You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by Shahid Faiz <sh...@gmail.com> on 2010/07/19 09:41:03 UTC
jDKIM configuration
Hi,
I am trying to configure jDKIM for james 2.3.2. I tried to build jdkim
library from source but build fails with following errors,
[0] 'dependencies.dependency.version' is missing for
org.apache.james:apache-mime4j-core:jar
[1] 'dependencies.dependency.version' is missing for
org.apache.james:apache-mime4j-dom:jar
Is there any other way of getting jdkim library and configuring jDKIM? Or
even can I configure jDKIM with james 2.3.2? Any help is appreciated.
Thanks,
Re: jDKIM configuration
Posted by Shahid Faiz <sh...@gmail.com>.
while building jdkim.
Thanks,
Shahid
On Tue, Jul 20, 2010 at 4:34 PM, Norman Maurer <no...@apache.org> wrote:
> When you get the error, when try to build jdkim or when try to build james
> ?
>
> Bye,
> Norman
>
>
> 2010/7/19 Shahid Faiz <sh...@gmail.com>:
> > Hi,
> >
> > I am trying to configure jDKIM for james 2.3.2. I tried to build jdkim
> > library from source but build fails with following errors,
> >
> > [0] 'dependencies.dependency.version' is missing for
> > org.apache.james:apache-mime4j-core:jar
> > [1] 'dependencies.dependency.version' is missing for
> > org.apache.james:apache-mime4j-dom:jar
> >
> > Is there any other way of getting jdkim library and configuring jDKIM? Or
> > even can I configure jDKIM with james 2.3.2? Any help is appreciated.
> >
> > Thanks,
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
>
Re: jDKIM configuration
Posted by Norman Maurer <no...@apache.org>.
When you get the error, when try to build jdkim or when try to build james ?
Bye,
Norman
2010/7/19 Shahid Faiz <sh...@gmail.com>:
> Hi,
>
> I am trying to configure jDKIM for james 2.3.2. I tried to build jdkim
> library from source but build fails with following errors,
>
> [0] 'dependencies.dependency.version' is missing for
> org.apache.james:apache-mime4j-core:jar
> [1] 'dependencies.dependency.version' is missing for
> org.apache.james:apache-mime4j-dom:jar
>
> Is there any other way of getting jdkim library and configuring jDKIM? Or
> even can I configure jDKIM with james 2.3.2? Any help is appreciated.
>
> Thanks,
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: jDKIM configuration
Posted by Shahid Faiz <sh...@gmail.com>.
i have configured ConvertoTo7Bit but no success. following are james
configurations. Is there anything missing in ConvertTo7Bit configuration?
<mailet match="All" class="ConvertTo7Bit">
</mailet>
<!-- <mailet match="All" class="LogMessage">
</mailet> -->
<mailet match="All" class="DKIMSign">
<signatureTemplate>v=1; s=default; d=mydomain.com;
h=from:to:received:received; t=12345; a=rsa-sha256; bh=;
b=;</signatureTemplate>
<privateKey>
-----PRIVATE KEY IN PEM FORMAT-----
</privateKey>
</mailet>
<!-- Attempt remote delivery using the specified repository for the
spool, -->
<!-- using delay time to retry delivery and the maximum number of
retries -->
<mailet match="All" class="RemoteDelivery">
<outgoing> file://var/mail/outgoing/ </outgoing>
On Sat, Aug 14, 2010 at 11:42 PM, Shahid Faiz <sh...@gmail.com> wrote:
> you are right this may be the problem. i haven't configured ConvertTo7Bit
> before DKIMSign and as James is running on linux where we have LF as EOL
> character.
>
> Thanks very much for the help. I will try this on Monday, hopefully this
> will solve the problem.
>
> - Shahid
>
>
> On Sat, Aug 14, 2010 at 9:52 PM, Stefano Bagnara <ap...@bago.org> wrote:
>
>> 2010/8/14 Shahid Faiz <sh...@gmail.com>:
>> > Hi,
>> >
>> > jDKIM is configured properly and works perfectly fine for emails which I
>> > sent out using any email client but when I bounce emails using Resend
>> mailet
>> > gmail says* **dkim=neutral (body hash did not verify).* DKIMSign mailet
>> is
>> > configured as the last one in transport processor. any hint or help what
>> is
>> > missing?
>>
>> Have you configured a ConvertTo7Bit mailet (bundled with jdkim) just
>> before the DKIMSign mailet?
>>
>> DKIM may have issues with LF (\n) newlines. DKIM expects only CRLF
>> (\r\n) otherwise signing is not possible.
>>
>> Stefano
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>> For additional commands, e-mail: server-user-help@james.apache.org
>>
>>
>
Re: jDKIM configuration
Posted by Shahid Faiz <sh...@gmail.com>.
Hi Jerry,
Yes, you are right. Mails which are sent directly to my gmail account are
verified and delivered to my inbox whereas mails sent using Resend are not
verified and thats why those mails land in Spam.
Yes, I have also guessed that there were no parameters required. I will try
looking into ConvertTo7Bit code if that will help.
Thank you very much for the help.
- Shahid
On Mon, Aug 16, 2010 at 8:12 AM, Jerry M <te...@malcolms.com> wrote:
> So you are using resend mailet to send inbound mail that you receive on to
> a gmail account, right? And mail you send directly is signed correctly, but
> inbound mail that resends to gmail is failing. Is that correct?
>
> I finally got everything up and running with DKIM. I did a direct send to
> gmail and to the port25.com tester (check-auth2@verifier.port25.com).
> Everything looks good now. I'll try adding a resend to gmail to try to
> duplicate your scenario.
>
> On the advise Stephano gave you about the convertTo7Bit mailet, I added it
> ahead of the DKIMSign mailet. There was zero documentation on it. So I
> just guessed that there were no parameters. I assume it's doing it's job.
> But I really don't know if it's doing anything. I still don't know what
> that third mailet is for. But I'm not using it, and DKIM is working.
>
> I'll let you know what I find after adding the resend to gmail.
>
> Jerry
>
>
>
> On 8/15/2010 9:32 PM, Shahid Faiz wrote:
>
>> i have configured ConvertoTo7Bit but no success. following are james
>> configurations. Is there anything missing in ConvertTo7Bit configuration?
>>
>> <mailet match="All" class="ConvertTo7Bit">
>> </mailet>
>> <!--<mailet match="All" class="LogMessage">
>> </mailet> -->
>>
>> <mailet match="All" class="DKIMSign">
>> <signatureTemplate>v=1; s=default; d=mydomain.com;
>> h=from:to:received:received; t=12345; a=rsa-sha256; bh=;
>> b=;</signatureTemplate>
>> <privateKey>
>> -----PRIVATE KEY IN PEM FORMAT-----
>> </privateKey>
>> </mailet>
>>
>> <!-- Attempt remote delivery using the specified repository for
>> the
>> spool, -->
>> <!-- using delay time to retry delivery and the maximum number of
>> retries -->
>> <mailet match="All" class="RemoteDelivery">
>> <outgoing> file://var/mail/outgoing/</outgoing>
>>
>>
>>
>> On Sat, Aug 14, 2010 at 11:42 PM, Shahid Faiz<sh...@gmail.com>
>> wrote:
>>
>>
>> you are right this may be the problem. i haven't configured ConvertTo7Bit
>>> before DKIMSign and as James is running on linux where we have LF as EOL
>>> character.
>>>
>>> Thanks very much for the help. I will try this on Monday, hopefully this
>>> will solve the problem.
>>>
>>> - Shahid
>>>
>>>
>>> On Sat, Aug 14, 2010 at 9:52 PM, Stefano Bagnara<ap...@bago.org>
>>> wrote:
>>>
>>> 2010/8/14 Shahid Faiz<sh...@gmail.com>:
>>>>
>>>>> Hi,
>>>>>
>>>>> jDKIM is configured properly and works perfectly fine for emails which
>>>>> I
>>>>> sent out using any email client but when I bounce emails using Resend
>>>>>
>>>> mailet
>>>>
>>>>> gmail says* **dkim=neutral (body hash did not verify).* DKIMSign mailet
>>>>>
>>>> is
>>>>
>>>>> configured as the last one in transport processor. any hint or help
>>>>> what
>>>>>
>>>> is
>>>>
>>>>> missing?
