[pfx] Re: OpenDKIM is added twice

After I couldn't really get amavis to add the DKIM signature or verify the DKIM signature in conjunction with opendkim, I tried again with the settings in master.cf. Adding the following entries works wonderfully: submission inet n    -    y    -    -    smtpd   -o syslog_name=postfix/s

[pfx] Re: OpenDKIM is added twice

Hello! Here are my so far unsuccessful attempts to link opendkim with amavis in order to add or verify the DKIM signature to mails. _*/etc/opendkim.conf*_ Canonicalization    relaxed/simple Mode           sv SubDomains   no AutoRestart   yes AutoR

[pfx] Re: OpenDKIM is added twice

Hi Matus! I have just found out about the socket and changed it accordingly. Spamassassin does its job, but amavis refuses the connection.  I get the following error message: 2024-12-24T09:32:42.431446-06:00 axum postfix/amavis/smtp[2894]: connect to 127.0.0.1[127.0.0.1]:10026: Connection re

[pfx] Re: OpenDKIM is added twice

Sorry, for the previous mail. Hit the wrong button! Here the excerpt from mail.log: 2024-12-24T08:25:12.029798-06:00 axum postfix/submission/smtpd[2060]: warning: connect to Milter service local:opendkim/opendkim.sock: No such file or directory 2024-12-24T08:25:12.668707-06:00 axum postfix/sub

[pfx] Re: OpenDKIM is added twice

Hi Matus, As suggested by Wietse and you, I want to add the DKIM signature to amavis in conjunction with OpenDKIM, but I'm not yet where I need to be with the configuration. I manage to get a signature added, but there are problems with the socket. The following is configured in /etc/opendki

[pfx] Re: OpenDKIM is added twice

On 24.12.24 09:08, Andreas Kuhlen via Postfix-users wrote: I have to correct myself. If I only add the no_milters here, a DKIM signature is added and the header check also works, it looks like, but for the body is reported: 127.0.0.1:10025   inet   n    - n - -    smtpd     -o sysl

[pfx] Re: OpenDKIM is added twice

If your content filter makes chnages to the content then that invalidates a DKIM signature. Best practice therefore is to verify signatures before making content changes, and to add signatures after making content changes. Wietse ___ Postfix-use

[pfx] Re: OpenDKIM is added twice

I have to correct myself. If I only add the no_milters here, a DKIM signature is added and the header check also works, it looks like, but for the body is reported: 127.0.0.1:10025   inet   n    - n - -    smtpd     -o syslog_name=postfix/10025 [ ... ]     -o receive_override_optio

[pfx] Re: OpenDKIM is added twice

Hi Wietse, thanks for your reply. Am 24.12.2024 um 01:32 schrieb Wietse Venema via Postfix-users: Andreas Kuhlen via Postfix-users: Hello, I am running my Postfix server with Amavis, Spamassassin, Clamav and have added a configuration for OpenDKIM, OpenDMARC and SPF. Sending and receiving mail

[pfx] Re: OpenDKIM is added twice

Andreas Kuhlen via Postfix-users: > Hello, > I am running my Postfix server with Amavis, Spamassassin, Clamav and > have added a configuration for OpenDKIM, OpenDMARC and SPF. Sending and > receiving mail is working satisfactorily so far. However, I noticed > today that a DKIM signature field is

Re: opendkim - permission issue?

Maurizio Caloro: > > On 27.06.2022 00:24, Wietse Venema wrote: > > Maurizio Caloro: > > > > setup also opendkim and will appear now the error " > >> *key data is not secure: / is writeable and owned by uid 110 which is > >> not the executing uid (115)* *or the superuser*" > >> it's seem that i h

Re: opendkim - permission issue?

On Mon, Jun 27, 2022 at 07:19:59AM +0200, Maurizio Caloro wrote: > On 27.06.2022 00:24, Wietse Venema wrote: > > Maurizio Caloro: > > > > setup also opendkim and will appear now the error " > > > *key data is not secure: / is writeable and owned by uid 110 which > > > is not the executing uid (

Re: opendkim - permission issue?

