<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-8859-1"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Helvetica LT Std";
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.E-MailFormatvorlage17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.E-MailFormatvorlage18
{mso-style-type:personal-reply;
font-family:"Helvetica LT Std","sans-serif";
color:#C8002D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=DE link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Helvetica LT Std","sans-serif";color:#C8002D'>Hallo Carsten,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Helvetica LT Std","sans-serif";color:#C8002D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Helvetica LT Std","sans-serif";color:#C8002D'>das löst vielleicht dein Postfix-open-dkim-Problem nicht, aber warum lässt Du Amavis nicht die ausgehenden Mails signieren? Da Du Amavis ja eh benutzt wäre das doch einfacher ;-) Hier der Auszug aus unserer /etc/amavis/conf.s/50-user:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Helvetica LT Std","sans-serif";color:#C8002D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Helvetica LT Std","sans-serif";color:#C8002D'>$enable_dkim_verification = 1; # enable DKIM signatures verification<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Helvetica LT Std","sans-serif";color:#C8002D'>$enable_dkim_signing = 1; # load DKIM signing code,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Helvetica LT Std","sans-serif";color:#C8002D'>dkim_key('meine.domain.de', 'main', '/var/lib/amavis/dkim/meine.domain.de.dkim.pem');<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Helvetica LT Std","sans-serif";color:#C8002D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Helvetica LT Std","sans-serif";color:#C8002D'>Ausführlich beschrieben ist das u. a. hier: https://sys4.de/de/blog/2013/09/02/amavisd-new-dkim-howto/<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Helvetica LT Std","sans-serif";color:#C8002D'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Helvetica LT Std","sans-serif";color:black;mso-fareast-language:DE'>Viele Grüße<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Helvetica LT Std","sans-serif";color:black;mso-fareast-language:DE'>i. A. Stephan Hendl<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Helvetica LT Std","sans-serif";color:black;mso-fareast-language:DE'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Helvetica LT Std","sans-serif";color:black;mso-fareast-language:DE'>--<br>Dr. Stephan Hendl<br>Landtag Brandenburg<br>Verwaltung<br>Referat V2<br>Alter Markt 1<br>14467 Potsdam<br>Tel.: (0331) 966 1292<br>Fax.: (0331) 966 99 1292<br>stephan.hendl@landtag.brandenburg.de</span><span style='font-size:10.0pt;font-family:"Helvetica LT Std","sans-serif";color:#C8002D;mso-fareast-language:DE'><o:p></o:p></span></p></div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Helvetica LT Std","sans-serif";color:#C8002D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:DE'>Von:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:DE'> Postfixbuch-users [mailto:postfixbuch-users-bounces@listen.jpberlin.de] <b>Im Auftrag von </b>Carsten Laun-De Lellis<br><b>Gesendet:</b> Dienstag, 22. März 2016 15:40<br><b>An:</b> postfixbuch-users@listen.jpberlin.de<br><b>Betreff:</b> Probleme mit dem signieren ausgehender mails mit Open-DKIM<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Hallo, alle zusammen<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Ich habe folgendes Problem:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Ich nehme emails von einem Exchange Server über port 25 als mailgateway entgegen für die Domänen example1.com und example2.com, welche ich gerne mit dem passenden dkim key signieren möchte:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Ich habe gemäß der Anleitung <a href="https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy">https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy</a> opendkim für mehrere Domänen konfiguriert:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US>/etc/opendkim.conf<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Syslog yes<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>SyslogSuccess yes<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>LogWhy yes<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>UMask 002<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>AutoRestart Yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>AutoRestartRate 10/1h<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Canonicalization relaxed/simple<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>ExternalIgnoreList refile:/etc/dkimkeys/TrustedHosts<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>InternalHosts refile:/etc/dkimkeys/TrustedHosts<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>KeyTable refile:/etc/dkimkeys/KeyTable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>SigningTable refile:/etc/dkimkeys/SigningTable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Mode sv<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>PidFile /var/run/opendkim/opendkim.pid<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>SignatureAlgorithm