>>>>>
>>>> Have you configured a ConvertTo7Bit mailet (bundled with jdkim) just
>>>> before the DKIMSign mailet?
>>>>
>>>> DKIM may have issues with LF (\n) newlines. DKIM expects only CRLF
>>>> (\r\n) otherwise signing is not possible.
>>>>
>>>> Stefano
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>>
>>>>
>>>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
>
Re: jDKIM configuration
Posted by Jerry M <te...@malcolms.com>.
Shahid,
I set up for all inbound email to one of my james accounts to resend to
a gmail account. I guess it's good news for me, but bad news for you...
gmail says the resend was signed correctly. This was a single test
from an outside business email address that I have. Hardly an
exhaustive test. As Stephano mentioned, it could be a formatting thing
on the inbound mail, which I suspect can vary greatly from sender to
sender. So I'm going to leave the resend active for a while and watch
as I get additional real emails from various sources and see if I get
any failures and subsequently can detect a pattern.
If you can test on an email account that no 'real' traffic is coming
into, you might try bouncing to the port25.com tester email address I
mentioned below just to see what it tells you. You'll get more info
than gmail gives regarding DKIM. The only thing is that port25.com
sends the analysis info back to the sender. So if this is a live email
and you are bouncing to port25.com test, the sender will get the
analysis reply (probably not what you want..). Hence the recommendation
to do it on a dormant/test email account.
Let me know if you get any additional info.
Jerry
On 8/15/2010 10:20 PM, Shahid Faiz wrote:
> Hi Jerry,
>
> Yes, you are right. Mails which are sent directly to my gmail account are
> verified and delivered to my inbox whereas mails sent using Resend are not
> verified and thats why those mails land in Spam.
>
> Yes, I have also guessed that there were no parameters required. I will try
> looking into ConvertTo7Bit code if that will help.
>
> Thank you very much for the help.
>
> - Shahid
>
> On Mon, Aug 16, 2010 at 8:12 AM, Jerry M<te...@malcolms.com> wrote:
>
>> So you are using resend mailet to send inbound mail that you receive on to
>> a gmail account, right? And mail you send directly is signed correctly, but
>> inbound mail that resends to gmail is failing. Is that correct?
>>
>> I finally got everything up and running with DKIM. I did a direct send to
>> gmail and to the port25.com tester (check-auth2@verifier.port25.com).
>> Everything looks good now. I'll try adding a resend to gmail to try to
>> duplicate your scenario.
>>
>> On the advise Stephano gave you about the convertTo7Bit mailet, I added it
>> ahead of the DKIMSign mailet. There was zero documentation on it. So I
>> just guessed that there were no parameters. I assume it's doing it's job.
>> But I really don't know if it's doing anything. I still don't know what
>> that third mailet is for. But I'm not using it, and DKIM is working.
>>
>> I'll let you know what I find after adding the resend to gmail.
>>
>> Jerry
>>
>>
>>
>> On 8/15/2010 9:32 PM, Shahid Faiz wrote:
>>
>>> i have configured ConvertoTo7Bit but no success. following are james
>>> configurations. Is there anything missing in ConvertTo7Bit configuration?
>>>
>>> <mailet match="All" class="ConvertTo7Bit">
>>> </mailet>
>>> <!--<mailet match="All" class="LogMessage">
>>> </mailet> -->
>>>
>>> <mailet match="All" class="DKIMSign">
>>> <signatureTemplate>v=1; s=default; d=mydomain.com;
>>> h=from:to:received:received; t=12345; a=rsa-sha256; bh=;
>>> b=;</signatureTemplate>
>>> <privateKey>
>>> -----PRIVATE KEY IN PEM FORMAT-----
>>> </privateKey>
>>> </mailet>
>>>
>>> <!-- Attempt remote delivery using the specified repository for
>>> the
>>> spool, -->
>>> <!-- using delay time to retry delivery and the maximum number of
>>> retries -->
>>> <mailet match="All" class="RemoteDelivery">
>>> <outgoing> file://var/mail/outgoing/</outgoing>
>>>
>>>
>>>
>>> On Sat, Aug 14, 2010 at 11:42 PM, Shahid Faiz<sh...@gmail.com>
>>> wrote:
>>>
>>>
>>> you are right this may be the problem. i haven't configured ConvertTo7Bit
>>>> before DKIMSign and as James is running on linux where we have LF as EOL
>>>> character.
>>>>
>>>> Thanks very much for the help. I will try this on Monday, hopefully this
>>>> will solve the problem.
>>>>
>>>> - Shahid
>>>>
>>>>
>>>> On Sat, Aug 14, 2010 at 9:52 PM, Stefano Bagnara<ap...@bago.org>
>>>> wrote:
>>>>
>>>> 2010/8/14 Shahid Faiz<sh...@gmail.com>:
>>>>>> Hi,
>>>>>>
>>>>>> jDKIM is configured properly and works perfectly fine for emails which
>>>>>> I
>>>>>> sent out using any email client but when I bounce emails using Resend
>>>>>>
>>>>> mailet
>>>>>
>>>>>> gmail says* **dkim=neutral (body hash did not verify).* DKIMSign mailet
>>>>>>
>>>>> is
>>>>>
>>>>>> configured as the last one in transport processor. any hint or help
>>>>>> what
>>>>>>
>>>>> is
>>>>>
>>>>>> missing?
>>>>>>
>>>>> Have you configured a ConvertTo7Bit mailet (bundled with jdkim) just
>>>>> before the DKIMSign mailet?
>>>>>
>>>>> DKIM may have issues with LF (\n) newlines. DKIM expects only CRLF
>>>>> (\r\n) otherwise signing is not possible.
>>>>>
>>>>> Stefano
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>>>
>>>>>
>>>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>> For additional commands, e-mail: server-user-help@james.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: - [100% SPAM] Re: jDKIM configuration
Posted by Shahid Faiz <sh...@gmail.com>.
Hi Jerry,
Is there any special required for Resend configuration? I have uncommented
already configured file extension based Resend.
<mailet match="AttachmentFileNameIs=-d -z *.exe *.com *.bat *.cmd *.pif
*.scr *.vbs *.avi *.mp3 *.mpeg *.shs" class="Resend"
onMatchException="error">
<sender>postmaster</sender>
<inline>heads</inline>
<attachment>none</attachment>
<passThrough>false</passThrough>
<debug>true</debug>
<reversePath>null</reversePath>
<recipients>sender</recipients>
<prefix>[REJECTED]</prefix>
<message>
test message.
</message>
</mailet>
Thanks,
Shahid
On Mon, Aug 16, 2010 at 12:24 PM, Shahid Faiz <sh...@gmail.com> wrote:
> I have checked resent emails with port25.com, that also displays error
>
> Result: fail (wrong body hash: expected
> Sp7UU11MCfYMc32P8gQRPzpZ6q6+b1lsV0oNi8Cn0Lk=)
>
> I have also removed t= tag after which resent emails are delivered to Inbox
> but DKIM verification is still failing.
>
> Thanks,
> Shahid
>
> On Mon, Aug 16, 2010 at 9:04 AM, Jerry M <te...@malcolms.com> wrote:
>
>> I was comparing your mailet tag to mine. I noticed you added a t= value.
>> You may have just dummied up the value to post on the forum as you did the
>> domain name. But if that is the real value, it's very small number = very
>> old time stamp (basically 40 years old). No idea if google would be upset
>> with that, and even more curious why it would only affect resends. But just
>> looking for anything that might be the culprit.
>>
>> Also, the 'sender' on a resent email is the original sender. So
>> technically, JAMES is signing an email from a domain it doesn't own.
>> port25.com gives me a different result when I send an email with the from
>> address at the actual domain that is signing vs. when I send an email that
>> is on another domain hosted on my server. They both 'pass'. But it's noted
>> that the from address is different. Not sure if that could be a problem
>> with resends and google since the from address is completely different than
>> the signing domain. But that still begs the question why it worked on my
>> test. I just don't know enough about the theory of what is considered an
>> acceptable signature vs. what is not. I'll keep researching.
