[AMaViS-user] Dkim signing and altermime / disclaimer failure
This is a discussion on [AMaViS-user] Dkim signing and altermime / disclaimer failure within the Amavis User forums, part of the Anti-Spam and Anti-Virus Related Forums category; Seems if you use dkim to sign outgoing email through amavisd-new policy bank and forward-method, the 'disclaimer' added ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-07-2007
|
|||
|
|||
[AMaViS-user] Dkim signing and altermime / disclaimer failure
Seems if you use dkim to sign outgoing email through amavisd-new policy
bank and forward-method, the 'disclaimer' added to message does not pass the body test. since it seems to sign the message before the disclaimer is added. Q) how do I get it to sign AFTER mangling (do I do it in amavisd.conf?) or wait till Mark gets back? (as least assume this is why I get this error on reflector: testing.dkim.org; header.DKIM-Signature=@secnap.net; dkim=fail ( Err: body altered; RSA-128 err: hdrdiffs=none; bodyvfy=no; secnap.net/s102 4 fail; ); header.From=scheidell@secnap.net; dkim=neutral [DKIM-Bodyhash: Warning] body hashes do not match for "Michael Scheidell" sig=k9XtizUNBPIHQDW1po4NYI6foNM= calc=QsnK/S4Ee01odgjQhyN9o4FaZjk= [DKIM-Vfy: Warning] RSA-128 err: scheidell@secnap.net hdrdiffs=none; bodyvfy=no; openssl=error:00000000:lib(0):func(0):reason(0); 'v=1; a=rsa-sha1; c=relaxed; d=secnap.net; h=mime-version:content-type:content-transfer-encoding:subject: date:message-id:from:to; q=dns/txt; s=s1024; bh=k9XtizUNBPIHQDW1 po4NYI6foNM=; b=' Using FREEBSD, postfix, amavisd-new 2.5.2, Mail:DKIM .26, dkimproxy. Used this to do forwarding, disclaimers: (using dkim proxy from ports, in rc.conf: amavisd-new forward sends to 127.0.0.1:10027. Dkimproxy listens on 127.0.0.0:10027, signs message and send back out 10028. Postfix listens on 10028 and sends email back out. dkimproxy_out_enable="YES" dkimproxy_out_flags="--keyfile=/usr/local/etc/dkimproxy/private.key \ --selector=s1024 --domain=secnap.com,secnap.net --method=relaxed \ 127.0.0.1:10027 127.0.0.1:10028" master.cf: 127.0.0.1:10028 inet n - n - 10 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_chec ks,no_header_body_chec ks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,rej ect -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 amavisd.conf @altermime_args_disclaimer = qw(--verbose --disclaimer=/var/amavis/etc/disclaimer.txt --disclaimer-html=/var/amavis/etc/disclaimer.html); $defang_maps_by_ccat{+CC_CLEAN} = [ 'disclaimer' ]; $policy_bank{'MYNETS'} = { # mail originating from @mynetworks originating => 1, forward_method => 'smtp:[127.0.0.1]:10027', allow_disclaimers => 1, smtpd_discard_ehlo_keywords => ['8BITMIME'], ..... -- Michael Scheidell, CTO Join SECNAP at SecureWorld Philadelphia May 16-17 http://www.secnap.com/events for free and discounted seminar tickets __________________________________________________ _______________________ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com __________________________________________________ _______________________ ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/...fo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ 
|
Linear Mode
