On Sunday, 30 October 2022 at 17:58 (-0400), David Rosenstrauch wrote:
After posting a message to this list earlier today, I immediately received nearly a dozen DKIM fail messages, all being sent by the "OpenDMARC Filter" at various domains, and all saying that the DKIM fail reason was "signature verification failed".
[...]
Anyone know why these fail messages might be happening? Is this being caused by a misconfiguration in Arch's mailman installation? Or is this a misconfiguration of the individual OpenDMARC software installations at each of those domains?
FWIW, my OpenDKIM with default settings flagged your earlier email with a DKIM fail, but passed this one. The failure mechanism on the first email was "signature verification failed". I'm no DKIM expert, but perhaps there was a DNS resolution problem at that time and the key was inaccessible? Relevant part of received headers follows: From your earlier email:
Authentication-Results: mail.kent-dobias.com; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=darose.net header.i=@darose.net header.a=rsa-sha256 header.s=dreamhost header.b=UaDsk2dh Authentication-Results: mail.kent-dobias.com; dmarc=fail (p=none dis=none) header.from=darose.net Authentication-Results: mail.kent-dobias.com; spf=pass smtp.mailfrom=lists.archlinux.org Authentication-Results: lists.archlinux.org; dkim=pass header.d=darose.net header.s=dreamhost header.b=UaDsk2dh; dmarc=pass (policy=none) header.from=darose.net; spf=pass (lists.archlinux.org: domain of darose@darose.net designates 23.83.214.25 as permitted sender) smtp.mailfrom=darose@darose.net; arc=pass ("mailchannels.net:s=arc-2022:i=1")
From this email:
Authentication-Results: mail.kent-dobias.com; dkim=pass (2048-bit key; unprotected) header.d=darose.net header.i=@darose.net header.a=rsa-sha256 header.s=dreamhost header.b=JyPU2yJv
Authentication-Results: mail.kent-dobias.com; dmarc=pass (p=none dis=none) header.from=darose.net Authentication-Results: mail.kent-dobias.com; spf=pass smtp.mailfrom=lists.archlinux.org Authentication-Results: lists.archlinux.org; dkim=pass header.d=darose.net header.s=dreamhost header.b=JyPU2yJv; dmarc=pass (policy=none) header.from=darose.net; spf=pass (lists.archlinux.org: domain of darose@darose.net designates 23.83.212.19 as permitted sender) smtp.mailfrom=darose@darose.net; arc=pass ("mailchannels.net:s=arc-2022:i=1")
Jaron