From: Tony E. <ter...@ba...> - 2006-12-04 06:23:55
|
Murray S. Kucherawy wrote: >> We run both Domainkey and DKIM signing on this (Postfix 2.3.4) MTA. We >> sign using both, but verify with DKIM 0.5.2 incorporating dk-milter's libdk. > > I don't know if it's still true, but some time ago DK signed mail from > Yahoo! groups (your example case) failed signature verification for all > messages because the signing happened before various footers were tacked > onto the end of the message. This was acknowledged as their bug. I don't > know if it was ever fixed. Interesting ... > I just e-mailed myself a message from my Yahoo! account to my home account > where I'm also running DKIM 0.5.2 with libdk, and it verified correctly. > The reply was signed with both DKIM and DK, and it also verified > correctly. > > Then I turned off DKIM 0.5.2 and turned on DK 0.4.1, and sent a test from > home to sa...@se.... My message was verified successfully, and > the reply was as well. > > Are you using "simple" or "nofws"? simple for DK, relaxed/simple for DKIM. > What version of sendmail are you running? Postfix 2.3.4 :) > Have you done any of the canonicalization tests that have been described > here in the past? No - should I search the archives for them, or simply change to nofws? Thanks! --Tonni -- Tonni Earnshaw tonni @ barlaeus.nl |