Re: [exim] skim with yahoo fails ...

Top Page
Delete this message
Reply to this message
Author: Lena
Date:  
To: exim-users
Subject: Re: [exim] skim with yahoo fails ...
> From: Karl-Heinz Wild

> i've a problem with dkim and yahoo.
>
> the log shows me something, it seems very special
> -----------------------------------------------------------------
> 2014-09-23 12:00:06 1XWMtC-000Dzw-0C DKIM: d=yahoo.com s=s2048 c=relaxed/relaxed a=rsa-sha256 t=1411466404 [verification failed - signature did not verify (headers probably modified in transit)]
> 2014-09-23 12:00:06 1XWMtC-000Dzw-0C DKIM: d=yahoo.com s=s1024 c=relaxed/relaxed a=rsa-sha256 t=1411466404 [verification succeeded]
> 2014-09-23 12:00:06 1XWMtC-000Dzw-0C DKIM TEST: domain=yahoo.com possible_signer=yahoo.com status=fail reason=signature_incorrect
> -----------------------------------------------------------------
>
> as you can see there are two lines. one succeeded and the first fails.
> the difference seems to be the s=1024 vs s=2048.


I just sent a few test messages via yahooMail ( @ yahoo.com ).
Messages sent from a MUA (Opera Mail, like Thunderbird) in Eastern Europe
via SMTP through smtp.mail.yahoo.com (with authentication)
came from yahoo's datacenter in Ireland (nm14-vm7.bullet.mail.ir2.yahoo.com),
each message has two DKIM-signatures: top one s=s2048 verification failed
and bottom one s=s1024 verification succeeded.
Messages sent from yahooMail's web-interfaces (Basic and FullyFeatured)
came from yahoo's datacenter in Buffalo,NY (nm5-vm0.bullet.mail.bf1.yahoo.com),
have only one DKIM-signature with s=s1024.
Verification done by my Exim 4.83.

I found an older message (05 Jul 2014) submitted from Thunderbird in Argentina
via SMTP through smtp.mail.yahoo.com, it has two DKIM-signatures and came from
yahoo's datacenter in Nebraska (nm10-vm4.bullet.mail.ne1.yahoo.com),
so perhaps submitter's geolocation is irrelevant.

I suspect that yahoos broke something when they did another stupid thing:
mow messages submitted via SMTP don't show submitter's IP-address anywhere
in the header (though messages submitted via web-interfaces do show
submitter's IP-address in the bottom Received).