Re: [dkim-milter-discuss] Validation problem

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Tony,

It doesn't appear that you're actually generating signatures; instead,
it seems that you're simply prepending a manually-assembled
DKIM-Signature header to each message, and sticking your public key into
it. That's not how DKIM works, and if it were, it wouldn't be very
helpful in preventing forgery since anyone could get the same public key
from DNS and insert it into a header they crafted.

The purpose of dkim-milter and other signing solutions is to calculate
cryptographic hashes of each individual message's content (headers and
body) using your private key; any receiver can then use the public key
to verify that signature.

You may want to start again using the INSTALL file in the dkim-milter
source, if that's what you've opted to sign and verify with (I'm not
clear on this point since there aren't separate versions of dkim-milter
for Sendmail and for Postfix). Once dkim-milter itself is set up, you'll
need to use the smtpd_milters (and possibly non_smtpd_milters) options
in main.cf. For example, I have a postfix system I've configured to sign
with DKIM; my milter listens on port 8025 (arbitrarily chosen) on
localhost, and my main.cf contains:

non_smtpd_milters   = inet:localhost:8025
smtpd_milters       = inet:localhost:8025
milter_default_action   = tempfail
milter_protocol     = 2

I'm not a heavy Postfix user so I'm not sure if the milter_protocol
option is still required. The milter_default_action option causes my
Postfix system to tempfail messages if the filter is unreachable.

Many more detailed guides exist to configuring dkim-milter and Postfix,
but this should get you started.

-- 
Mike Markley <mi...@ma...>

Murphy's Law, that brash proletarian restatement of Godel's Theorem.
- Thomas Pynchon, "Gravity's Rainbow"