From: ram <ra...@ne...> - 2009-11-03 14:14:26
|
Is there a tool by which I can verify the signature My mail headers are being changed in transit ( I suspect the cisco boxes) but I cannot find which header. So that I can Omitheader for that one Can anyone help Thanks Ram |
From: Mark M. <Mar...@ij...> - 2009-11-03 14:38:40
|
On Tuesday 03 November 2009 14:37:14 ram wrote: > Is there a tool by which I can verify the signature > > My mail headers are being changed in transit ( I suspect the cisco > boxes) but I cannot find which header. So that I can Omitheader for > that one My preferred one-liner is: perl -MMail::DKIM::Verifier -ne ' BEGIN{$dkim=Mail::DKIM::Verifier->new_object}; s/\r?\n\z/\015\012/; $dkim->PRINT($_); END{$dkim->CLOSE; printf("%s\n",$_->result_detail) for $dkim->signatures}' <0.msg Use a recent version of Mail::DKIM, but at least 0.31. Mark |
From: ram <ra...@ne...> - 2009-11-06 06:51:14
|
On Tue, 2009-11-03 at 15:38 +0100, Mark Martinec wrote: > On Tuesday 03 November 2009 14:37:14 ram wrote: > > Is there a tool by which I can verify the signature > > > > My mail headers are being changed in transit ( I suspect the cisco > > boxes) but I cannot find which header. So that I can Omitheader for > > that one > > My preferred one-liner is: > > perl -MMail::DKIM::Verifier -ne ' > BEGIN{$dkim=Mail::DKIM::Verifier->new_object}; > s/\r?\n\z/\015\012/; $dkim->PRINT($_); END{$dkim->CLOSE; > printf("%s\n",$_->result_detail) for $dkim->signatures}' <0.msg > This just tells me dkim failed I know that already. What I want to know is why it failed ? For eg .... This message failed Why ? is it the Content-Transfer-Encoding header ? How can I tell Received: from darkstar.netcore.co.in (unknown [192.168.2.105]) by ho.netcore.co.in (Postfix) with ESMTPA id 3C2026CE04B3 for <ra...@ne...>; Fri, 6 Nov 2009 12:09:40 +0530 (IST) Received: from location.exampledomain.com (list.netcore.co.in [192.168.40.94]) by darkstar.netcore.co.in (Postfix) with ESMTP id 8C9226680CB for <ra...@ne...>; Fri, 6 Nov 2009 12:09:36 +0530 (IST) Received: from netcore.co.in (localhost [127.0.0.1]) by location.exampledomain.com (Postfix) with ESMTP id 76B6D52C1C1 for <ra...@ne...>; Fri, 6 Nov 2009 12:09:34 +0530 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=netcore.co.in; s=default; t=1257489574; bh=GMfT7A4K07OPLdwXHEWtlS9++GG +RNZCfRtWpuTr5yg=; h=MIME-Version:Content-Transfer-Encoding:Content-Type:Subject: Message-Id:To:Date:From; b=cSV+09TNvM01i4FR0ahZDCSMIdErr +KoxOl8860JrEdodUMsDMOPnx8VsewlV6Ovf 3ePE0IyfNPpggTzyn9EODmhCKQrVDujq1lMg2UvRYe5CKQSJVq68twGh +gpYbLJi6+ ff+STXh4Z4gqttY2Jyr7AfVAFoJcCbs1aQujVjXA= MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain X-Mailer: MIME::Lite 3.0105 (F2.74; T1.19; A1.76; B3.07; Q3.07) Subject: Test Mail Message-Id: <z8u...@ne...> To: ra...@ne... Date: Fri, 06 Nov 2009 12:09:34 +0530 From: idc...@ne... Content-Transfer-Encoding: 8bit This is a Test Mail Please Ignore |
From: Mike M. <mi...@ma...> - 2009-11-06 18:06:01
|
On Fri, Nov 06, 2009 at 12:20:57PM +0530, ram <ra...@ne...> wrote: > > On Tue, 2009-11-03 at 15:38 +0100, Mark Martinec wrote: > > > On Tuesday 03 November 2009 14:37:14 ram wrote: > > > Is there a tool by which I can verify the signature > > > > > > My mail headers are being changed in transit ( I suspect the cisco > > > boxes) but I cannot find which header. So that I can Omitheader for > > > that one > > > > My preferred one-liner is: > > > > perl -MMail::DKIM::Verifier -ne ' > > BEGIN{$dkim=Mail::DKIM::Verifier->new_object}; > > s/\r?\n\z/\015\012/; $dkim->PRINT($_); END{$dkim->CLOSE; > > printf("%s\n",$_->result_detail) for $dkim->signatures}' <0.msg > > > > > This just tells me dkim failed > I know that already. > > What I want to know is why it failed ? dkim-milter doesn't know why it failed, it just knows that the hash it's calculating based on RFC 4871 doesn't match the one the sender calculated. The filter would have to know the original content as the sender saw it. That's what the "z" tag does, but using it requires the sender to add that tag at signing time (which can be done in dkim-milter with the Diagnostics setting). -- Mike Markley <mi...@ma...> |