On 03/04/2015 09:30 PM, Sebastian Nielsen wrote: > But how can I retain a copy of message before milter? Could then remove > the hashcash milter and DKIM milter (since those does not change that -b > does succeed validation and no -b does fail validation) and send a test > mail.
But that's an assumption. You should test whether the other milters alter the message. DKIM also requires that the message is canonicalized before signing. It might be that it does the canonicalization differently with headers across multiple lines or that it removes trailing spaces etc. You should therefore disable all other milters before testing. Martijn > -----Ursprungligt meddelande----- From: Wietse Venema > Sent: Wednesday, March 04, 2015 9:28 PM > To: Postfix users > Subject: Re: Have tested lots of solutions now with signing-milter. What > is the problem? > > We need to find out how the message is modified after it is signed. > For this, it does not help if you compare messages that differ in > time stamps in headers, hashcash output, S/MIME signatures, and > body content. > > Capture one message 1) after DKIM signing but before transmission, > and 2) as received with DKIM verification failed. > > If everything works as it should, 1) and 2) are identical except > for headers added in transit. If the DKIM verification fails, then > the file difference(s) will show what was changed. > > Wietse -- CipherMail email encryption Open source email encryption gateway with support for S/MIME, OpenPGP and PDF messaging. http://www.ciphermail.com Twitter: http://twitter.com/CipherMail
