Am 05.10.2014 um 17:52 schrieb Wietse Venema: > Inteq Solution - Dep. tehnic: >> Oct 5 17:55:44 ns4 opendkim[3861]: A2CCA44674: s=s2048 d=yahoo.com SSL >> error:04091068:rsa routines:INT_RSA_VERIFY:bad signature
yes that ssl stuff looks broken somekind, perhaps thats the reason > > If this were a common problem then there would be many reports, so > I presume that you are receiving corrupted email. > > Do you have a so-called security appliance in the path? Many have > a history of tampering with email. > > http://en.wikipedia.org/wiki/Security_appliance > > Do you have other anti-spam software in the path that modifies > mail headers such as X-Spam:? > > You (or someone familiar with DKIM) can verify that a message is > damaged by capturing the TCP/IP stream with a network sniffer. > > Wietse > however postfix/policy-spf does not work with opendmarc due my latest info, the opendmarc milter must have SPF/DKIM results from other milters/services https://bugzilla.redhat.com/show_bug.cgi?id=905304 perhaps you need opendmarc build with --with-spf SPFIgnoreResults and SPFSelfValidate yes with dmarc policy reject either SPF and/or DKIM has to be validated positive to pass. please also read http://mail-archives.engardelinux.org/modules/index/list_archives.cgi?list=postfix-users&page=0457.html&month=2014-04 for postfix specials only compare domains with mail domains that have dmarc policy reject too Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