>>
>> Jerry
>>
>> On 8/15/2010 10:37 PM, Jerry M wrote:
>>
>>> Shahid,
>>>
>>> I set up for all inbound email to one of my james accounts to resend to a
>>> gmail account. I guess it's good news for me, but bad news for you... gmail
>>> says the resend was signed correctly. This was a single test from an
>>> outside business email address that I have. Hardly an exhaustive test. As
>>> Stephano mentioned, it could be a formatting thing on the inbound mail,
>>> which I suspect can vary greatly from sender to sender. So I'm going to
>>> leave the resend active for a while and watch as I get additional real
>>> emails from various sources and see if I get any failures and subsequently
>>> can detect a pattern.
>>>
>>> If you can test on an email account that no 'real' traffic is coming
>>> into, you might try bouncing to the port25.com tester email address I
>>> mentioned below just to see what it tells you. You'll get more info than
>>> gmail gives regarding DKIM. The only thing is that port25.com sends
>>> the analysis info back to the sender. So if this is a live email and you
>>> are bouncing to port25.com test, the sender will get the analysis reply
>>> (probably not what you want..). Hence the recommendation to do it on a
>>> dormant/test email account.
>>>
>>> Let me know if you get any additional info.
>>>
>>> Jerry
>>>
>>>
>>> On 8/15/2010 10:20 PM, Shahid Faiz wrote:
>>>
>>>> Hi Jerry,
>>>>
>>>> Yes, you are right. Mails which are sent directly to my gmail account
>>>> are
>>>> verified and delivered to my inbox whereas mails sent using Resend are
>>>> not
>>>> verified and thats why those mails land in Spam.
>>>>
>>>> Yes, I have also guessed that there were no parameters required. I will
>>>> try
>>>> looking into ConvertTo7Bit code if that will help.
>>>>
>>>> Thank you very much for the help.
>>>>
>>>> - Shahid
>>>>
>>>> On Mon, Aug 16, 2010 at 8:12 AM, Jerry M<te...@malcolms.com>
>>>> wrote:
>>>>
>>>> So you are using resend mailet to send inbound mail that you receive
>>>>> on to
>>>>> a gmail account, right? And mail you send directly is signed
>>>>> correctly, but
>>>>> inbound mail that resends to gmail is failing. Is that correct?
>>>>>
>>>>> I finally got everything up and running with DKIM. I did a direct send
>>>>> to
>>>>> gmail and to the port25.com tester (check-auth2@verifier.port25.com).
>>>>> Everything looks good now. I'll try adding a resend to gmail to try
>>>>> to
>>>>> duplicate your scenario.
>>>>>
>>>>> On the advise Stephano gave you about the convertTo7Bit mailet, I added
>>>>> it
>>>>> ahead of the DKIMSign mailet. There was zero documentation on it. So
>>>>> I
>>>>> just guessed that there were no parameters. I assume it's doing it's
>>>>> job.
>>>>> But I really don't know if it's doing anything. I still don't know
>>>>> what
>>>>> that third mailet is for. But I'm not using it, and DKIM is working.
>>>>>
>>>>> I'll let you know what I find after adding the resend to gmail.
>>>>>
>>>>> Jerry
>>>>>
>>>>>
>>>>>
>>>>> On 8/15/2010 9:32 PM, Shahid Faiz wrote:
>>>>>
>>>>> i have configured ConvertoTo7Bit but no success. following are james
>>>>>> configurations. Is there anything missing in ConvertTo7Bit
>>>>>> configuration?
>>>>>>
>>>>>> <mailet match="All" class="ConvertTo7Bit">
>>>>>> </mailet>
>>>>>> <!--<mailet match="All" class="LogMessage">
>>>>>> </mailet> -->
>>>>>>
>>>>>> <mailet match="All" class="DKIMSign">
>>>>>> <signatureTemplate>v=1; s=default; d=mydomain.com;
>>>>>> h=from:to:received:received; t=12345; a=rsa-sha256; bh=;
>>>>>> b=;</signatureTemplate>
>>>>>> <privateKey>
>>>>>> -----PRIVATE KEY IN PEM FORMAT-----
>>>>>> </privateKey>
>>>>>> </mailet>
>>>>>>
>>>>>> <!-- Attempt remote delivery using the specified repository for
>>>>>> the
>>>>>> spool, -->
>>>>>> <!-- using delay time to retry delivery and the maximum number of
>>>>>> retries -->
>>>>>> <mailet match="All" class="RemoteDelivery">
>>>>>> <outgoing> file://var/mail/outgoing/</outgoing>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Sat, Aug 14, 2010 at 11:42 PM, Shahid Faiz<sh...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>
>>>>>> you are right this may be the problem. i haven't configured
>>>>>> ConvertTo7Bit
>>>>>>
>>>>>>> before DKIMSign and as James is running on linux where we have LF as
>>>>>>> EOL
>>>>>>> character.
>>>>>>>
>>>>>>> Thanks very much for the help. I will try this on Monday, hopefully
>>>>>>> this
>>>>>>> will solve the problem.
>>>>>>>
>>>>>>> - Shahid
>>>>>>>
>>>>>>>
>>>>>>> On Sat, Aug 14, 2010 at 9:52 PM, Stefano Bagnara<ap...@bago.org>
>>>>>>> wrote:
>>>>>>>
>>>>>>> 2010/8/14 Shahid Faiz<sh...@gmail.com>:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> jDKIM is configured properly and works perfectly fine for emails
>>>>>>>>> which
>>>>>>>>> I
>>>>>>>>> sent out using any email client but when I bounce emails using
>>>>>>>>> Resend
>>>>>>>>>
>>>>>>>>> mailet
>>>>>>>>
>>>>>>>> gmail says* **dkim=neutral (body hash did not verify).* DKIMSign
>>>>>>>>> mailet
>>>>>>>>>
>>>>>>>>> is
>>>>>>>>
>>>>>>>> configured as the last one in transport processor. any hint or help
>>>>>>>>> what
>>>>>>>>>
>>>>>>>>> is
>>>>>>>>
>>>>>>>> missing?
>>>>>>>>>
>>>>>>>>> Have you configured a ConvertTo7Bit mailet (bundled with jdkim)
>>>>>>>> just
>>>>>>>> before the DKIMSign mailet?
>>>>>>>>
>>>>>>>> DKIM may have issues with LF (\n) newlines. DKIM expects only CRLF
>>>>>>>> (\r\n) otherwise signing is not possible.
>>>>>>>>
>>>>>>>> Stefano
>>>>>>>>
>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>
>>>>>>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>>>>>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>>>
>>>>>
>>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>
>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>> For additional commands, e-mail: server-user-help@james.apache.org
>>
>>
>
Re: jDKIM configuration
Posted by Shahid Faiz <sh...@gmail.com>.
Jerry,
This works fine for me as well. After playing with this, I have figured out
that Gmail is unable to verify body hash when I add <message> tag and change
<inline>unaltered</inline> to <inline>none</inline>.
I think Stefano pointed out correctly, and may be ConvertTo7Bit is not
playing its part with default configurations.
Thanks,
Shahid
On Tue, Aug 17, 2010 at 3:45 AM, Jerry M <te...@malcolms.com> wrote:
> Shahid,
>
> It looks like you are using the resend for something quite different than I
> am. I'm simply using it as an auto-forrward to a second address that
> monitors all inbound email. Hence my mailet tag is:
>
> <mailet match="RecipientIs=xxxx@yyyy.com" class="Resend">
> <recipients>bbb@ccccc.com</recipients>
> <inline>unaltered</inline>
> <passThrough>TRUE</passThrough>
> </mailet>
>
> I'm not sure what all of the different options mean and what effect they
> might have. But just for fun, try my version above and see if it makes any
> difference. If it works, start adding your options in one at a time. Once
> we know the culprit, we might be able to figure out why it's trashing the
> signature.
>
> Jerry
>
>
> On 8/16/2010 4:21 AM, Shahid Faiz wrote:
>
>> Hi Jerry,
>>
>> Is there any special required for Resend configuration? I have uncommented
>> already configured file extension based Resend.
>>
>> <mailet match="AttachmentFileNameIs=-d -z *.exe *.com *.bat *.cmd *.pif
>> *.scr *.vbs *.avi *.mp3 *.mpeg *.shs" class="Resend"
>> onMatchException="error">
>> <sender>postmaster</sender>
>> <inline>heads</inline>
>> <attachment>none</attachment>
>> <passThrough>false</passThrough>
>> <debug>true</debug>
>> <reversePath>null</reversePath>
>> <recipients>sender</recipients>
>> <prefix>[REJECTED]</prefix>
>> <message>
>> test message.