On Mon, Jun 27, 2022 at 12:00:20AM +0200, Maurizio Caloro wrote: > > setup also opendkim and will appear now the error "key data is not secure: / > is writeable and owned by uid 110 which is not the executing uid (115)" > it's seem that i have permission issue? > > # opendkim -V >     opendkim

Re: opendkim - permission issue?

On 27.06.22 00:00, Maurizio Caloro wrote: setup also opendkim and will appear now the error "key data is not secure: / is writeable and owned by uid 110 which is not the executing uid (115)" this looks like you have set owner of root directory to non-root user it's seem that i have permissi

Re: opendkim - permission issue?

On 27.06.2022 00:24, Wietse Venema wrote: Maurizio Caloro: setup also opendkim and will appear now the error " *key data is not secure: / is writeable and owned by uid 110 which is not the executing uid (115)* *or the superuser*" it's seem that i have permission issue? Look at the output fr

Re: opendkim - permission issue?

Maurizio Caloro: > > setup also opendkim and will appear now the error "key data is not > secure: / is writeable and owned by uid 110 which is not the executing > uid (115)" > it's seem that i have permission issue? Look at the output from: ls -ld / Wietse

Re: OpenDKIM but no log of postfix milter running or trying to run

Oh, that's awesome, thanks.  So for the first time I got a log message concerning the milter.  And so this is, indeed, an OpenDKIM issue. Many thanks, I'll go look over there for my problems. Jeff Abrahamson http://p27.eu/jeff/ http://transport-nantes.com/ On 14/10/2020 16:43, IL Ka wrote: >

Re: OpenDKIM but no log of postfix milter running or trying to run

Shutdown OpenDKIM, set "milter_default_action = tempfail", reload postfix and try to send something. If your mail is rejected, then Postfix configuration is ok, and you need to grep maillog (or other logs) for DKIM On Wed, Oct 14, 2020 at 5:28 PM Jeff Abrahamson wrote: > On 14/10/2020 16:02, IL

Re: OpenDKIM but no log of postfix milter running or trying to run

On 14/10/2020 16:02, IL Ka wrote: > > The config file is active, however.  > > You can check your milter config with > > $  postconf smtpd_milters non_smtpd_milters milter_default_action > > or even > > $ postconf  | grep milter > > You can probably post output it here. > Also, try to increase logg

Re: OpenDKIM but no log of postfix milter running or trying to run

On 14/10/2020 16:06, Wietse Venema wrote: > Jeff Abrahamson: >> I've set up OpenDKIM.? I've noted the config below, but the basic issue >> is that my mails aren't being DKIM signed and my logs, while showing no >> mail-related errors, also don't show any evidence of milters running or >> trying to

Re: OpenDKIM but no log of postfix milter running or trying to run

Jeff Abrahamson: > I've set up OpenDKIM.? I've noted the config below, but the basic issue > is that my mails aren't being DKIM signed and my logs, while showing no > mail-related errors, also don't show any evidence of milters running or > trying to run.? So I'm suspecting postfix config error rat

Re: OpenDKIM but no log of postfix milter running or trying to run

> The config file is active, however. You can check your milter config with $ postconf smtpd_milters non_smtpd_milters milter_default_action or even $ postconf | grep milter You can probably post output it here. Also, try to increase logging: http://www.postfix.org/DEBUG_README.html

Re: OpenDKIM but no log of postfix milter running or trying to run

Thanks.  The suggestion to set milter_default_action to reject is good.  (I also tried unsetting milter_mail_macros.)  Strangely, it doesn't cause a rejection: Oct 14 15:42:53 nantes-1 postfix/smtps/smtpd[5954]: connect from w.z.y.x.rev.sfr.net[x.y.z.w] Oct 14 15:42:53 nantes-1 postfix

Re: OpenDKIM but no log of postfix milter running or trying to run

Set "milter_default_action" to "reject", reload postfix, and try to send mail. You should probably get some errors in maillog. Check your syslog config, to make sure opendkim logs are also written. Check your dkim is running (telnet 127.0.0.1 8891). Btw, I have not set "milter_mail_macros" explic

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

You actually got me on right track. Peeled back the onion abit to how OpenDkim was being started I looked in more depth at start up script used by rc.cof.It was looking for a opendkim.conf in /usr/local/etc/mail not /usr/local/etc/opemdkim Copied opedkim.conf back that and all is good T

