Re: [exim] skim with yahoo fails ...

Top Page
Delete this message
Reply to this message
Author: Karl-Heinz Wild
Date:  
To: exim-users
Subject: Re: [exim] skim with yahoo fails ...
Thank you for your time and the investigation.
There seems to be no solution on exim side.

I've whitelisted yahoo for the moment.

all the best.
Karl-Heinz

On 23.09.2014, at 14:22, Lena@??? wrote:

>> From: Karl-Heinz Wild
>
>> i've a problem with dkim and yahoo.
>>
>> the log shows me something, it seems very special
>> -----------------------------------------------------------------
>> 2014-09-23 12:00:06 1XWMtC-000Dzw-0C DKIM: d=yahoo.com s=s2048 c=relaxed/relaxed a=rsa-sha256 t=1411466404 [verification failed - signature did not verify (headers probably modified in transit)]
>> 2014-09-23 12:00:06 1XWMtC-000Dzw-0C DKIM: d=yahoo.com s=s1024 c=relaxed/relaxed a=rsa-sha256 t=1411466404 [verification succeeded]
>> 2014-09-23 12:00:06 1XWMtC-000Dzw-0C DKIM TEST: domain=yahoo.com possible_signer=yahoo.com status=fail reason=signature_incorrect
>> -----------------------------------------------------------------
>>
>> as you can see there are two lines. one succeeded and the first fails.
>> the difference seems to be the s=1024 vs s=2048.
>
> I just sent a few test messages via yahooMail ( @ yahoo.com ).
> Messages sent from a MUA (Opera Mail, like Thunderbird) in Eastern Europe
> via SMTP through smtp.mail.yahoo.com (with authentication)
> came from yahoo's datacenter in Ireland (nm14-vm7.bullet.mail.ir2.yahoo.com),
> each message has two DKIM-signatures: top one s=s2048 verification failed
> and bottom one s=s1024 verification succeeded.
> Messages sent from yahooMail's web-interfaces (Basic and FullyFeatured)
> came from yahoo's datacenter in Buffalo,NY (nm5-vm0.bullet.mail.bf1.yahoo.com),
> have only one DKIM-signature with s=s1024.
> Verification done by my Exim 4.83.
>
> I found an older message (05 Jul 2014) submitted from Thunderbird in Argentina
> via SMTP through smtp.mail.yahoo.com, it has two DKIM-signatures and came from
> yahoo's datacenter in Nebraska (nm10-vm4.bullet.mail.ne1.yahoo.com),
> so perhaps submitter's geolocation is irrelevant.
>
> I suspect that yahoos broke something when they did another stupid thing:
> mow messages submitted via SMTP don't show submitter's IP-address anywhere
> in the header (though messages submitted via web-interfaces do show
> submitter's IP-address in the bottom Received).
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/