>> </message>
>> </mailet>
>>
>> Thanks,
>> Shahid
>>
>>
>> On Mon, Aug 16, 2010 at 12:24 PM, Shahid Faiz<sh...@gmail.com>
>> wrote:
>>
>> I have checked resent emails with port25.com, that also displays error
>>>
>>> Result: fail (wrong body hash: expected
>>> Sp7UU11MCfYMc32P8gQRPzpZ6q6+b1lsV0oNi8Cn0Lk=)
>>>
>>> I have also removed t= tag after which resent emails are delivered to
>>> Inbox
>>> but DKIM verification is still failing.
>>>
>>> Thanks,
>>> Shahid
>>>
>>> On Mon, Aug 16, 2010 at 9:04 AM, Jerry M<te...@malcolms.com> wrote:
>>>
>>> I was comparing your mailet tag to mine. I noticed you added a t=
>>>> value.
>>>> You may have just dummied up the value to post on the forum as you did
>>>> the
>>>> domain name. But if that is the real value, it's very small number =
>>>> very
>>>> old time stamp (basically 40 years old). No idea if google would be
>>>> upset
>>>> with that, and even more curious why it would only affect resends. But
>>>> just
>>>> looking for anything that might be the culprit.
>>>>
>>>> Also, the 'sender' on a resent email is the original sender. So
>>>> technically, JAMES is signing an email from a domain it doesn't own.
>>>> port25.com gives me a different result when I send an email with the
>>>> from
>>>> address at the actual domain that is signing vs. when I send an email
>>>> that
>>>> is on another domain hosted on my server. They both 'pass'. But it's
>>>> noted
>>>> that the from address is different. Not sure if that could be a problem
>>>> with resends and google since the from address is completely different
>>>> than
>>>> the signing domain. But that still begs the question why it worked on
>>>> my
>>>> test. I just don't know enough about the theory of what is considered
>>>> an
>>>> acceptable signature vs. what is not. I'll keep researching.
>>>>
>>>> Jerry
>>>>
>>>>
>>>> On 8/15/2010 10:37 PM, Jerry M wrote:
>>>>
>>>> Shahid,
>>>>>
>>>>> I set up for all inbound email to one of my james accounts to resend to
>>>>> a
>>>>> gmail account. I guess it's good news for me, but bad news for you...
>>>>> gmail
>>>>> says the resend was signed correctly. This was a single test from an
>>>>> outside business email address that I have. Hardly an exhaustive test.
>>>>> As
>>>>> Stephano mentioned, it could be a formatting thing on the inbound mail,
>>>>> which I suspect can vary greatly from sender to sender. So I'm going
>>>>> to
>>>>> leave the resend active for a while and watch as I get additional real
>>>>> emails from various sources and see if I get any failures and
>>>>> subsequently
>>>>> can detect a pattern.
>>>>>
>>>>> If you can test on an email account that no 'real' traffic is coming
>>>>> into, you might try bouncing to the port25.com tester email address I
>>>>> mentioned below just to see what it tells you. You'll get more info
>>>>> than
>>>>> gmail gives regarding DKIM. The only thing is that port25.com sends
>>>>> the analysis info back to the sender. So if this is a live email and
>>>>> you
>>>>> are bouncing to port25.com test, the sender will get the analysis
>>>>> reply
>>>>> (probably not what you want..). Hence the recommendation to do it on a
>>>>> dormant/test email account.
>>>>>
>>>>> Let me know if you get any additional info.
>>>>>
>>>>> Jerry
>>>>>
>>>>>
>>>>> On 8/15/2010 10:20 PM, Shahid Faiz wrote:
>>>>>
>>>>> Hi Jerry,
>>>>>>
>>>>>> Yes, you are right. Mails which are sent directly to my gmail account
>>>>>> are
>>>>>> verified and delivered to my inbox whereas mails sent using Resend are
>>>>>> not
>>>>>> verified and thats why those mails land in Spam.
>>>>>>
>>>>>> Yes, I have also guessed that there were no parameters required. I
>>>>>> will
>>>>>> try
>>>>>> looking into ConvertTo7Bit code if that will help.
>>>>>>
>>>>>> Thank you very much for the help.
>>>>>>
>>>>>> - Shahid
>>>>>>
>>>>>> On Mon, Aug 16, 2010 at 8:12 AM, Jerry M<te...@malcolms.com>
>>>>>> wrote:
>>>>>>
>>>>>> So you are using resend mailet to send inbound mail that you receive
>>>>>>
>>>>>>> on to
>>>>>>> a gmail account, right? And mail you send directly is signed
>>>>>>> correctly, but
>>>>>>> inbound mail that resends to gmail is failing. Is that correct?
>>>>>>>
>>>>>>> I finally got everything up and running with DKIM. I did a direct
>>>>>>> send
>>>>>>> to
>>>>>>> gmail and to the port25.com tester (check-auth2@verifier.port25.com
>>>>>>> ).
>>>>>>> Everything looks good now. I'll try adding a resend to gmail to try
>>>>>>> to
>>>>>>> duplicate your scenario.
>>>>>>>
>>>>>>> On the advise Stephano gave you about the convertTo7Bit mailet, I
>>>>>>> added
>>>>>>> it
>>>>>>> ahead of the DKIMSign mailet. There was zero documentation on it.
>>>>>>> So
>>>>>>> I
>>>>>>> just guessed that there were no parameters. I assume it's doing it's
>>>>>>> job.
>>>>>>> But I really don't know if it's doing anything. I still don't know
>>>>>>> what
>>>>>>> that third mailet is for. But I'm not using it, and DKIM is working.
>>>>>>>
>>>>>>> I'll let you know what I find after adding the resend to gmail.
>>>>>>>
>>>>>>> Jerry
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 8/15/2010 9:32 PM, Shahid Faiz wrote:
>>>>>>>
>>>>>>> i have configured ConvertoTo7Bit but no success. following are james
>>>>>>>
>>>>>>>> configurations. Is there anything missing in ConvertTo7Bit
>>>>>>>> configuration?
>>>>>>>>
>>>>>>>> <mailet match="All" class="ConvertTo7Bit">
>>>>>>>> </mailet>
>>>>>>>> <!--<mailet match="All" class="LogMessage">
>>>>>>>> </mailet> -->
>>>>>>>>
>>>>>>>> <mailet match="All" class="DKIMSign">
>>>>>>>> <signatureTemplate>v=1; s=default; d=mydomain.com;
>>>>>>>> h=from:to:received:received; t=12345; a=rsa-sha256; bh=;
>>>>>>>> b=;</signatureTemplate>
>>>>>>>> <privateKey>
>>>>>>>> -----PRIVATE KEY IN PEM FORMAT-----
>>>>>>>> </privateKey>
>>>>>>>> </mailet>
>>>>>>>>
>>>>>>>> <!-- Attempt remote delivery using the specified repository for
>>>>>>>> the
>>>>>>>> spool, -->
>>>>>>>> <!-- using delay time to retry delivery and the maximum number of
>>>>>>>> retries -->
>>>>>>>> <mailet match="All" class="RemoteDelivery">
>>>>>>>> <outgoing> file://var/mail/outgoing/</outgoing>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Sat, Aug 14, 2010 at 11:42 PM, Shahid Faiz<shahid.faiz@gmail.com
>>>>>>>> >
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> you are right this may be the problem. i haven't configured
>>>>>>>> ConvertTo7Bit
>>>>>>>>
>>>>>>>> before DKIMSign and as James is running on linux where we have LF
>>>>>>>>> as
>>>>>>>>> EOL
>>>>>>>>> character.
>>>>>>>>>
>>>>>>>>> Thanks very much for the help. I will try this on Monday, hopefully
>>>>>>>>> this
>>>>>>>>> will solve the problem.
