Ok, I finally it all working with dk-filter.

mta130.mail.re4.yahoo.com from=rockyou.com; domainkeys=pass (ok)

Only problem might be our mail infrastructure.  Here's how it works :

Server A (sendmail) originates message ---> Uses central mail server (Qmail) as relay

When Server A sends the message, domainkeys passes.  When it uses the relay, the signature gets stripped out ... because it's writing to the header post-signing right?  So ... question is, is there a way to use this with our existing infrastructure or do we have to have the relay server as the one that signs mail with dk ?

On 2/22/07, dk-milter-discuss-request@lists.sourceforge.net < dk-milter-discuss-request@lists.sourceforge.net> wrote:
Send dk-milter-discuss mailing list submissions to

To subscribe or unsubscribe via the World Wide Web, visit
or, via email, send a message with subject or body 'help' to

You can reach the person managing the list at

When replying, please edit your Subject line so it is more specific
than "Re: Contents of dk-milter-discuss digest..."

Today's Topics:

   1. Re: no signature data error (SM)


Message: 1
Date: Wed, 21 Feb 2007 13:42:02 -0800
From: SM < sm@resistor.net>
Subject: Re: no signature data error
To: dk-milter-discuss@lists.sourceforge.net
Cc: Brad Fino < brad@rockyou.com>
Message-ID: <>
Content-Type: text/plain; charset="us-ascii"; format=flowed

Hi Brad,
At 12:48 21-02-2007, Brad Fino wrote:
>Ok, so assuming that's a normal message, it's still not signing
>outgoing e-mails.  Header info on sent mail says the following:
>from=<http://www51.rockyou.com >www51.rockyou.com; domainkeys=neutral (no sig)

There was no DomainKeys signature in the message.  The "from" doesn't
look like an email address.

>So if the policy record and selector record are passing on DNS, then
>outgoing mail must still not be signed on the MTA level, right?  So
>confusing ...

I don't understand the question.

You posted to the dk-milter mailing list.  The log extract which you
posted previously shows that you are running dkim-milter
(DKIM).  Note that Yahoo uses DomainKeys and not DKIM.


P.S. Cc so that the DomainKeys and DKIM signatures are not stripped out.


Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash


dk-milter-discuss mailing list

End of dk-milter-discuss Digest, Vol 9, Issue 5

Brad E. Fino