agent:
So Verizon has moved the Subject, Content-*, Subject, From/Too, date,
message-id and even yahoo's own Received: header up above the DK signature.
This of course results in:
dbg: dkim: signature verification result: fail (message has been
altered)
and thus the message hits DKIM_POLICY_SIGNSOME and DKIM_SIGNED, but
not DKIM_VERIFIED.
Perhaps your earlier tests had a message that was somehow modified...