>>>>>>>>>
>>>>>>>>> - Shahid
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Sat, Aug 14, 2010 at 9:52 PM, Stefano Bagnara<ap...@bago.org>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> 2010/8/14 Shahid Faiz<sh...@gmail.com>:
>>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>>> jDKIM is configured properly and works perfectly fine for emails
>>>>>>>>>>> which
>>>>>>>>>>> I
>>>>>>>>>>> sent out using any email client but when I bounce emails using
>>>>>>>>>>> Resend
>>>>>>>>>>>
>>>>>>>>>>> mailet
>>>>>>>>>>>
>>>>>>>>>> gmail says* **dkim=neutral (body hash did not verify).* DKIMSign
>>>>>>>>>>
>>>>>>>>>>> mailet
>>>>>>>>>>>
>>>>>>>>>>> is
>>>>>>>>>>>
>>>>>>>>>> configured as the last one in transport processor. any hint or
>>>>>>>>>> help
>>>>>>>>>>
>>>>>>>>>>> what
>>>>>>>>>>>
>>>>>>>>>>> is
>>>>>>>>>>>
>>>>>>>>>> missing?
>>>>>>>>>>
>>>>>>>>>>> Have you configured a ConvertTo7Bit mailet (bundled with jdkim)
>>>>>>>>>>>
>>>>>>>>>> just
>>>>>>>>>> before the DKIMSign mailet?
>>>>>>>>>>
>>>>>>>>>> DKIM may have issues with LF (\n) newlines. DKIM expects only CRLF
>>>>>>>>>> (\r\n) otherwise signing is not possible.
>>>>>>>>>>
>>>>>>>>>> Stefano
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>>>
>>>>>>>>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>>>>>>>>> For additional commands, e-mail:
>>>>>>>>>> server-user-help@james.apache.org
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>>>
>>>>>>>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>>>>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>>
>>>>
>>>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
>
Re: jDKIM configuration
Posted by Jerry M <te...@malcolms.com>.
Shahid,
It looks like you are using the resend for something quite different
than I am. I'm simply using it as an auto-forrward to a second address
that monitors all inbound email. Hence my mailet tag is:
<mailet match="RecipientIs=xxxx@yyyy.com" class="Resend">
<recipients>bbb@ccccc.com</recipients>
<inline>unaltered</inline>
<passThrough>TRUE</passThrough>
</mailet>
I'm not sure what all of the different options mean and what effect they
might have. But just for fun, try my version above and see if it makes
any difference. If it works, start adding your options in one at a
time. Once we know the culprit, we might be able to figure out why it's
trashing the signature.
Jerry
On 8/16/2010 4:21 AM, Shahid Faiz wrote:
> Hi Jerry,
>
> Is there any special required for Resend configuration? I have uncommented
> already configured file extension based Resend.
>
> <mailet match="AttachmentFileNameIs=-d -z *.exe *.com *.bat *.cmd *.pif
> *.scr *.vbs *.avi *.mp3 *.mpeg *.shs" class="Resend"
> onMatchException="error">
> <sender>postmaster</sender>
> <inline>heads</inline>
> <attachment>none</attachment>
> <passThrough>false</passThrough>
> <debug>true</debug>
> <reversePath>null</reversePath>
> <recipients>sender</recipients>
> <prefix>[REJECTED]</prefix>
> <message>
> test message.
> </message>
> </mailet>
>
> Thanks,
> Shahid
>
>
> On Mon, Aug 16, 2010 at 12:24 PM, Shahid Faiz<sh...@gmail.com> wrote:
>
>> I have checked resent emails with port25.com, that also displays error
>>
>> Result: fail (wrong body hash: expected
>> Sp7UU11MCfYMc32P8gQRPzpZ6q6+b1lsV0oNi8Cn0Lk=)
>>
>> I have also removed t= tag after which resent emails are delivered to Inbox
>> but DKIM verification is still failing.
>>
>> Thanks,
>> Shahid
>>
>> On Mon, Aug 16, 2010 at 9:04 AM, Jerry M<te...@malcolms.com> wrote:
>>
>>> I was comparing your mailet tag to mine. I noticed you added a t= value.
>>> You may have just dummied up the value to post on the forum as you did the
>>> domain name. But if that is the real value, it's very small number = very
>>> old time stamp (basically 40 years old). No idea if google would be upset
>>> with that, and even more curious why it would only affect resends. But just
>>> looking for anything that might be the culprit.
>>>
>>> Also, the 'sender' on a resent email is the original sender. So
>>> technically, JAMES is signing an email from a domain it doesn't own.
>>> port25.com gives me a different result when I send an email with the from
>>> address at the actual domain that is signing vs. when I send an email that
>>> is on another domain hosted on my server. They both 'pass'. But it's noted
>>> that the from address is different. Not sure if that could be a problem
>>> with resends and google since the from address is completely different than
>>> the signing domain. But that still begs the question why it worked on my
>>> test. I just don't know enough about the theory of what is considered an
>>> acceptable signature vs. what is not. I'll keep researching.
>>>
>>> Jerry
>>>
>>> On 8/15/2010 10:37 PM, Jerry M wrote:
>>>
>>>> Shahid,
>>>>
>>>> I set up for all inbound email to one of my james accounts to resend to a
>>>> gmail account. I guess it's good news for me, but bad news for you... gmail
>>>> says the resend was signed correctly. This was a single test from an
>>>> outside business email address that I have. Hardly an exhaustive test. As
>>>> Stephano mentioned, it could be a formatting thing on the inbound mail,
>>>> which I suspect can vary greatly from sender to sender. So I'm going to
>>>> leave the resend active for a while and watch as I get additional real
>>>> emails from various sources and see if I get any failures and subsequently
>>>> can detect a pattern.
>>>>
>>>> If you can test on an email account that no 'real' traffic is coming
>>>> into, you might try bouncing to the port25.com tester email address I
>>>> mentioned below just to see what it tells you. You'll get more info than
>>>> gmail gives regarding DKIM. The only thing is that port25.com sends
>>>> the analysis info back to the sender. So if this is a live email and you
>>>> are bouncing to port25.com test, the sender will get the analysis reply
>>>> (probably not what you want..). Hence the recommendation to do it on a
>>>> dormant/test email account.
>>>>
>>>> Let me know if you get any additional info.
>>>>
>>>> Jerry
>>>>
>>>>
>>>> On 8/15/2010 10:20 PM, Shahid Faiz wrote:
>>>>
>>>>> Hi Jerry,
>>>>>
>>>>> Yes, you are right. Mails which are sent directly to my gmail account
>>>>> are
>>>>> verified and delivered to my inbox whereas mails sent using Resend are
>>>>> not
>>>>> verified and thats why those mails land in Spam.
>>>>>
>>>>> Yes, I have also guessed that there were no parameters required. I will
>>>>> try
>>>>> looking into ConvertTo7Bit code if that will help.
>>>>>
>>>>> Thank you very much for the help.
>>>>>
>>>>> - Shahid
>>>>>
>>>>> On Mon, Aug 16, 2010 at 8:12 AM, Jerry M<te...@malcolms.com>
>>>>> wrote:
>>>>>
>>>>> So you are using resend mailet to send inbound mail that you receive
>>>>>> on to
>>>>>> a gmail account, right? And mail you send directly is signed
>>>>>> correctly, but
>>>>>> inbound mail that resends to gmail is failing. Is that correct?
>>>>>>
>>>>>> I finally got everything up and running with DKIM. I did a direct send
>>>>>> to
>>>>>> gmail and to the port25.com tester (check-auth2@verifier.port25.com).
>>>>>> Everything looks good now. I'll try adding a resend to gmail to try
>>>>>> to
>>>>>> duplicate your scenario.
>>>>>>
>>>>>> On the advise Stephano gave you about the convertTo7Bit mailet, I added
>>>>>> it
>>>>>> ahead of the DKIMSign mailet. There was zero documentation on it. So
>>>>>> I
>>>>>> just guessed that there were no parameters. I assume it's doing it's
>>>>>> job.
>>>>>> But I really don't know if it's doing anything. I still don't know
>>>>>> what
>>>>>> that third mailet is for. But I'm not using it, and DKIM is working.
>>>>>>
>>>>>> I'll let you know what I find after adding the resend to gmail.
>>>>>>
>>>>>> Jerry
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 8/15/2010 9:32 PM, Shahid Faiz wrote:
>>>>>>
>>>>>> i have configured ConvertoTo7Bit but no success. following are james
>>>>>>> configurations. Is there anything missing in ConvertTo7Bit
>>>>>>> configuration?
