[Users] List server: bad DKIM?
Pierre Fortin
pf at pfortin.com
Sun Feb 18 06:15:33 CET 2018
On Fri, 16 Feb 2018 17:54:35 -0500 Pierre Fortin wrote:
>Hi,
>
>Did something change on the list server recently?
>
>With the list more active lately, I've noticed that I'm seeing replies
>to messages I haven't seen. Tracked this down to my MTA (luxsci.com)
>deleting messages with DKIM issues. Rather than delete, I've changed the
>MTA action to modify the message by adding "DKIM" in the Subject and it's
>now passing more list messages with DKIM in the subject. Strangely,
>some messages pass the DKIM test while others don't...
>
>Is the list server's DKIM failing?
This is getting convoluted; but before going to bed, here's what I've
found...
I see threads where only Paul's emails appear -- really weird to see lots
of answers to questions never seen... :] I can't see those missing
messages; but since allowing messages failing DKIM to pass (about 48
hours ago), a pattern is emerging...
Every message my provider flags (previously discarded) contains an
Authentication-Results header:
Received: by mx.colino.net (Postfix, from userid 1024)
id 7FAD22100522; Sun, 18 Feb 2018 00:03:36 +0100 (CET)
Authentication-Results: mx.colino.net; dkim=fail
reason="verification failed; insecure key"
header.d=gmail.com header.i=@gmail.com header.b=htu2K9Mi;
dkim-adsp=none (insecure policy); dkim-atps=neutral
Received: from marv.colino.net (localhost [IPv6:::1])
by mx.colino.net (Postfix) with ESMTP id F305A2100499;
Sun, 18 Feb 2018 00:01:44 +0100 (CET)
while messages that aren't flagged
a) do not contain this header, nor DKIM signatures from previous MTAs:
Received: by mx.colino.net (Postfix, from userid 1024)
id 17B6921004D7; Sat, 17 Feb 2018 22:10:49 +0100 (CET)
Received: from marv.colino.net (localhost [IPv6:::1])
by mx.colino.net (Postfix) with ESMTP id A863F210049B;
Sat, 17 Feb 2018 22:09:31 +0100 (CET)
b) have DKIM signatures before arriving at marv.colino.net and a new one
gets inserted between marv.colino.net and mx.colino.net:
Received: by mx.colino.net (Postfix, from userid 1024)
id CEACB21004A4; Sat, 17 Feb 2018 19:10:54 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=claws-mail.org;
s=mail; t=1518891054;
bh=FscXU3w6gLWcDd2bLXeHroxP6fLq5HgHN7D9qA0o8og=;
h=Date:From:To:In-Reply-To:References:Subject:List-Id:
List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe;
b=J41KSmxFTa2rPmpVb+CTsfeZHTm8OiB6utD0IYYk/snvJCYFWH0hzSB4Oug3+P/g8
JPGjM7lPPvr0b/39QTFAZ0HZHYeBcIgxpLCGboRl4+zSm/6AiCZ0JPrq+3qU+ZNQKA
3ZGwhC3rUaQRzY8+9B1CnKfFrucwOYrtcixswLWc=
Received: from marv.colino.net (localhost [IPv6:::1])
by mx.colino.net (Postfix) with ESMTP id 755D8210048A;
Sat, 17 Feb 2018 19:10:27 +0100 (CET)
Questions I hope to dig into in the morning:
- colino.net can't sign a message if it doesn't like the prev sig, can it?
- Is the preceding DKIM signature really bad, or is colino.net glitchy?
- In the case of invalid.tld, is Google inserting signatures in the
correct order?:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=invalid.tld;
s=google;
v=1; a=rsa-sha256; c=relaxed/relaxed;
- Is colino.net reading these Google signatures correctly?
- Is the X-Google-DKIM-Signature included in its DKIM-Signature?
- Is colino.net being confused by this dual Google sig?
- Other?
Those who get up 5-6 hours ahead of me are welcome to add questions, or a
fix... :)
Hope I didn't screw up in collecting data while groggy...
G'nite,
Pierre
More information about the Users
mailing list