Am 05.10.2014 um 19:23 schrieb Robert Schetterer: > Am 05.10.2014 um 19:01 schrieb li...@rhsoft.net: >> >> Am 05.10.2014 um 18:47 schrieb Wietse Venema: >>> Inteq Solution - Dep. tehnic: >>>> No security appliance in front of Postifix. >>>> I use SpamAssassin that tags with X-Spam. >>>> >>>> I have disabled AV scanning. No luck >>>> I have disabled dkim-milter. No luck >>>> >>>> Weird thing is that from other dmarc enabled domains, the result is >>>> pass and >>>> email delivery is OK. >>> >>> opendkim *must* be used before any software that modifies >>> headers or content. >>> >>> Instead of posting message headers, I prefer tcpdump content, off-list >> >> DKIM verification for Yahoo fails *randomly* at the moment >> >> [root@mail-gw:~]$ cat maillog | grep "yahoo\.com" | grep DKIM_VALID | >> grep YahooMail | wc -l >> 25 >> >> [root@mail-gw:~]$ cat maillog | grep "yahoo\.com" | grep DKIM_INVALID | >> grep YahooMail | wc -l >> 7 >> >> Oct 5 01:46:43 mail-gw spamd[13513]: spamd: result: . -4 - >> BAYES_40,CUST_DNSWL_5,CUST_DNSWL_8,DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,SPF_PASS,T_DKIM_INVALID,USER_IN_MORE_SPAM_TO >> scantime=0.2,size=5728,user=sa-milt,uid=189,required_score=4.5,rhost=localhost,raddr=127.0.0.1,rport=51768,mid=<1246727940.420635.1412466396394.javamail.ya...@jws10686.mail.bf1.yahoo.com>,bayes=0.291809,autolearn=disabled >> >> >> Oct 5 12:41:09 mail-gw spamd[29494]: spamd: result: . 0 - >> BAYES_40,CUST_DNSWL_2,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO_END_DIGIT,HTML_MESSAGE,RCVD_IN_MSPIKE_H2 >> scantime=0.3,size=33028,user=sa-milt,uid=189,required_score=4.5,rhost=localhost,raddr=127.0.0.1,rport=53682,mid=<1412505655.97798.yahoomail...@web173006.mail.ir2.yahoo.com>,bayes=0.269157,autolearn=disabled >> > > if dkim fails with dmarc policy reject ( like yahoo ) and SPF isnt > recognized ( which is a know problem with some SPF software ) in > opendmarc isnt working , opendmarc will reject
by the way i found yahoo dkim failing i.e at 20140920:Sep 19 17:01:54 mail02 spamd[21732]: spamd: result: . 3 - BASE64_LENGTH_79_INF,DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,FREEMAIL_FROM,HTML_MESSAGE,NML_ADSP_CUSTOM_MED,RCVD_IN_DNSWL_NONE,SPF_PASS,T_DKIM_INVALID,T_FREEMAIL_DOC_PDF,T_RP_MATCHES_RCVD scantime=5.8,size=145364,user=...@...,uid=1001,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=43406,mid=<1851977278.13739.1411138846623.javamail.ya...@jws100123.mail.ne1.yahoo.com>,autolearn=no,shortcircuit=no however , involved in some opendmarc debug stuff in the german postfix list, i think it might be a good idea to use it only selective on typical dyn ips, that should work i.e with milter manager, but i didnt tested it yet > > > Best Regards > MfG Robert Schetterer > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
