Ok, I finally it all working with dk-filter.

mta130.mail.re4.yahoo.com from=rockyou.com; domainkeys=pass (ok)

Only problem might be our mail infrastructure.  Here's how it works :

Server A (sendmail) originates message ---> Uses central mail server (Qmail) as relay

When Server A sends the message, domainkeys passes.  When it uses the relay, the signature gets stripped out ... because it's writing to the header post-signing right?  So ... question is, is there a way to use this with our existing infrastructure or do we have to have the relay server as the one that signs mail with dk ?

On 2/22/07, dk-milter-discuss-request@lists.sourceforge.net < dk-milter-discuss-request@lists.sourceforge.net> wrote:
Send dk-milter-discuss mailing list submissions to
        dk-milter-discuss@lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.sourceforge.net/lists/listinfo/dk-milter-discuss
or, via email, send a message with subject or body 'help' to
        dk-milter-discuss-request@lists.sourceforge.net

You can reach the person managing the list at
         dk-milter-discuss-owner@lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of dk-milter-discuss digest..."


Today's Topics:

   1. Re: no signature data error (SM)


----------------------------------------------------------------------

Message: 1
Date: Wed, 21 Feb 2007 13:42:02 -0800
From: SM < sm@resistor.net>
Subject: Re: no signature data error
To: dk-milter-discuss@lists.sourceforge.net
Cc: Brad Fino < brad@rockyou.com>
Message-ID: <6.2.5.6.2.20070221133228.02ca0a80@resistor.net>
Content-Type: text/plain; charset="us-ascii"; format=flowed

Hi Brad,
At 12:48 21-02-2007, Brad Fino wrote:
>Ok, so assuming that's a normal message, it's still not signing
>outgoing e-mails.  Header info on sent mail says the following:
>
>Authentication-Results:
><http://mta400.mail.re4.yahoo.com>mta400.mail.re4.yahoo.com
>from=<http://www51.rockyou.com >www51.rockyou.com; domainkeys=neutral (no sig)

There was no DomainKeys signature in the message.  The "from" doesn't
look like an email address.

>So if the policy record and selector record are passing on DNS, then
>outgoing mail must still not be signed on the MTA level, right?  So
>confusing ...

I don't understand the question.

You posted to the dk-milter mailing list.  The log extract which you
posted previously shows that you are running dkim-milter
(DKIM).  Note that Yahoo uses DomainKeys and not DKIM.

Regards,
-sm

P.S. Cc so that the DomainKeys and DKIM signatures are not stripped out.




------------------------------

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

------------------------------

_______________________________________________
dk-milter-discuss mailing list
dk-milter-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dk-milter-discuss


End of dk-milter-discuss Digest, Vol 9, Issue 5
***********************************************



--
Brad E. Fino
brad@rockyou.com
858-245-9099