[pfx] Re: Incoming OpenDKIM signature verification failing

2025-05-09 Thread Ken Biggs via Postfix-users
HI Nick, I had cut and pasted from the "Raw Source" view in mac Mail, but double checked in the spool file and those are the headers received in that order. Thanks, Ken > On May 9, 2025, at 7:27 PM, Nick Tait via Postfix-users > wrote: > > On 10/05/2025 08:23, Ken Biggs via Postfix-users wro

[pfx] Re: Incoming OpenDKIM signature verification failing

2025-05-09 Thread Dan Mahoney via Postfix-users
If any of those mailing lists are open, regular lists that I could be subscribed to, for testing, I’d be happy to try to do so to validate this for you. -Dan > On May 9, 2025, at 21:07, Nick Tait via Postfix-users > wrote: > > On 10/05/2025 15:29, Nick Tait via Postfix-users wrote: >> But of

[pfx] Re: Incoming OpenDKIM signature verification failing

2025-05-09 Thread Nick Tait via Postfix-users
On 10/05/2025 15:29, Nick Tait via Postfix-users wrote: But of course if the first scenario still exhibits the issue, then that probably disproves my theory immediately? Just thinking a bit more about this... If the first test fails, then you can compare the headers and body in the received em

[pfx] Re: Incoming OpenDKIM signature verification failing

2025-05-09 Thread Nick Tait via Postfix-users
On 10/05/2025 14:09, Ken Biggs via Postfix-users wrote: HI Nick, I had cut and pasted from the "Raw Source" view in mac Mail, but double checked in the spool file and those are the headers received in that order. Thanks, Ken Thanks for confirming. My set-up is very similar to yours, and (li

[pfx] Re: Incoming OpenDKIM signature verification failing

2025-05-09 Thread Phil Stracchino via Postfix-users
On 5/9/25 16:23, Ken Biggs via Postfix-users wrote: Hi Matus, I commented out policyd-spf and still am getting DKIM failure from google.com . Here are maillog entries from a gmail test: May 9 15:11:36 xxx postfix/smtpd[815073]: connect from mail-qk1-f169.google.com[2

[pfx] Re: Incoming OpenDKIM signature verification failing

2025-05-09 Thread Ken Biggs via Postfix-users
Hi Matus, I commented out policyd-spf and still am getting DKIM failure from google.com . Here are maillog entries from a gmail test: May 9 15:11:36 xxx postfix/smtpd[815073]: connect from mail-qk1-f169.google.com[209.85.222.169] May 9 15:11:36 xxx postfix/smtpd[8

[pfx] Re: Incoming OpenDKIM signature verification failing

2025-05-09 Thread Ken Biggs via Postfix-users
Hi Benny, Yes, our outgoing emails are signed and validate properly. The incoming email DKIM signature validation is our current issue. Thanks, Ken > On May 9, 2025, at 10:17 AM, Benny Pedersen via Postfix-users > wrote: > > Matus UHLAR - fantomas via Postfix-users skrev den 2025-05-09 16:1

[pfx] Re: Incoming OpenDKIM signature verification failing

2025-05-09 Thread Benny Pedersen via Postfix-users
Matus UHLAR - fantomas via Postfix-users skrev den 2025-05-09 16:18: On 09.05.25 08:14, Ken Biggs via Postfix-users wrote: Looking at the maillog, I notice policyd-spf is running before opendkim. Could that be modifying the email before dkim validation? it should not. I use pyspf-milter whic

[pfx] Re: Incoming OpenDKIM signature verification failing

2025-05-09 Thread Matus UHLAR - fantomas via Postfix-users
On 09.05.25 08:14, Ken Biggs via Postfix-users wrote: Looking at the maillog, I notice policyd-spf is running before opendkim. Could that be modifying the email before dkim validation? it should not. I use pyspf-milter which is from the same package I believe (python, there's also perl vers

[pfx] Re: Incoming OpenDKIM signature verification failing

2025-05-09 Thread Jaroslaw Rafa via Postfix-users
Dnia 9.05.2025 o godz. 16:18:35 Matus UHLAR - fantomas via Postfix-users pisze: > I use pyspf-milter which is from the same package I believe (python, > there's also perl version policyd-spf) and it only accepts/rejects > e-mail and adds Authentication-Results: header. That may be the key. Check

[pfx] Re: Incoming OpenDKIM signature verification failing

2025-05-09 Thread Ken Biggs via Postfix-users
I'm running spamass-milter. /etc/mail/spamassassin/v312.pre already has loadplugin Mail::SpamAssassin::Plugin::DKIM. Not seeing AuthRes anywhere in /etc/mail/spamassassin. So, I'm assuming the X-Spam-Status: tests=DKIM_INVALID,DKIM_SIGNED are SpamAssassin's agreement with OpenDKIM's Authenticatio

[pfx] Re: Incoming OpenDKIM signature verification failing

2025-05-09 Thread Ken Biggs via Postfix-users
Looking at the maillog, I notice policyd-spf is running before opendkim. Could that be modifying the email before dkim validation? > On May 9, 2025, at 8:04 AM, Ken Biggs via Postfix-users > wrote: > > I'm running spamass-milter. > /etc/mail/spamassassin/v312.pre already has loadplugin > Mai

[pfx] Re: Incoming OpenDKIM signature verification failing

2025-05-09 Thread Matus UHLAR - fantomas via Postfix-users
On 09.05.25 12:58, Dmitriy Alekseev via Postfix-users wrote: Did maybe you considering spin up rspamd proxy + normal instead of sa+opendkim+opendmarc, even if you do not move in end to rspamd you will at least get what issue relates to. It useless to honestly trying to analyze eml with modificati

[pfx] Re: Incoming OpenDKIM signature verification failing

2025-05-09 Thread Dmitriy Alekseev via Postfix-users
Did maybe you considering spin up rspamd proxy + normal instead of sa+opendkim+opendmarc, even if you do not move in end to rspamd you will at least get what issue relates to. It useless to honestly trying to analyze eml with modifications due to anonymization in scope of understanding why dkim bro

[pfx] Re: Incoming OpenDKIM signature verification failing

2025-05-09 Thread Matus UHLAR - fantomas via Postfix-users
On 08.05.25 15:06, Ken Biggs via Postfix-users wrote: OpenDKIM is failing signature verification on most incoming emails. Out of 1,146 incoming emails, 173 have been successfully verified and 973 have "bad signature data". The failing emails include email from google, amazon, sailthru, and m