Fwd: opendkim getting hardfail with Google

From: Chris C <mazzystr_at_gmail.com>
Date: Wed, 9 Mar 2011 14:07:40 -0500

I went with option 3.

I added this to /etc/opendkim.conf...
ReplaceRules            /etc/mail/dkim/replace_rules

and added this to /etc/mail/dkim/replace_rules...
_at_mailgate1.akc.org      @akc.org

and I get this from Google...
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
crc_at_akc.org designates as permitted sender)
smtp.mail=crc_at_akc.org; dkim=pass header.i=_at_akc.org

Thanks for your help Gents!

/Chris C

On Wed, Mar 9, 2011 at 1:53 PM, Murray S. Kucherawy <msk_at_cloudmark.com> wrote:
>> -----Original Message-----
>> From: opendkim-users-bounce_at_lists.opendkim.org [mailto:opendkim-users-bounce_at_lists.opendkim.org] On Behalf Of Chris C
>> Sent: Wednesday, March 09, 2011 10:34 AM
>> To: Murray S. Kucherawy
>> Cc: opendkim-users_at_lists.opendkim.org
>> Subject: Re: opendkim getting hardfail with Google
>> [...]
> Your configuration file confirms my suspicion.  After OpenDKIM adds your signature, which covers the From: field, sendmail is changing the From: field which immediately invalidates the signature.
>> Any ideas?
> Any of these should give you what you want:
> 1) Arrange to inject mail into sendmail in a way that won't be modified.  In your case, generate mail as "crc_at_akc.org" instead of with the longer name, which turns masquerading into a no-op.  I use alpine to read my mail at home and doing this via its configuration solved the problem for me.
> 2) Do some layered sendmail trickery.  (See the end of the top-level README for details.)
> 3) Enable the "replace rules" feature (--enable-replace_rules at compile time) and then configure them so that OpenDKIM will anticipate the rewrite sendmail will do, meaning it will sign the mail as though the rewrite had already occurred, and thus it should pass.  See "ReplaceRules" in opendkim.conf(5) for details.
> 4) Use the Lua "setup" script's odkim.replace_header() function to do the same thing.
> -MSK
Received on Wed Mar 09 2011 - 19:07:52 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:16 PST