> I tried, but still have no clue, but discovered another horrible thing. > I tried to send another email from gmail to iwtek.net, the DKIM signature > validates at iwtek.net (see attachment). I am running mad now... > http://old.nabble.com/file/p28178961/gmail.eml gmail.eml
One thing I noticed: this second message contains a header field: X-mail-iwtek-net-MailScanner-SpamCheck: not spam, SpamAssassin (not cached but the first one does not say "not cached". Could it be a MailScanner issue, that it was reusing a cached SpamAssassin results from some earlier mail sample. Having a trivial message with a single '=' line in a body makes it very likely to hit a body hash of some earlier test message. > I changed to use 1024 bit RSA key, and seems the email passed DKIM > validation. Seems that my perl installation at iwtek.net somehow cannot > validate 2048 bit RSA DKIM signatures. Does anyone have some clue? That is possible too, the DNS packet is probably larger than 512 bytes, and perhaps your DNS resolver does not fallback to TCP or EDNS0, or you have TCP on port 53 blocked at a firewall. Mark