>>>>>>>
>>>>>>> <mailet match="All" class="ConvertTo7Bit">
>>>>>>> </mailet>
>>>>>>> <!--<mailet match="All" class="LogMessage">
>>>>>>> </mailet> -->
>>>>>>>
>>>>>>> <mailet match="All" class="DKIMSign">
>>>>>>> <signatureTemplate>v=1; s=default; d=mydomain.com;
>>>>>>> h=from:to:received:received; t=12345; a=rsa-sha256; bh=;
>>>>>>> b=;</signatureTemplate>
>>>>>>> <privateKey>
>>>>>>> -----PRIVATE KEY IN PEM FORMAT-----
>>>>>>> </privateKey>
>>>>>>> </mailet>
>>>>>>>
>>>>>>> <!-- Attempt remote delivery using the specified repository for
>>>>>>> the
>>>>>>> spool, -->
>>>>>>> <!-- using delay time to retry delivery and the maximum number of
>>>>>>> retries -->
>>>>>>> <mailet match="All" class="RemoteDelivery">
>>>>>>> <outgoing> file://var/mail/outgoing/</outgoing>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Sat, Aug 14, 2010 at 11:42 PM, Shahid Faiz<sh...@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>> you are right this may be the problem. i haven't configured
>>>>>>> ConvertTo7Bit
>>>>>>>
>>>>>>>> before DKIMSign and as James is running on linux where we have LF as
>>>>>>>> EOL
>>>>>>>> character.
>>>>>>>>
>>>>>>>> Thanks very much for the help. I will try this on Monday, hopefully
>>>>>>>> this
>>>>>>>> will solve the problem.
>>>>>>>>
>>>>>>>> - Shahid
>>>>>>>>
>>>>>>>>
>>>>>>>> On Sat, Aug 14, 2010 at 9:52 PM, Stefano Bagnara<ap...@bago.org>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> 2010/8/14 Shahid Faiz<sh...@gmail.com>:
>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>> jDKIM is configured properly and works perfectly fine for emails
>>>>>>>>>> which
>>>>>>>>>> I
>>>>>>>>>> sent out using any email client but when I bounce emails using
>>>>>>>>>> Resend
>>>>>>>>>>
>>>>>>>>>> mailet
>>>>>>>>> gmail says* **dkim=neutral (body hash did not verify).* DKIMSign
>>>>>>>>>> mailet
>>>>>>>>>>
>>>>>>>>>> is
>>>>>>>>> configured as the last one in transport processor. any hint or help
>>>>>>>>>> what
>>>>>>>>>>
>>>>>>>>>> is
>>>>>>>>> missing?
>>>>>>>>>> Have you configured a ConvertTo7Bit mailet (bundled with jdkim)
>>>>>>>>> just
>>>>>>>>> before the DKIMSign mailet?
>>>>>>>>>
>>>>>>>>> DKIM may have issues with LF (\n) newlines. DKIM expects only CRLF
>>>>>>>>> (\r\n) otherwise signing is not possible.
>>>>>>>>>
>>>>>>>>> Stefano
>>>>>>>>>
>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>>
>>>>>>>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>>>>>>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>>>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>>
>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>
>>>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: - [100% SPAM] Re: jDKIM configuration
Posted by Shahid Faiz <sh...@gmail.com>.
I have checked resent emails with port25.com, that also displays error
Result: fail (wrong body hash: expected
Sp7UU11MCfYMc32P8gQRPzpZ6q6+b1lsV0oNi8Cn0Lk=)
I have also removed t= tag after which resent emails are delivered to Inbox
but DKIM verification is still failing.
Thanks,
Shahid
On Mon, Aug 16, 2010 at 9:04 AM, Jerry M <te...@malcolms.com> wrote:
> I was comparing your mailet tag to mine. I noticed you added a t= value.
> You may have just dummied up the value to post on the forum as you did the
> domain name. But if that is the real value, it's very small number = very
> old time stamp (basically 40 years old). No idea if google would be upset
> with that, and even more curious why it would only affect resends. But just
> looking for anything that might be the culprit.
>
> Also, the 'sender' on a resent email is the original sender. So
> technically, JAMES is signing an email from a domain it doesn't own.
> port25.com gives me a different result when I send an email with the from
> address at the actual domain that is signing vs. when I send an email that
> is on another domain hosted on my server. They both 'pass'. But it's noted
> that the from address is different. Not sure if that could be a problem
> with resends and google since the from address is completely different than
> the signing domain. But that still begs the question why it worked on my
> test. I just don't know enough about the theory of what is considered an
> acceptable signature vs. what is not. I'll keep researching.
>
> Jerry
>
> On 8/15/2010 10:37 PM, Jerry M wrote:
>
>> Shahid,
>>
>> I set up for all inbound email to one of my james accounts to resend to a
>> gmail account. I guess it's good news for me, but bad news for you... gmail
>> says the resend was signed correctly. This was a single test from an
>> outside business email address that I have. Hardly an exhaustive test. As
>> Stephano mentioned, it could be a formatting thing on the inbound mail,
>> which I suspect can vary greatly from sender to sender. So I'm going to
>> leave the resend active for a while and watch as I get additional real
>> emails from various sources and see if I get any failures and subsequently
>> can detect a pattern.
>>
>> If you can test on an email account that no 'real' traffic is coming into,
>> you might try bouncing to the port25.com tester email address I mentioned
>> below just to see what it tells you. You'll get more info than gmail gives
>> regarding DKIM. The only thing is that port25.com sends the analysis
>> info back to the sender. So if this is a live email and you are bouncing to
>> port25.com test, the sender will get the analysis reply (probably not
>> what you want..). Hence the recommendation to do it on a dormant/test email
>> account.
>>
>> Let me know if you get any additional info.
>>
>> Jerry
>>
>>
>> On 8/15/2010 10:20 PM, Shahid Faiz wrote:
>>
>>> Hi Jerry,
>>>
>>> Yes, you are right. Mails which are sent directly to my gmail account are
>>> verified and delivered to my inbox whereas mails sent using Resend are
>>> not
>>> verified and thats why those mails land in Spam.
>>>
>>> Yes, I have also guessed that there were no parameters required. I will
>>> try
>>> looking into ConvertTo7Bit code if that will help.
>>>
>>> Thank you very much for the help.
>>>
>>> - Shahid
>>>
>>> On Mon, Aug 16, 2010 at 8:12 AM, Jerry M<te...@malcolms.com> wrote:
>>>
>>> So you are using resend mailet to send inbound mail that you receive on
>>>> to
>>>> a gmail account, right? And mail you send directly is signed correctly,
>>>> but
>>>> inbound mail that resends to gmail is failing. Is that correct?
>>>>
>>>> I finally got everything up and running with DKIM. I did a direct send
>>>> to
>>>> gmail and to the port25.com tester (check-auth2@verifier.port25.com).
>>>> Everything looks good now. I'll try adding a resend to gmail to try to
>>>> duplicate your scenario.
>>>>
>>>> On the advise Stephano gave you about the convertTo7Bit mailet, I added
>>>> it
>>>> ahead of the DKIMSign mailet. There was zero documentation on it. So I
>>>> just guessed that there were no parameters. I assume it's doing it's
>>>> job.
>>>> But I really don't know if it's doing anything. I still don't know
>>>> what
>>>> that third mailet is for. But I'm not using it, and DKIM is working.
>>>>
>>>> I'll let you know what I find after adding the resend to gmail.
>>>>
>>>> Jerry
>>>>
>>>>
>>>>
>>>> On 8/15/2010 9:32 PM, Shahid Faiz wrote:
>>>>
>>>> i have configured ConvertoTo7Bit but no success. following are james
>>>>> configurations. Is there anything missing in ConvertTo7Bit
>>>>> configuration?
