On 08/09/2017 10:19 AM, Felix Defrance wrote:
Do you have any idea why the body has been altered sometimes ? I don't
have any log about amavis alterate body message.
This happens when any server in the path modify some of the headers or
the body of the email after it was signed by the originator. Older
Exchange servers are known to mess with DKIM signing. I think Exchange
2016 and Office 365 now properly handle mail so that DKIM doesn't break.
It could be any of the Received: mail servers that broke DKIM. I don't
think it was your Amavis that caused it. You could install OpenDKIM and
OpenDMARC as a milter on the MTA to get some extra information before
the message was passed to Amavis.
You don't think the problem came from this line ?
SA dbg: dkim: FAILED DKIM, i=@groupeastek365.onmicrosoft.com,
d=groupeastek365.onmicrosoft.com, s=selector1-groupeastek-fr,
a=rsa-sha256, c=relaxed/relaxed, fail, does not match author domain
No. This didn't cause the problem. It's just showing that the
envelope-from domain didn't match the DKIM d= domain.
groupeastek.fr <> groupeastek365.onmicrosoft.com
Microsoft is trying to be helpful here and automatically DKIM signing
with their own domain.
Thx,
Le 09/08/2017 à 16:37, David Jones a écrit :
On 08/09/2017 09:33 AM, Felix Defrance wrote:
Hi all,
I don't understand why Mail::SpamAssassin::Plugin::DKIM fail on
signature verification instead of opendkim success..
I see thats issues on domain which use onmicrosoft.com or gappssmtp.com
Here is the mail trace on my MTA, if anybody could help me.
Thx,
Aug 9 10:25:43 vmail amavis[1524]: (01524-06) SA dbg: dkim:
signature verification result: FAIL (BODY HAS BEEN ALTERED)
--
Félix
PGP: 0x0F04DC57
This is in the logs above:
dbg: dkim: signature verification result: FAIL (BODY HAS BEEN ALTERED)
--
Félix Defrance
PGP: 0x0F04DC57
--
David Jones