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

The thing is … that isn an INCOMING not an outgoing email.. Maybe its is failing a DKIM test for incoming I can’t seem to get OpenDKIM to sign my OUTGOING > On Oct 25, 2019, at 1:17 PM, Fazzina, Angelo > wrote: > > > From what I can tell the DNS record was

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

On October 25, 2019 9:58:28 PM GMT+02:00, Jason Hirsh wrote: >I am getting entries in my maiillog, but only in regards to OpenDKIM >working to verify INCOMING >These are clearly entries from OpenDKIM. There is nothing >corresponding for actions relative to outgoing mail What happens when you c

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

I am getting entries in my maiillog, but only in regards to OpenDKIM working to verify INCOMING These are clearly entries from OpenDKIM. There is nothing corresponding for actions relative to outgoing mail Jason > On Oct 25, 2019, at 3:52 PM, Christian Kivalo > wrote: > > On October 25, 201

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

On October 25, 2019 6:52:52 PM GMT+02:00, Jason Hirsh wrote: >I have gone over my configuration with a fine tooth comb, but >considering I put them together it is not surprising I can’t spot >anything > > >O have been trying to locate opendkim action in my log file. It >appears that that the mai

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

I am trying to get rid of the amount of background I was pretty sure that OPenDKIM should be doing the hard lifting.The think that is throwing me for a loop is the absence of any indication of it operating in conjunction with the outgoing mail in the mallow. As show else where it is invol

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

Jason Hirsh: > I have gone over my configuration with a fine tooth comb, but considering I > put them together it is not surprising I can?t spot anything > > > O have been trying to locate opendkim action in my log file. It appears that > that the mail is being reviewed but now header added >

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

Ahh .. Interesting I had not understood that But I am still not signing …. > On Oct 25, 2019, at 2:00 PM, Fazzina, Angelo > wrote: > > From your original email > > Modesv > > > You are verifying and signing so yes that seems to be the

RE: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

wner-postfix-us...@postfix.org On Behalf Of Jason Hirsh Sent: Friday, October 25, 2019 12:53 PM To: Dominic Raferd ; postfix-users@postfix.org Subject: Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD I have gone over my configuration with a fine tooth comb, but considering I

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

I have gone over my configuration with a fine tooth comb, but considering I put them together it is not surprising I can’t spot anything O have been trying to locate opendkim action in my log file. It appears that that the mail is being reviewed but now header added postfix/submission/smtp

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

On Thu, 24 Oct 2019 at 15:28, Jason Hirsh wrote: > > I am trying to revive my OpenDKIM installation. I had it working but managed > to break it when I updated my ports. It is running but not signing outgoing > messages > > My main.cf configuration relative to OpenDkim is > > smtpd_milters = in

Re: OpenDKIM not signing

On Tuesday, April 09, 2019 08:50:52 AM Bill Cole wrote: > On 9 Apr 2019, at 5:36, Ntek, SIA Janis wrote: > > What's your key-size? > > My DNS provider does not support 2048, I found it out the hard way. > > Note that this is usually due to a 255-character limit on a single > string in a TXT record

Re: OpenDKIM not signing

On 9 Apr 2019, at 5:36, Ntek, SIA Janis wrote: What's your key-size? My DNS provider does not support 2048, I found it out the hard way. Note that this is usually due to a 255-character limit on a single string in a TXT record. This is because the character-string type in DNS is defined as a

Re: OpenDKIM not signing

* SIA Janis Ntek: > Why do use > > inet:localhost:8891 > Instead of a socket? Probably because the above stream socket is, unfortunately, what is to this day used in both opendkim.conf.simple and opendkim.conf.sample in the source code, although a domain socket would be safer in terms of access r

RE: OpenDKIM not signing

-Original Message- From: owner-postfix-us...@postfix.org On Behalf Of Laura Smith Sent: Tuesday, April 9, 2019 5:43 AM To: Jim P. Cc: postfix-users@postfix.org Subject: Re: OpenDKIM not signing ‐‐‐ Original Message ‐‐‐ On Tuesday, April 9, 2019 9:40 AM, Jim P. wrote: > On Tue, 2019

