[pfx] Re: Incoming OpenDKIM signature verification failing

2025-05-09 Thread Nick Tait via Postfix-users
On 10/05/2025 14:09, Ken Biggs via Postfix-users wrote: HI Nick, I had cut and pasted from the "Raw Source" view in mac Mail, but double checked in the spool file and those are the headers received in that order. Thanks, Ken Thanks for confirming. My set-up is very similar to yours, and (li

[pfx] Re: Incoming OpenDKIM signature verification failing

2025-05-10 Thread Nick Tait via Postfix-users
On 11/05/2025 07:45, Dmitriy Alekseev via Postfix-users wrote: You can drop received header without dedicated postfix, just do it with milter instead. Rspamd can do it for you with very small Lua script, and do SPF/DKIM/DMARC & ARC all together. This discussion has reminded me of an option tha

[pfx] Re: Incoming OpenDKIM signature verification failing

2025-05-09 Thread Nick Tait via Postfix-users
On 10/05/2025 15:29, Nick Tait via Postfix-users wrote: But of course if the first scenario still exhibits the issue, then that probably disproves my theory immediately? Just thinking a bit more about this... If the first test fails, then you can compare the headers and body in the received

[pfx] Re: Incoming OpenDKIM signature verification failing

2025-05-10 Thread Nick Tait via Postfix-users
On 10/05/2025 08:23, Ken Biggs via Postfix-users wrote: Return-Path: X-Original-To:x...@xxx.com Delivered-To:y...@yyy.jkbiggs.com Received: from mail-qk1-f169.google.com (mail-qk1-f169.google.com [209.85.222.169]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X255

[pfx] Re: Postscreen STARTTLS bug?

2025-06-19 Thread Nick Tait via Postfix-users
On 20/06/2025 08:35, Wietse Venema via Postfix-users wrote: This behavior is consistent with the postscreen code: the code that logs the PREGREET event shows all available input, but does not actually receive that input. The input is received, one line at a time, by the postscreen dummy TLS engin

[pfx] Re: Postscreen STARTTLS bug?

2025-06-18 Thread Nick Tait via Postfix-users
On 18/06/2025 22:33, Nick Tait via Postfix-users wrote: Prior to making the configuration change, the response to the STARTTLS was "454 4.7.0 TLS not available due to local problem", and the SMTP session remained operational, meaning if the client then sent another command (e.g. QUI

[pfx] Postscreen STARTTLS bug?

2025-06-18 Thread Nick Tait via Postfix-users
Hi there. I hope this is the right forum for reporting a possible bug in Postscreen? (Apologies if it isn't...) I've been using Postscreen without "deep protocol tests" for a long time, and it has been doing a fantastic job. I recently noticed a log entry from Postscreen saying "warning: con

[pfx] Re: Postscreen STARTTLS bug?

2025-06-19 Thread Nick Tait via Postfix-users
On 19/06/2025 02:53, Viktor Dukhovni via Postfix-users wrote: Ditto for me: $ (sleep 7; printf "EHLO foo.local\r\n"; sleep 2; printf "STARTTLS\r\n"; sleep 2; printf "QUIT\r\n") | nc -C 127.0.0.1 24 220-amnesiac.example ESMTP Postfix <...6s pause...> 220 amnesiac.example ESMT