I have Outlook -> Exchange 2016 -> EFA
Opendkim on efa ADD signatures, i tried 1024 and 2048
I tested with several programs
When Outlook send a TXT email (or smtp manual mail) DKIM is valid
When I use HTML in Outlook DKIM is invalid
any suggestions ?
DKIM problem
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: DKIM problem
What is Outlook using for its Envelope From address? (not the one you can see). If it doesn't match the DKIM record, it won't get signed...
Another thought...
Are any signatures getting appended to the original email? If so, that will break DKIM.
Another thought...
Are any signatures getting appended to the original email? If so, that will break DKIM.
Re: DKIM problem
Nicola and I have tracked down the problem.
under /etc/MailScanner/MailScanner.conf he had:
Non Spam Actions = <blah blah> custom(nonspam)
and I did not.
It appears that the custom(nonspam) action modifies the message body after the dkim signing which will then cause a dkim verification failure.
Therefore, if you have a custom action on the message handling for outgoing mail, you'll break dkim.
Solutions? Not sure how exacty, but the custom actions have to be performed before the dkim signing.
Shawn, do you have any ideas on how this could be fixed? Should I post something over in the MailScanner forums?
under /etc/MailScanner/MailScanner.conf he had:
Non Spam Actions = <blah blah> custom(nonspam)
and I did not.
It appears that the custom(nonspam) action modifies the message body after the dkim signing which will then cause a dkim verification failure.
Therefore, if you have a custom action on the message handling for outgoing mail, you'll break dkim.
Solutions? Not sure how exacty, but the custom actions have to be performed before the dkim signing.
Shawn, do you have any ideas on how this could be fixed? Should I post something over in the MailScanner forums?
-
- Posts: 388
- Joined: 23 Apr 2015 09:45
Re: DKIM problem
I tried to test dkim with custom(nonspam) and without custom(nonspam)
Temporary files are identical because dkim milter act before mailscanner
but results are :
whit custom(nonspam) it fail because it add an extra 0d0a after some lines :
Test'20'di'20'un'20'formato'20'txt'20'con'20'attach'0D''0A'
'0D''0A'
'0D''0A'
whitout custom(nonspam) it pass :
Test'20'di'20'un'20'formato'20'txt'20'con'20'attach'0D''0A'
'0D''0A'
Can you correct /usr/share/MailScanner/perl/custom/CustomAction.pm ?
Temporary files are identical because dkim milter act before mailscanner
but results are :
whit custom(nonspam) it fail because it add an extra 0d0a after some lines :
Test'20'di'20'un'20'formato'20'txt'20'con'20'attach'0D''0A'
'0D''0A'
'0D''0A'
whitout custom(nonspam) it pass :
Test'20'di'20'un'20'formato'20'txt'20'con'20'attach'0D''0A'
'0D''0A'
Can you correct /usr/share/MailScanner/perl/custom/CustomAction.pm ?
-
- Posts: 388
- Joined: 23 Apr 2015 09:45
Re: DKIM problem
This is too simple
Routine skips in case of localhost, i added 10. to skip also my Exchange
It is trivial but works,
Still remain the problem that mailscanner runs after dkim so nothing can be added
I think that the only solution is to have a dkim smarthost, but is not possible to have a vm for each action we want to do
vi /usr/share/MailScanner/perl/custom/CustomAction.pm
# EFA Non Spam Modification Token Generation,
#
sub EFANonSpam {
my($message) = @_;
my($token);
my($file);
my($spamwhitelisted);
# Generate Token/Sign unless message is originates from localhost or is inbound and whitelisted
my($clientip) = $message->{clientip};
if ($clientip =~ /^127|^10./) {
return $message;
} else {
Routine skips in case of localhost, i added 10. to skip also my Exchange
It is trivial but works,
Still remain the problem that mailscanner runs after dkim so nothing can be added
I think that the only solution is to have a dkim smarthost, but is not possible to have a vm for each action we want to do
vi /usr/share/MailScanner/perl/custom/CustomAction.pm
# EFA Non Spam Modification Token Generation,
#
sub EFANonSpam {
my($message) = @_;
my($token);
my($file);
my($spamwhitelisted);
# Generate Token/Sign unless message is originates from localhost or is inbound and whitelisted
my($clientip) = $message->{clientip};
if ($clientip =~ /^127|^10./) {
return $message;
} else {
Re: DKIM problem
I checked and this is from my MailScanner.conf
I haven't edited that manually though.
Assuming I apply Nicola's patch, what will be skipped for my outgoing emails? What exactly is this TOKEN/SIGN? Is SIGN the signature and TOKEN the watermark?
Code: Select all
Non Spam Actions = store deliver header "X-Spam-Status:No" custom(nonspam)
Assuming I apply Nicola's patch, what will be skipped for my outgoing emails? What exactly is this TOKEN/SIGN? Is SIGN the signature and TOKEN the watermark?
Re: DKIM problem
Sorry ovizii, I've been away from EFA for a few months.
Are you still having an issue, or is it all resolved now?
Are you still having an issue, or is it all resolved now?
Re: DKIM problem
no worries, problem solved but I can't remember 100% what exactly did the trick. It could either be that I disabled signatures completely so EFA wasn't changing the headers anymore or that I went back to a 1024bit key instead of 2048 as I had read in a thread that some DNS servers had problems with such long keys.