You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Glen Carreras <ca...@noesnada.com> on 2006/01/23 13:23:17 UTC

Domainkeys - Conflicting msg headers?

Hello,

I have searched through the archives and, although I did find a rather 
lengthy thread about DK, I didn't find my specific answer.  Hopefully 
someone here can help me out.  I've enabled the DK plugin (and applied 
the patch) and for the most part, I believe DK is working but, the 
following two headers confuse me as they appear to be conflicting 
statements.  Are these normal or do I perhaps have something 
mis-configured somewhere?

*  0.0 DK_SIGNED Domain Keys: message has an unverified signature
* -0.0 DK_VERIFIED Domain Keys: signature passes verification

Thanks,
Glen

Re: Domainkeys - Conflicting msg headers?

Posted by SM <sm...@resistor.net>.

At 22:57 12-06-2006, Daryl C. W. O'Shea wrote:
>Already changed in 3.2:
>
>describe DK_SIGNED              Domain Keys: message has a signature

[snip]

It's "DomainKeys" and not "Domain Keys".

Regards,
-sm

Re: Domainkeys - Conflicting msg headers?

Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.

On 6/12/2006 8:58 AM, Magnus Holmgren wrote:
> On Monday 23 January 2006 15:50, Matt Kettler took the opportunity to write:
>>Glen Carreras wrote:
>>>*  0.0 DK_SIGNED Domain Keys: message has an unverified signature
>>>* -0.0 DK_VERIFIED Domain Keys: signature passes verification
>>>
>>
>>>From looking at the domainkeys plugin, that's normal, and the
>>description is a bit misleading.
>>
>>DK_SIGNED means the message is signed. Period. The follow-on text is
>>trying to explain that DK_SIGNED has not verified the signature, it has
>>merely detected one is present, so the signature may or may not be valid.
>>
>>DK_VERIFIED means the signature passed verification. Based on the code,
>>this will never happen unless the message also matches DK_SIGNED.
> 
> 
> I suggest that the description for DK_SIGNED be changed slightly to "Domain 
> Keys: message has a (not yet verified) signature".

Already changed in 3.2:

describe DK_SIGNED              Domain Keys: message has a signature
describe DK_VERIFIED            Domain Keys: signature passes verification
describe DK_POLICY_SIGNSOME     Domain Keys: policy says domain signs 
some mails
describe DK_POLICY_SIGNALL      Domain Keys: policy says domain signs 
all mails
describe DK_POLICY_TESTING      Domain Keys: policy says domain is 
testing DK


Daryl

Re: Domainkeys - Conflicting msg headers?

Posted by Magnus Holmgren <ho...@lysator.liu.se>.

On Monday 23 January 2006 15:50, Matt Kettler took the opportunity to write:
> Glen Carreras wrote:
> > I've enabled the DK plugin (and applied
> > the patch) and for the most part, I believe DK is working but, the
> > following two headers confuse me as they appear to be conflicting
> > statements.  Are these normal or do I perhaps have something
> > mis-configured somewhere?
> >
> > *  0.0 DK_SIGNED Domain Keys: message has an unverified signature
> > * -0.0 DK_VERIFIED Domain Keys: signature passes verification
> >
> From looking at the domainkeys plugin, that's normal, and the
> description is a bit misleading.
>
> DK_SIGNED means the message is signed. Period. The follow-on text is
> trying to explain that DK_SIGNED has not verified the signature, it has
> merely detected one is present, so the signature may or may not be valid.
>
> DK_VERIFIED means the signature passed verification. Based on the code,
> this will never happen unless the message also matches DK_SIGNED.

I suggest that the description for DK_SIGNED be changed slightly to "Domain 
Keys: message has a (not yet verified) signature".

-- 
Magnus Holmgren        holmgren@lysator.liu.se
                       (No Cc of list mail needed, thanks)

Re: Domainkeys - Conflicting msg headers?

Posted by Matt Kettler <mk...@comcast.net>.

Glen Carreras wrote:
> Hello,
>
> I have searched through the archives and, although I did find a rather
> lengthy thread about DK, I didn't find my specific answer.  Hopefully
> someone here can help me out.  I've enabled the DK plugin (and applied
> the patch) and for the most part, I believe DK is working but, the
> following two headers confuse me as they appear to be conflicting
> statements.  Are these normal or do I perhaps have something
> mis-configured somewhere?
>
> *  0.0 DK_SIGNED Domain Keys: message has an unverified signature
> * -0.0 DK_VERIFIED Domain Keys: signature passes verification

>From looking at the domainkeys plugin, that's normal, and the
description is a bit misleading.

DK_SIGNED means the message is signed. Period. The follow-on text is
trying to explain that DK_SIGNED has not verified the signature, it has
merely detected one is present, so the signature may or may not be valid.

DK_VERIFIED means the signature passed verification. Based on the code,
this will never happen unless the message also matches DK_SIGNED.