>>>>>
>>>>> <mailet match="All" class="ConvertTo7Bit">
>>>>> </mailet>
>>>>> <!--<mailet match="All" class="LogMessage">
>>>>> </mailet> -->
>>>>>
>>>>> <mailet match="All" class="DKIMSign">
>>>>> <signatureTemplate>v=1; s=default; d=mydomain.com;
>>>>> h=from:to:received:received; t=12345; a=rsa-sha256; bh=;
>>>>> b=;</signatureTemplate>
>>>>> <privateKey>
>>>>> -----PRIVATE KEY IN PEM FORMAT-----
>>>>> </privateKey>
>>>>> </mailet>
>>>>>
>>>>> <!-- Attempt remote delivery using the specified repository for
>>>>> the
>>>>> spool, -->
>>>>> <!-- using delay time to retry delivery and the maximum number of
>>>>> retries -->
>>>>> <mailet match="All" class="RemoteDelivery">
>>>>> <outgoing> file://var/mail/outgoing/</outgoing>
>>>>>
>>>>>
>>>>>
>>>>> On Sat, Aug 14, 2010 at 11:42 PM, Shahid Faiz<sh...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>
>>>>> you are right this may be the problem. i haven't configured
>>>>> ConvertTo7Bit
>>>>>
>>>>>> before DKIMSign and as James is running on linux where we have LF as
>>>>>> EOL
>>>>>> character.
>>>>>>
>>>>>> Thanks very much for the help. I will try this on Monday, hopefully
>>>>>> this
>>>>>> will solve the problem.
>>>>>>
>>>>>> - Shahid
>>>>>>
>>>>>>
>>>>>> On Sat, Aug 14, 2010 at 9:52 PM, Stefano Bagnara<ap...@bago.org>
>>>>>> wrote:
>>>>>>
>>>>>> 2010/8/14 Shahid Faiz<sh...@gmail.com>:
>>>>>>
>>>>>>> Hi,
>>>>>>>>
>>>>>>>> jDKIM is configured properly and works perfectly fine for emails
>>>>>>>> which
>>>>>>>> I
>>>>>>>> sent out using any email client but when I bounce emails using
>>>>>>>> Resend
>>>>>>>>
>>>>>>>> mailet
>>>>>>>
>>>>>>> gmail says* **dkim=neutral (body hash did not verify).* DKIMSign
>>>>>>>> mailet
>>>>>>>>
>>>>>>>> is
>>>>>>>
>>>>>>> configured as the last one in transport processor. any hint or help
>>>>>>>> what
>>>>>>>>
>>>>>>>> is
>>>>>>>
>>>>>>> missing?
>>>>>>>>
>>>>>>>> Have you configured a ConvertTo7Bit mailet (bundled with jdkim)
>>>>>>> just
>>>>>>> before the DKIMSign mailet?
>>>>>>>
>>>>>>> DKIM may have issues with LF (\n) newlines. DKIM expects only CRLF
>>>>>>> (\r\n) otherwise signing is not possible.
>>>>>>>
>>>>>>> Stefano
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>>
>>>>>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>>>>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>>
>>>>
>>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>> For additional commands, e-mail: server-user-help@james.apache.org
>>
>>
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
>
Re: - [100% SPAM] Re: jDKIM configuration
Posted by Jerry M <te...@malcolms.com>.
I was comparing your mailet tag to mine. I noticed you added a t=
value. You may have just dummied up the value to post on the forum as
you did the domain name. But if that is the real value, it's very small
number = very old time stamp (basically 40 years old). No idea if
google would be upset with that, and even more curious why it would only
affect resends. But just looking for anything that might be the culprit.
Also, the 'sender' on a resent email is the original sender. So
technically, JAMES is signing an email from a domain it doesn't own.
port25.com gives me a different result when I send an email with the
from address at the actual domain that is signing vs. when I send an
email that is on another domain hosted on my server. They both 'pass'.
But it's noted that the from address is different. Not sure if that
could be a problem with resends and google since the from address is
completely different than the signing domain. But that still begs the
question why it worked on my test. I just don't know enough about the
theory of what is considered an acceptable signature vs. what is not.
I'll keep researching.
Jerry
On 8/15/2010 10:37 PM, Jerry M wrote:
> Shahid,
>
> I set up for all inbound email to one of my james accounts to resend
> to a gmail account. I guess it's good news for me, but bad news for
> you... gmail says the resend was signed correctly. This was a single
> test from an outside business email address that I have. Hardly an
> exhaustive test. As Stephano mentioned, it could be a formatting
> thing on the inbound mail, which I suspect can vary greatly from
> sender to sender. So I'm going to leave the resend active for a while
> and watch as I get additional real emails from various sources and see
> if I get any failures and subsequently can detect a pattern.
>
> If you can test on an email account that no 'real' traffic is coming
> into, you might try bouncing to the port25.com tester email address I
> mentioned below just to see what it tells you. You'll get more info
> than gmail gives regarding DKIM. The only thing is that port25.com
> sends the analysis info back to the sender. So if this is a live
> email and you are bouncing to port25.com test, the sender will get the
> analysis reply (probably not what you want..). Hence the
> recommendation to do it on a dormant/test email account.
>
> Let me know if you get any additional info.
>
> Jerry
>
>
> On 8/15/2010 10:20 PM, Shahid Faiz wrote:
>> Hi Jerry,
>>
>> Yes, you are right. Mails which are sent directly to my gmail account
>> are
>> verified and delivered to my inbox whereas mails sent using Resend
>> are not
>> verified and thats why those mails land in Spam.
>>
>> Yes, I have also guessed that there were no parameters required. I
>> will try
>> looking into ConvertTo7Bit code if that will help.
>>
>> Thank you very much for the help.
>>
>> - Shahid
>>
>> On Mon, Aug 16, 2010 at 8:12 AM, Jerry M<te...@malcolms.com> wrote:
>>
>>> So you are using resend mailet to send inbound mail that you
>>> receive on to
>>> a gmail account, right? And mail you send directly is signed
>>> correctly, but
>>> inbound mail that resends to gmail is failing. Is that correct?
>>>
>>> I finally got everything up and running with DKIM. I did a direct
>>> send to
>>> gmail and to the port25.com tester (check-auth2@verifier.port25.com).
>>> Everything looks good now. I'll try adding a resend to gmail to
>>> try to
>>> duplicate your scenario.
>>>
>>> On the advise Stephano gave you about the convertTo7Bit mailet, I
>>> added it
>>> ahead of the DKIMSign mailet. There was zero documentation on it.
>>> So I
>>> just guessed that there were no parameters. I assume it's doing
>>> it's job.
>>> But I really don't know if it's doing anything. I still don't
>>> know what
>>> that third mailet is for. But I'm not using it, and DKIM is working.
>>>
>>> I'll let you know what I find after adding the resend to gmail.
>>>
>>> Jerry
>>>
>>>
>>>
>>> On 8/15/2010 9:32 PM, Shahid Faiz wrote:
>>>
>>>> i have configured ConvertoTo7Bit but no success. following are james
>>>> configurations. Is there anything missing in ConvertTo7Bit
>>>> configuration?
>>>>
>>>> <mailet match="All" class="ConvertTo7Bit">
>>>> </mailet>
>>>> <!--<mailet match="All" class="LogMessage">
>>>> </mailet> -->
>>>>
>>>> <mailet match="All" class="DKIMSign">
>>>> <signatureTemplate>v=1; s=default; d=mydomain.com;
>>>> h=from:to:received:received; t=12345; a=rsa-sha256; bh=;
>>>> b=;</signatureTemplate>
>>>> <privateKey>
>>>> -----PRIVATE KEY IN PEM FORMAT-----
>>>> </privateKey>
>>>> </mailet>
>>>>
>>>> <!-- Attempt remote delivery using the specified repository for
>>>> the
>>>> spool, -->
>>>> <!-- using delay time to retry delivery and the maximum number of
>>>> retries -->
>>>> <mailet match="All" class="RemoteDelivery">
>>>> <outgoing> file://var/mail/outgoing/</outgoing>
>>>>
>>>>
>>>>
>>>> On Sat, Aug 14, 2010 at 11:42 PM, Shahid Faiz<sh...@gmail.com>
>>>> wrote:
>>>>
>>>>
>>>> you are right this may be the problem. i haven't configured
>>>> ConvertTo7Bit
>>>>> before DKIMSign and as James is running on linux where we have LF
>>>>> as EOL
>>>>> character.
>>>>>
>>>>> Thanks very much for the help. I will try this on Monday,
>>>>> hopefully this
>>>>> will solve the problem.