Re: OpenDKIM not signing

Apr 9 09:40:14 rx200 mail.info opendkim[4396]: C03DE1014429: foobar.example.com [192.0.2.10] not internal It seems that the domain you want to sign is not in the KeyTable or SigningTable! Note that if you put "refile:" before config file path in /etc/opendkim.conf the syntax changes! If Si

Re: OpenDKIM not signing

‐‐‐ Original Message ‐‐‐ On Tuesday, April 9, 2019 9:40 AM, Jim P. wrote: > On Tue, 2019-04-09 at 08:22 +, Laura Smith wrote: > > > OpenDKIM is not signing my mails. > > . > > > KeyTable    /etc/opendkim/KeyTable > > I think this should be: > > KeyTable refile:/etc/ope

Re: OpenDKIM not signing

What's your key-size? My DNS provider does not support 2048, I found it out the hard way. 1024 seems to be the most popular size and google demands at least 1024. Ounce you get the signing working you can regen a 2048 and check if you can feed it in DNS TXT, but for first testing stick to 1024

RE: OpenDKIM not signing

. And just a question, the DNS is already updated? Greetz, Louis > -Oorspronkelijk bericht- > Van: i...@ntek.lv [mailto:owner-postfix-us...@postfix.org] > Namens Ntek, SIA Janis > Verzonden: dinsdag 9 april 2019 11:19 > Aan: postfix-users@postfix.org > Onderwerp

Re: OpenDKIM not signing

Why do use inet:localhost:8891 Instead of a socket? I conf'ed it using this tutorial: https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8/ smtpd_milters = local:opendkim/opendkim.sock non_smtpd_milters = local:opendkim/opendkim.sock The sockets are relative p

Re: OpenDKIM not signing

On Tue, 9 Apr 2019 at 09:41, Jim P. wrote: > On Tue, 2019-04-09 at 08:22 +, Laura Smith wrote: > > OpenDKIM is not signing my mails. > . > > KeyTable/etc/opendkim/KeyTable > > I think this should be: > > KeyTablerefile:/etc/opendkim/KeyTable > > > > Interna

Re: OpenDKIM not signing

On Tue, 2019-04-09 at 08:22 +, Laura Smith wrote: > OpenDKIM is not signing my mails. . > KeyTable    /etc/opendkim/KeyTable I think this should be: KeyTablerefile:/etc/opendkim/KeyTable > InternalHosts   refile:/etc/opendkim/TrustedHosts Try using E

Re: openDKIM and postfix

On May 20, 2018, at 7:24 PM, John Levine wrote: > > Has anyone actually seen it happen in the > wild in the past decade? yes, web.de, gmx.net and other domains operated by 1&1 for example. or freemail.de or all the domains hosted by Eleven (today Cyren) For that it /is/ a huge problem in Germ

Re: openDKIM and postfix

> On May 20, 2018, at 7:59 PM, Viktor Dukhovni > wrote: > > I have a dataset with ~1.4 million MX hosts. Running through those > at a gentle pace (one at a time) after the first ~200 MX hosts I have > 10 that don't announce 8BITMIME. I stopped the scan after 2308 MX hosts of which 72 did not

Re: openDKIM and postfix

> On May 20, 2018, at 7:24 PM, John Levine wrote: > > Has anyone actually seen it happen in the > wild in the past decade? I have a dataset with ~1.4 million MX hosts. Running through those at a gentle pace (one at a time) after the first ~200 MX hosts I have 10 that don't announce 8BITMIME.

Re: OpenDKIM SOCK path on Debian Jessie

Il 2017-10-16 19:07 A. Schulze ha scritto: [..] postfix and sendmail/milter use different notation to describe the same socket location. http://www.postfix.org/MILTER_README.html#smtp-only-milters vs. http://opendkim.org/opendkim.conf.5.html (search for "Socket" ...) to me your setup looks fine

Re: OpenDKIM SOCK path on Debian Jessie

Am 16.10.2017 um 18:51 schrieb Davide Marchi: > SOCKET="local:/var/spool/postfix/var/run/opendkim/opendkim.sock" vs. > smtpd_milters = unix:/var/run/opendkim/opendkim.sock > non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock postfix and sendmail/milter use different notation to describe th

