#3 Interoperability problem with IronPort

v1.0.2
open
nobody
Other (4)
5
2009-06-01
2009-04-22
vparkhom
No

We are running domainkeys milter 1.0.2 and in the past two month we had three separate reports of emails sent from IronPort appliances being rejected due to BAD domainkeys signature.
Tests performed so far are as follows.
- Checked senders DNS records and all appear to be OK
- Asked senders to send to non-sendmail domainkeys verifiers and all tests are OK.
- Asked senders to send to sa-test@sendmail.net and all tests fail with a message "bad signature"
- All senders confirmed to be using IronPort appliances
- Ironport can successfully verify sendmail domainkeys signature
- Asked senders to log a call with Ironport but so far no resolution have been found, in fact IronPort support blames sendmail filter as all other verifiers do not have this problem

At this stage it appears to be a very specific problem between IronPort and Sendmail domainkeys implementation.
Any help in this matter would be greatly appreciated.

Regards,
Vitali

Discussion

    • milestone: --> v1.0.2
    • status: open --> pending
     
  • Please attach a sample signed message which fails to verify.

     
  • vparkhom
    vparkhom
    2009-04-22

    Sender Auth autoresponse with a test message

     
  • vparkhom
    vparkhom
    2009-04-22

    • status: pending --> open
     
  • That message appears to be in some format I can't read. It's mostly binary data.

    Please attach something in cleartext, or better yet something gzipped to preserve CRLF and such.

     
    • status: open --> pending
     
  • vparkhom
    vparkhom
    2009-06-01

    Headers of the dk failed message

     
    Attachments
  • vparkhom
    vparkhom
    2009-06-01

    Body of the dk failed message

     
    Attachments
  • vparkhom
    vparkhom
    2009-06-01

    • status: pending --> open