#210 Bad signature data

[INTEQ]

Hello,

Using the latest available version for Ubuntu 12.04 (2.6.8)

Having some issues with emails from yahoo.com

Oct 5 22:37:16 ns4 opendkim[31179]: 8F3D544899: nm38-vm9.bullet.mail.gq1.yahoo.com [98.136.216.186] not internal
Oct 5 22:37:16 ns4 opendkim[31179]: 8F3D544899: not authenticated
Oct 5 22:37:16 ns4 opendkim[31179]: 8F3D544899: no signing domain match for 'yahoo.com'
Oct 5 22:37:16 ns4 opendkim[31179]: 8F3D544899: no signing subdomain match for 'yahoo.com'
Oct 5 22:37:16 ns4 opendkim[31179]: 8F3D544899: s=s2048 d=yahoo.com SSL error:04091068:rsa routines:INT_RSA_VERIFY:bad signature
Oct 5 22:37:16 ns4 opendkim[31179]: 8F3D544899: bad signature data
Oct 5 22:37:16 ns4 opendmarc[28808]: 8F3D544899: yahoo.com fail

Because dkim fails, dmarc also fails.
I am unable to get to the bottom of this.
No modifications have been made to opendkim for a long time and in the past (1 week), emails from yahoo.com were fine.

[Todd A. Lyons]

The reason why is likely the recent addition of signing the Content-Length header:

http://postfix.1071664.n5.nabble.com/Yahoo-DKIM-and-Content-Length-td71459.html

Per the DMARC mailing list this morning, Yahoo will stop signing the Content-Length header (assume very soon):

http://lists.dmarc.org/pipermail/dmarc-discuss/2014-October/003113.html

[INTEQ]

Thank you.
Seen the email on Postfix list.
Waiting for Yahoo to fix it.