Re: OpenDKIM on backup MX

You are welcome. In case of DNS you might use cache TTL high and use backup DNS service providers to make it reliable. ‎ Anvar Kuchkartaev  an...@anvartay.com    Original Message   From: Davide Marchi Sent: martes, 10 de octubre de 2017 10:27 p.m. To: postfix-users@postfix.org Subject: Re

Re: OpenDKIM on backup MX

Il 2017-10-10 16:36 Anvar Kuchkartaev ha scritto: You can use 2 separate keys on servers with different selectors and use 2 DNS records as public keys (for security reasons it will be better). Recipient of email will query dns record to identify if signature of the email is right or not.‎ It will

Re: OpenDKIM on backup MX

You can use 2 separate keys on servers with different selectors and use 2 DNS records as public keys (for security reasons it will be better). Recipient of email will query dns record to identify if signature of the email is right or not.‎ It will generate dns request based on the signature and i

Re: OpenDKIM on backup MX

* Davide Marchi : > Hello friends, > On Debian Jessie I would like to enable OpenDKIM on my two Postfix > servers. For signing when sending out mails? > My question is how to behave with the secondary backup server. > Enable it as on the first and then I copy the key from first to > secondary?

Re: OpenDKIM, Milters and Postfix .... config pointer needed

Just for anyone who reads this thread in the future... A **BIG** thank you to the awesome Benny ! A little bit of off-list help lead me to discovering two missing config lines : #master.cf -o milter_macro_daemon_name=ORIGINATING # opendkim.conf MTA ORIGINATING

Re: OpenDKIM, Milters and Postfix .... config pointer needed

Tim Smith skrev den 2017-01-25 16:40: P.S. Yes I know OpenDKIM has a “TrustedHosts” config file. But that would not be much good for me as my SMTP client machines can connect from anywhere. And putting 0.0.0.0 in OpenDKIM trusted hosts wouldn’t work either as I have a second postfix instance th

RE: OpenDKIM

llen ; postfix users Subject: Re: OpenDKIM On Fri, Nov 6, 2015 at 10:13 AM, John Allen mailto:j...@klam.ca>> wrote: Is OpenDKIM worth while? I use amavis and it says it signs and verifies DKIM so do need anything else? Disclaimer: as the OpenDKIM package maintainer for Fedora/EPEL, and a cont

Re: OpenDKIM

On 11/7/2015 10:03 AM, yahoogro...@lazygranch.xyz wrote: > ‎Note that Domain Keys is not the same as DKIM. DKIM supercedes Domain Keys. > > http://support2.constantcontact.com/articles/FAQ/2213 > > I'm no guru on this, so correct away if I'm wrong. > > I can pass DKIM, but not Domain Keys. I d

Re: OpenDKIM

On Sat, Nov 7, 2015 at 9:19 AM, wrote: > Some of my favs: > > https://en.internet.nl/ (if you're running Postscreen, it will fail the > TLS test as it doesn't wait for the STARTTLS offer) > http://www.mail-tester.com > https://ssl-tools.net > https://dane.sys4.de/ (thanks Victor!) > http://arp.si

Re: OpenDKIM

On 2015-11-07 16:41, Mike wrote: On 11/7/2015 9:09 AM, Steve Jenkins wrote: On Saturday, November 7, 2015, John Allen mailto:j...@klam.ca>> wrote: Interesting! I tried a couple of DKIM test sites, one says I am signing my emails, the other says I am not!! Mailradar say I am no

Re: OpenDKIM

Some of my favs: https://en.internet.nl/ (if you're running Postscreen, it will fail the TLS test as it doesn't wait for the STARTTLS offer) http://www.mail-tester.com https://ssl-tools.net https://dane.sys4.de/ (thanks Victor!) http://arp.simson.net/dev/dane_check.cgi/ (defunct :( ) On 11/07/201

Re: OpenDKIM

implementation, though Constant Contact claims they can.  ‎ ‎ ‎ Sent from my BlackBerry 10 smartphone.   Original Message   From: Steve Jenkins Sent: Saturday, November 7, 2015 6:11 AM To: John Allen Cc: postfix-users@postfix.org Subject: Re: OpenDKIM On Saturday, November 7, 2015, John Allen wro

