Hi!
I'm currently using exim 4.72 with DKIM active. I recognized recently that
I've many entries in my logfile with failed signatures from prominent
domains like paypal,gmail,yahoo. Many of them are results from changes done
by mailinglists. But in case of paypal I can't see the cause.
My big problem is debugging with mails from paypal. All I currently know is
that verifying the same incoming mail fails in exim, but succeeds in
SpamAssassin. I've only logfile entries and headers. I've currently no
sample for debugging purposes I can share.
eg:
Jan 10 18:39:39 ray exim[26539]: 1PcLiU-0006u3-8u DKIM: d=paypal.de s=dkim
c=relaxed/relaxed a=rsa-sha1 i=@paypal.de t=1294681175 [verification failed
- signature did not verify (headers probably modified in transit)]
Jan 10 18:39:39 ray exim[26539]: 1PcLiU-0006u3-8u H=mx0.phx.paypal.com
(mx0.phx.paypal.com) [66.211.168.230] Warning: DKIM: header.i=paypal.de
adsp:dkim=discardable result:fail signature_incorrect
Jan 10 18:39:39 ray exim[26539]: 1PcLiU-0006u3-8u H=mx0.phx.paypal.com
(mx0.phx.paypal.com) [66.211.168.230] Warning: DKIM: header.i=@paypal.de
adsp:unknown result:fail signature_incorrect
Jan 10 18:39:41 ray exim[26539]: 1PcLiU-0006u3-8u <= payment@???
H=mx0.phx.paypal.com (mx0.phx.paypal.com) [66.211.168.230] P=esmtp S=19933
id=1294681175.5023@???
The signature contained:
DKIM-Signature: v=1; a=rsa-sha1; d=paypal.de; s=dkim; c=relaxed/relaxed;
q=dns/txt; i=@paypal.de; t=1294681175;
h=From:Subject:Date:To:MIME-Version:Content-Type;
bh=xnZHiPMh3KOTEU9BC1ubRoNhqe0=;
.....
The same message/signature verified in SpamAssassin:
Jan 10 18:39:39 ray spamd[17424]: spamd: checking message
<1294681175.5023@???> for spamass:104
Jan 10 18:39:41 ray spamd[17424]: spamd: result: . -16 -
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,...
scantime=1.8,size=18482,...,mid=<1294681175.5023@???>,...
Does somebody else see these failed sigs from paypal?
Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha@???> |
http://www.blafasel.at/
Vienna University Computer Center | Austria
