Hi,
I have been experimenting with Exim's experimental DKIM support (v4.69),
and now I have run into something that I can't explain.
Verification of DKIM signed mail works, at least for mail that I sent
and signed myself:
Authenticaton-Results: post.dev-zero.nl; dkim=good
header.i=@grendelman.net
Now, I have a Gmail account set up to forward mail to my personal
mailbox, and when I send a signed mail there, Google checks my
signature, and finds it OK:
Authenticaton-Results: mx.google.com; spf=neutral (...)
smtp.mail=martijn@???; dkim=pass header.i=@grendelman.net
but when my own Exim server receives the mail back from Google, the DKIM
signature is found bad:
Authenticaton-Results: post.dev-zero.nl; dkim=bad header.i=@grendelman.net
The only reason I can think of why this would happen, is if Google
changed the message somehow before forwarding it, but I can't find any
evidence that they did, at least not the body, or any of the signed
headers (h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type).
I have in the DATA ACL:
warn message = Authentication-Results: $primary_hostname; \
dkim=${lookup dkim{DKIM_DOMAIN}} header.i=@DKIM_DOMAIN
log_message = DKIM results for DKIM_DOMAIN: ${lookup
dkim{DKIM_DOMAIN}}
!condition = ${if eq{${lookup dkim{DKIM_DOMAIN}}}{unsigned} }
Any idea why this happens?
Thanks,
Martijn.