Re: OpenDKIM

On 11/7/2015 9:09 AM, Steve Jenkins wrote: > On Saturday, November 7, 2015, John Allen > wrote: > > Interesting! > I tried a couple of DKIM test sites, one says I am signing my > emails, the other says I am not!! > Mailradar say I am not signing! > DKIMVal

Re: OpenDKIM

On Saturday, November 7, 2015, John Allen wrote: > Interesting! > I tried a couple of DKIM test sites, one says I am signing my emails, the > other says I am not!! > Mailradar say I am not signing! > DKIMValidator say I am! > My favorite "test site" for SPF, DKIM, DMARC configuration and validat

Re: OpenDKIM

Hi On 2015-11-07 14:30, John Allen wrote: Interesting! I tried a couple of DKIM test sites, one says I am signing my emails, the other says I am not!! Mailradar say I am not signing! DKIMValidator say I am! They are both right. Mailradar checks for DomainKeys (rfc4870) signatures, DomainKeys

Re: OpenDKIM

Interesting! I tried a couple of DKIM test sites, one says I am signing my emails, the other says I am not!! Mailradar say I am not signing! DKIMValidator say I am! On 2015-11-06 1:13 PM, John Allen wrote: Is OpenDKIM worth while? I use amavis and it says it signs and verifies DKIM so do need

Re: OpenDKIM

On Fri, Nov 6, 2015 at 10:13 AM, John Allen wrote: > Is OpenDKIM worth while? > I use amavis and it says it signs and verifies DKIM so do need anything > else? > Disclaimer: as the OpenDKIM package maintainer for Fedora/EPEL, and a contributor to the upstream project, I'm a bit biased. :) I'm n

RE: OpenDKIM

If Amavis is signing your outbound mail with your (a) private key, and you've published the public key in your DNS so remote servers can verify, then you should be all set. Michael Munger, dCAP, MCPS, MCNPS, MBSS High Powered Help, Inc. Microsoft Certified Professional Microsoft Certified Small

Re: OpenDkim signs incoming emails ???

> Apr 16 17:18:46 dante opendkim[17056]: (unknown-jobid): not authenticated > > Apr 16 17:18:46 dante opendkim[17056]: 9AB782118043: no signature data > > Apr 16 17:18:46 dante postfix/qmgr[17770]: 9AB782118043: > from=, size=19094, nrcpt=1 (queue active) > > Apr 16 17:18:46 dante postfix/smtpd[

Re: OpenDkim signs incoming emails ???

i...@itrezero.it: > Hi all. > > I've a strange behaviour of my Postfix server: it seems to sign all incoming > emails! Postfix does not sign any email. You may have mis-configured opendkim. Wietse

Re: opendkim-2.10.1 issue

On Tue, March 31, 2015 16:42, Wietse Venema wrote: > James B. Byrne: >> Mar 31 16:17:58 inet08 postfix-p25/smtpd[20097]: warning: connect to >> Milter service inet:127.0.0.1:8891: Connection refused > > This normally means the port is not open (no process listening). > Use a suitable command to li

Re: opendkim-2.10.1 issue

James B. Byrne: > Mar 31 16:17:58 inet08 postfix-p25/smtpd[20097]: warning: connect to > Milter service inet:127.0.0.1:8891: Connection refused This normally means the port is not open (no process listening). Use a suitable command to list all open sockets: netstat, or lsof, and see what port open

Re: opendkim and opendmarc failure for yahoo.com

Am 05.10.2014 um 19:23 schrieb Robert Schetterer: > Am 05.10.2014 um 19:01 schrieb li...@rhsoft.net: >> >> Am 05.10.2014 um 18:47 schrieb Wietse Venema: >>> Inteq Solution - Dep. tehnic: No security appliance in front of Postifix. I use SpamAssassin that tags with X-Spam. I have

RE: opendkim and opendmarc failure for yahoo.com

ge- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema Sent: Sunday, October 05, 2014 7:48 PM To: Postfix users Subject: Re: opendkim and opendmarc failure for yahoo.com Inteq Solution - Dep. tehnic: > No security appliance in front

