You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Glen Carreras <ca...@noesnada.com> on 2006/01/23 13:23:17 UTC
Domainkeys - Conflicting msg headers?
Hello,
I have searched through the archives and, although I did find a rather
lengthy thread about DK, I didn't find my specific answer. Hopefully
someone here can help me out. I've enabled the DK plugin (and applied
the patch) and for the most part, I believe DK is working but, the
following two headers confuse me as they appear to be conflicting
statements. Are these normal or do I perhaps have something
mis-configured somewhere?
* 0.0 DK_SIGNED Domain Keys: message has an unverified signature
* -0.0 DK_VERIFIED Domain Keys: signature passes verification
Thanks,
Glen
Re: Domainkeys - Conflicting msg headers?
Posted by SM <sm...@resistor.net>.
At 22:57 12-06-2006, Daryl C. W. O'Shea wrote:
>Already changed in 3.2:
>
>describe DK_SIGNED Domain Keys: message has a signature
[snip]
It's "DomainKeys" and not "Domain Keys".
Regards,
-sm
Re: Domainkeys - Conflicting msg headers?
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
On 6/12/2006 8:58 AM, Magnus Holmgren wrote:
> On Monday 23 January 2006 15:50, Matt Kettler took the opportunity to write:
>>Glen Carreras wrote:
>>>* 0.0 DK_SIGNED Domain Keys: message has an unverified signature
>>>* -0.0 DK_VERIFIED Domain Keys: signature passes verification
>>>
>>
>>>From looking at the domainkeys plugin, that's normal, and the
>>description is a bit misleading.
>>
>>DK_SIGNED means the message is signed. Period. The follow-on text is
>>trying to explain that DK_SIGNED has not verified the signature, it has
>>merely detected one is present, so the signature may or may not be valid.
>>
>>DK_VERIFIED means the signature passed verification. Based on the code,
>>this will never happen unless the message also matches DK_SIGNED.
>
>
> I suggest that the description for DK_SIGNED be changed slightly to "Domain
> Keys: message has a (not yet verified) signature".
Already changed in 3.2:
describe DK_SIGNED Domain Keys: message has a signature
describe DK_VERIFIED Domain Keys: signature passes verification
describe DK_POLICY_SIGNSOME Domain Keys: policy says domain signs
some mails
describe DK_POLICY_SIGNALL Domain Keys: policy says domain signs
all mails
describe DK_POLICY_TESTING Domain Keys: policy says domain is
testing DK
Daryl
Re: Domainkeys - Conflicting msg headers?
Posted by Magnus Holmgren <ho...@lysator.liu.se>.
On Monday 23 January 2006 15:50, Matt Kettler took the opportunity to write:
> Glen Carreras wrote:
> > I've enabled the DK plugin (and applied
> > the patch) and for the most part, I believe DK is working but, the
> > following two headers confuse me as they appear to be conflicting
> > statements. Are these normal or do I perhaps have something
> > mis-configured somewhere?
> >
> > * 0.0 DK_SIGNED Domain Keys: message has an unverified signature
> > * -0.0 DK_VERIFIED Domain Keys: signature passes verification
> >
> From looking at the domainkeys plugin, that's normal, and the
> description is a bit misleading.
>
> DK_SIGNED means the message is signed. Period. The follow-on text is
> trying to explain that DK_SIGNED has not verified the signature, it has
> merely detected one is present, so the signature may or may not be valid.
>
> DK_VERIFIED means the signature passed verification. Based on the code,
> this will never happen unless the message also matches DK_SIGNED.
I suggest that the description for DK_SIGNED be changed slightly to "Domain
Keys: message has a (not yet verified) signature".
--
Magnus Holmgren holmgren@lysator.liu.se
(No Cc of list mail needed, thanks)
Re: Domainkeys - Conflicting msg headers?
Posted by Matt Kettler <mk...@comcast.net>.
Glen Carreras wrote:
> Hello,
>
> I have searched through the archives and, although I did find a rather
> lengthy thread about DK, I didn't find my specific answer. Hopefully
> someone here can help me out. I've enabled the DK plugin (and applied
> the patch) and for the most part, I believe DK is working but, the
> following two headers confuse me as they appear to be conflicting
> statements. Are these normal or do I perhaps have something
> mis-configured somewhere?
>
> * 0.0 DK_SIGNED Domain Keys: message has an unverified signature
> * -0.0 DK_VERIFIED Domain Keys: signature passes verification
>From looking at the domainkeys plugin, that's normal, and the
description is a bit misleading.
DK_SIGNED means the message is signed. Period. The follow-on text is
trying to explain that DK_SIGNED has not verified the signature, it has
merely detected one is present, so the signature may or may not be valid.
DK_VERIFIED means the signature passed verification. Based on the code,
this will never happen unless the message also matches DK_SIGNED.