Do you have any idea why the body has been altered sometimes ? I don't have any log about amavis alterate body message.
You don't think the problem came from this line ? SA dbg: dkim: FAILED DKIM, i=@groupeastek365.onmicrosoft.com, d=groupeastek365.onmicrosoft.com, s=selector1-groupeastek-fr, a=rsa-sha256, c=relaxed/relaxed, fail, does not match author domain Thx, Le 09/08/2017 à 16:37, David Jones a écrit : > On 08/09/2017 09:33 AM, Felix Defrance wrote: >> Hi all, >> >> I don't understand why Mail::SpamAssassin::Plugin::DKIM fail on >> signature verification instead of opendkim success.. >> >> I see thats issues on domain which use onmicrosoft.com or gappssmtp.com >> >> Here is the mail trace on my MTA, if anybody could help me. >> >> Thx, >> >> Aug 9 10:25:42 vmail opendkim[21923]: 0D81A778B1D: >> mail-he1eur01on0135.outbound.protection.outlook.com [104.47.0.135] >> not internal >> Aug 9 10:25:42 vmail opendkim[21923]: 0D81A778B1D: not authenticated >> Aug 9 10:25:42 vmail opendkim[21923]: 0D81A778B1D: no signing domain >> match for 'groupeastek.fr' >> Aug 9 10:25:42 vmail opendkim[21923]: 0D81A778B1D: no signing >> subdomain match for 'groupeastek.fr' >> Aug 9 10:25:42 vmail opendkim[21923]: 0D81A778B1D: failed to parse >> authentication-results: header field >> Aug 9 10:25:42 vmail opendkim[21923]: 0D81A778B1D: DKIM verification >> successful >> Aug 9 10:25:43 vmail opendkim[21923]: 0D81A778B1D: >> s=selector1-groupeastek-fr d=groupeastek365.onmicrosoft.com SSL >> Aug 9 10:25:43 vmail opendmarc[7879]: 0D81A778B1D: groupeastek.fr none >> Aug 9 10:25:43 vmail postfix/qmgr[9226]: 0D81A778B1D: >> from=<t...@groupeastek.fr>, size=558389, nrcpt=1 (queue active) >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) ESMTP :10024 >> /var/lib/amavis/tmp/amavis-20170809T101204-01524-PE_s500S: >> <t...@groupeastek.fr> -> <t...@tata.com> SIZE=558389 Received: from >> vmail.tata.com ([127.0.0.1]) by localhost (vmail.tata.com >> [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for >> <t...@tata.com>; Wed, 9 Aug 2017 10:25:43 +0200 (CEST) >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) Checking: 9j8FwaumEeNr >> [104.47.0.135] <t...@groupeastek.fr> -> <t...@tata.com> >> Aug 9 10:25:43 vmail postfix/smtpd[4885]: disconnect from >> mail-he1eur01on0135.outbound.protection.outlook.com[104.47.0.135] >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) p005 1 Content-Type: >> multipart/mixed >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) p006 1/1 Content-Type: >> multipart/related >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) p007 1/1/1 >> Content-Type: multipart/alternative >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) p001 1/1/1/1 >> Content-Type: text/plain, size: 968 B, name: >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) p002 1/1/1/2 >> Content-Type: text/html, size: 5183 B, name: >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) p003 1/1/2 >> Content-Type: image/png, size: 4414 B, name: image001.png >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) p004 1/2 Content-Type: >> application/pdf, size: 393097 B, name: DC_ASTEK_Q_Charles_2017_08.pdf >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) truncating a message >> passed to SA at 211221 bytes, orig 558708 >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: dkim: >> performing public key lookup and signature verification >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: dkim: FAILED >> DKIM, i=@groupeastek365.onmicrosoft.com, >> d=groupeastek365.onmicrosoft.com, s=selector1-groupeastek-fr, >> a=rsa-sha256, c=relaxed/relaxed, fail, does not match author domain >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: dkim: >> signature verification result: FAIL (BODY HAS BEEN ALTERED) >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: dkim: adsp: >> performing lookup on _adsp._domainkey.groupeastek.fr >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: dkim: adsp >> result: U/unknown (dns: unknown), author domain 'groupeastek.fr' >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: spf: checking >> to see if the message has a Received-SPF header that we can use >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: spf: found a >> Received-SPF header added by an internal host: Received-SPF: Pass >> (sender SPF authorized) identity=mailfrom; client-ip=104.47.0.135; >> helo=eur01-he1-obe.outbound.protection.outlook.com; >> envelope-from=t...@groupeastek.fr; receiver=t...@tata.com >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: spf: re-using >> mfrom result from Received-SPF header: pass >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: spf: checking >> HELO (helo=EUR01-HE1-obe.outbound.protection.outlook.com, >> ip=104.47.0.135) >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: spf: query for >> /104.47.0.135/EUR01-HE1-obe.outbound.protection.outlook.com: result: >> pass, comment: , text: Mechanism 'include:spf.protection.outlook.com' >> matched >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: spf: >> def_whitelist_from_spf: t...@groupeastek.fr is not in >> DEF_WHITELIST_FROM_SPF >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: dkim: FAILED >> signature by groupeastek365.onmicrosoft.com, author >> t...@groupeastek.fr, no valid matches >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: dkim: author >> t...@groupeastek.fr, not in any dkim whitelist >> Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: spf: >> whitelist_from_spf: t...@groupeastek.fr is not in user's >> WHITELIST_FROM_SPF >> Aug 9 10:25:44 vmail amavis[1524]: (01524-06) spam-tag, >> <t...@groupeastek.fr> -> <t...@tata.com>, No, score=3.189 >> tagged_above=-9999 required=5 tests=[BAYES_00=-1.9, >> CUST_DKIM_SIGNED_INVALID=5, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, >> RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, >> RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, >> T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no >> >> -- >> Félix >> PGP: 0x0F04DC57 >> > > This is in the logs above: > > dbg: dkim: signature verification result: FAIL (BODY HAS BEEN ALTERED) > -- Félix Defrance PGP: 0x0F04DC57