Re: opendkim and opendmarc failure for yahoo.com

Am 05.10.2014 um 19:16 schrieb Viktor Dukhovni: > On Sun, Oct 05, 2014 at 07:00:20PM +0200, Robert Schetterer wrote: > >> Am 05.10.2014 um 17:52 schrieb Wietse Venema: >>> Inteq Solution - Dep. tehnic: Oct 5 17:55:44 ns4 opendkim[3861]: A2CCA44674: s=s2048 d=yahoo.com SSL error:04091068

Re: opendkim and opendmarc failure for yahoo.com

Am 05.10.2014 um 19:01 schrieb li...@rhsoft.net: > > Am 05.10.2014 um 18:47 schrieb Wietse Venema: >> Inteq Solution - Dep. tehnic: >>> No security appliance in front of Postifix. >>> I use SpamAssassin that tags with X-Spam. >>> >>> I have disabled AV scanning. No luck >>> I have disabled dkim-mi

Re: opendkim and opendmarc failure for yahoo.com

On Sun, Oct 05, 2014 at 07:00:20PM +0200, Robert Schetterer wrote: > Am 05.10.2014 um 17:52 schrieb Wietse Venema: > > Inteq Solution - Dep. tehnic: > >> Oct 5 17:55:44 ns4 opendkim[3861]: A2CCA44674: s=s2048 d=yahoo.com SSL > >> error:04091068:rsa routines:INT_RSA_VERIFY:bad signature > > yes t

Re: opendkim and opendmarc failure for yahoo.com

Am 05.10.2014 um 18:47 schrieb Wietse Venema: Inteq Solution - Dep. tehnic: No security appliance in front of Postifix. I use SpamAssassin that tags with X-Spam. I have disabled AV scanning. No luck I have disabled dkim-milter. No luck Weird thing is that from other dmarc enabled domains, the

Re: opendkim and opendmarc failure for yahoo.com

Am 05.10.2014 um 17:52 schrieb Wietse Venema: > Inteq Solution - Dep. tehnic: >> Oct 5 17:55:44 ns4 opendkim[3861]: A2CCA44674: s=s2048 d=yahoo.com SSL >> error:04091068:rsa routines:INT_RSA_VERIFY:bad signature yes that ssl stuff looks broken somekind, perhaps thats the reason > > If this were

Re: opendkim and opendmarc failure for yahoo.com

Inteq Solution - Dep. tehnic: > No security appliance in front of Postifix. > I use SpamAssassin that tags with X-Spam. > > I have disabled AV scanning. No luck > I have disabled dkim-milter. No luck > > Weird thing is that from other dmarc enabled domains, the result is pass and > email delivery

Re: opendkim and opendmarc failure for yahoo.com

On Sun, Oct 05, 2014 at 07:30:20PM +0300, Inteq Solution - Dep. tehnic wrote: > No security appliance in front of Postifix. > I use SpamAssassin that tags with X-Spam. > > I have disabled AV scanning. No luck > I have disabled dkim-milter. No luck > > Weird thing is that from other dmarc enabled

RE: opendkim and opendmarc failure for yahoo.com

problem. -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema Sent: Sunday, October 05, 2014 6:53 PM To: Postfix users Subject: Re: opendkim and opendmarc failure for yahoo.com Inteq Solution - Dep. tehnic: > Oct 5 17

Re: opendkim and opendmarc failure for yahoo.com

Inteq Solution - Dep. tehnic: > Oct 5 17:55:44 ns4 opendkim[3861]: A2CCA44674: s=s2048 d=yahoo.com SSL > error:04091068:rsa routines:INT_RSA_VERIFY:bad signature If this were a common problem then there would be many reports, so I presume that you are receiving corrupted email. Do you have a s

Re: opendkim and opendmarc failure for yahoo.com

Am 05.10.2014 um 17:05 schrieb Inteq Solution - Dep. tehnic: > Hello, > > > > Having some issues with messages from yahoo.com > > They seem to fail dkim and dmarc verification. > > Dmarc from gmail.com (for example) works just fine. > > Any clue if Yahoo is having some problems? > > Can’t s