>>>>>
>>>>> - Shahid
>>>>>
>>>>>
>>>>> On Sat, Aug 14, 2010 at 9:52 PM, Stefano Bagnara<ap...@bago.org>
>>>>> wrote:
>>>>>
>>>>> 2010/8/14 Shahid Faiz<sh...@gmail.com>:
>>>>>>> Hi,
>>>>>>>
>>>>>>> jDKIM is configured properly and works perfectly fine for emails
>>>>>>> which
>>>>>>> I
>>>>>>> sent out using any email client but when I bounce emails using
>>>>>>> Resend
>>>>>>>
>>>>>> mailet
>>>>>>
>>>>>>> gmail says* **dkim=neutral (body hash did not verify).* DKIMSign
>>>>>>> mailet
>>>>>>>
>>>>>> is
>>>>>>
>>>>>>> configured as the last one in transport processor. any hint or help
>>>>>>> what
>>>>>>>
>>>>>> is
>>>>>>
>>>>>>> missing?
>>>>>>>
>>>>>> Have you configured a ConvertTo7Bit mailet (bundled with jdkim) just
>>>>>> before the DKIMSign mailet?
>>>>>>
>>>>>> DKIM may have issues with LF (\n) newlines. DKIM expects only CRLF
>>>>>> (\r\n) otherwise signing is not possible.
>>>>>>
>>>>>> Stefano
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>>
>>>>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>>>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>>>>
>>>>>>
>>>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>
>>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: jDKIM configuration
Posted by Jerry M <te...@malcolms.com>.
So you are using resend mailet to send inbound mail that you receive
on to a gmail account, right? And mail you send directly is signed
correctly, but inbound mail that resends to gmail is failing. Is that
correct?
I finally got everything up and running with DKIM. I did a direct send
to gmail and to the port25.com tester
(check-auth2@verifier.port25.com). Everything looks good now. I'll try
adding a resend to gmail to try to duplicate your scenario.
On the advise Stephano gave you about the convertTo7Bit mailet, I added
it ahead of the DKIMSign mailet. There was zero documentation on it.
So I just guessed that there were no parameters. I assume it's doing
it's job. But I really don't know if it's doing anything. I still
don't know what that third mailet is for. But I'm not using it, and
DKIM is working.
I'll let you know what I find after adding the resend to gmail.
Jerry
On 8/15/2010 9:32 PM, Shahid Faiz wrote:
> i have configured ConvertoTo7Bit but no success. following are james
> configurations. Is there anything missing in ConvertTo7Bit configuration?
>
> <mailet match="All" class="ConvertTo7Bit">
> </mailet>
> <!--<mailet match="All" class="LogMessage">
> </mailet> -->
>
> <mailet match="All" class="DKIMSign">
> <signatureTemplate>v=1; s=default; d=mydomain.com;
> h=from:to:received:received; t=12345; a=rsa-sha256; bh=;
> b=;</signatureTemplate>
> <privateKey>
> -----PRIVATE KEY IN PEM FORMAT-----
> </privateKey>
> </mailet>
>
> <!-- Attempt remote delivery using the specified repository for the
> spool, -->
> <!-- using delay time to retry delivery and the maximum number of
> retries -->
> <mailet match="All" class="RemoteDelivery">
> <outgoing> file://var/mail/outgoing/</outgoing>
>
>
>
> On Sat, Aug 14, 2010 at 11:42 PM, Shahid Faiz<sh...@gmail.com> wrote:
>
>> you are right this may be the problem. i haven't configured ConvertTo7Bit
>> before DKIMSign and as James is running on linux where we have LF as EOL
>> character.
>>
>> Thanks very much for the help. I will try this on Monday, hopefully this
>> will solve the problem.
>>
>> - Shahid
>>
>>
>> On Sat, Aug 14, 2010 at 9:52 PM, Stefano Bagnara<ap...@bago.org> wrote:
>>
>>> 2010/8/14 Shahid Faiz<sh...@gmail.com>:
>>>> Hi,
>>>>
>>>> jDKIM is configured properly and works perfectly fine for emails which I
>>>> sent out using any email client but when I bounce emails using Resend
>>> mailet
>>>> gmail says* **dkim=neutral (body hash did not verify).* DKIMSign mailet
>>> is
>>>> configured as the last one in transport processor. any hint or help what
>>> is
>>>> missing?
>>> Have you configured a ConvertTo7Bit mailet (bundled with jdkim) just
>>> before the DKIMSign mailet?
>>>
>>> DKIM may have issues with LF (\n) newlines. DKIM expects only CRLF
>>> (\r\n) otherwise signing is not possible.
>>>
>>> Stefano
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>>> For additional commands, e-mail: server-user-help@james.apache.org
>>>
>>>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: jDKIM configuration
Posted by Shahid Faiz <sh...@gmail.com>.
you are right this may be the problem. i haven't configured ConvertTo7Bit
before DKIMSign and as James is running on linux where we have LF as EOL
character.
Thanks very much for the help. I will try this on Monday, hopefully this
will solve the problem.
- Shahid
On Sat, Aug 14, 2010 at 9:52 PM, Stefano Bagnara <ap...@bago.org> wrote:
> 2010/8/14 Shahid Faiz <sh...@gmail.com>:
> > Hi,
> >
> > jDKIM is configured properly and works perfectly fine for emails which I
> > sent out using any email client but when I bounce emails using Resend
> mailet
> > gmail says* **dkim=neutral (body hash did not verify).* DKIMSign mailet
> is
> > configured as the last one in transport processor. any hint or help what
> is
> > missing?
>
> Have you configured a ConvertTo7Bit mailet (bundled with jdkim) just
> before the DKIMSign mailet?
>
> DKIM may have issues with LF (\n) newlines. DKIM expects only CRLF
> (\r\n) otherwise signing is not possible.
>
> Stefano
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
>
Re: jDKIM configuration
Posted by Stefano Bagnara <ap...@bago.org>.
2010/8/14 Shahid Faiz <sh...@gmail.com>:
> Hi,
>
> jDKIM is configured properly and works perfectly fine for emails which I
> sent out using any email client but when I bounce emails using Resend mailet
> gmail says* **dkim=neutral (body hash did not verify).* DKIMSign mailet is
> configured as the last one in transport processor. any hint or help what is
> missing?
Have you configured a ConvertTo7Bit mailet (bundled with jdkim) just
before the DKIMSign mailet?
DKIM may have issues with LF (\n) newlines. DKIM expects only CRLF
(\r\n) otherwise signing is not possible.
Stefano
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: jDKIM configuration
Posted by Shahid Faiz <sh...@gmail.com>.
Hi,
jDKIM is configured properly and works perfectly fine for emails which I
sent out using any email client but when I bounce emails using Resend mailet
gmail says* **dkim=neutral (body hash did not verify).* DKIMSign mailet is
configured as the last one in transport processor. any hint or help what is
missing?
Thanks,
shahid
*
*
On Tue, Jul 20, 2010 at 2:04 PM, sfaiz <sh...@gmail.com> wrote:
>
> I am able to configure jDKIM by getting pre-compiled jar file file from
> following URL,
>
>
> https://repository.apache.org/content/groups/snapshots/org/apache/james/jdkim/apache-jdkim-mailets/0.2-SNAPSHOT/
>
> complete configuration also required to download latest mailet JAR and
> required dependencies (also available in mailet/lib) from
>
> http://james.apache.org/download.cgi#Apache_Mailet
>
> thanks,
>
>
> sfaiz wrote:
> >
> > Is there any other way of getting jdkim library and configuring jDKIM? Or
> > even can I configure jDKIM with james 2.3.2? Any help is appreciated.
> >
>
> --
> View this message in context:
> http://old.nabble.com/jDKIM-configuration-tp29202155p29212805.html
> Sent from the James - Users mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
>
Re: jDKIM configuration
Posted by sfaiz <sh...@gmail.com>.
I am able to configure jDKIM by getting pre-compiled jar file file from
following URL,
https://repository.apache.org/content/groups/snapshots/org/apache/james/jdkim/apache-jdkim-mailets/0.2-SNAPSHOT/
complete configuration also required to download latest mailet JAR and
required dependencies (also available in mailet/lib) from
http://james.apache.org/download.cgi#Apache_Mailet
thanks,
sfaiz wrote:
>
> Is there any other way of getting jdkim library and configuring jDKIM? Or
> even can I configure jDKIM with james 2.3.2? Any help is appreciated.
>
--
View this message in context: http://old.nabble.com/jDKIM-configuration-tp29202155p29212805.html
Sent from the James - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org