rsa-sha256<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>UserID opendkim:opendkim<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>SOCKET inet:8891@localhost<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>/etc/dkimkeys/TrustedHosts<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>127.0.0.1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>localhost<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>ip.exchange.server<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>ip.postfix.server<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>*.example1.com<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>*.example2.com<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>/etc/dkimkeys/SigningTable<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'><a href="mailto:*@example1.com">*@example1.com</a> mail._domainkey.example1.com<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'><a href="mailto:*@example2.com">*@example2.com</a> mail._domainkey.example2.com<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>/etc/dkimkeys/KeyTable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>mail._domainkey.example1.com example1.com:mail:/etc/dkimkeys/keys/ example1.com / example1.com.private<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>mail._domainkey.example2.com example2.com:mail:/etc/dkimkeys/keys/ example2.com / example2.com.private<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Die Keys sollten soweit eigentlich o.k. sein, da ich bei einem dkim check mit online tools ein ok bekomme. Dies deutet darauf hin, dass der Eintrag im DNS und der Schlüssel soweit passen.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>In Postfix habe ich den milter über den folgenden Eintrag in die /etc/postfix/main.cf eingebunden.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>milter_default_action = accept<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>milter_protocol = 6<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>smtpd_milters=inet:localhost:8891<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>non_smtpd_milters=inet:localhost:8891<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Ein lsof –i :8891 liefert folgenden output:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>opendkim 6961 opendkim 4u IPv4 69527 0t0 TCP localhost:8891 (LISTEN)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Ich kann also davon ausgehen, dass open-dkim läuft auf dem port 8891.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Wenn ich nun ein grep -i dkim /var/log/mail.log ausführe dann bekomme ich einen output der mir anzeigt, dass eingehende emails von amavis auf dkim keys überprüft werden.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Bsp.:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Mar 22 15:18:08 RV1008 amavis[5481]: (05481-09) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [144.76.82.147]:50211 [2607:f8b0:400d:c04::230] <<a href="mailto:samba-bounces@lists.samba.org">samba-bounces@lists.samba.org</a>> -> <<a href="mailto:user1@example2.com">user1@example2.com</a>>, Message-ID: <<a href="mailto:CAAqWYyFsd3rmami2fMUkR6KdpWD3X9pUQd4MHSr_R_kkQkm6DQ@mail.gmail.com">CAAqWYyFsd3rmami2fMUkR6KdpWD3X9pUQd4MHSr_R_kkQkm6DQ@mail.gmail.com</a>>, mail_id: 8mBNSew2gnNq, Hits: 0.242, size: 11501, queued_as: 0184C780094, <span style='color:red'>dkim_sd</span>=2954282:lists.samba.org, 6505 ms<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal>Für ausgehende emails finde ich keinerlei Einträge im maillog die auf irgendwelche Aktivitäten hindeuten, dass open-dkim versucht die emails zu signieren.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Was mache ich da falsch?<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Ach ja, ich setze Ubuntu 15.10 ein mit postfix 3.0.4.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Für Hinweise wäre ich wirklich dankbar.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black;mso-fareast-language:DE'>Mit freundlichem Gruß<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black;mso-fareast-language:DE'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black;mso-fareast-language:DE'>Carsten Laun-De Lellis<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black;mso-fareast-language:DE'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black;mso-fareast-language:DE'>Hauptstrasse 13<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black;mso-fareast-language:DE'>D - 67705 Trippstadt<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black;mso-fareast-language:DE'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black;mso-fareast-language:DE'>Phone: +49 6306 992140<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black;mso-fareast-language:DE'>Mobile: +49 151 275 30865<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black;mso-fareast-language:DE'>Fax: +49 6306 992142<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black;mso-fareast-language:DE'>email: </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black;mso-fareast-language:DE'><a href="mailto:carsten.delellis@delellis.net"><span lang=EN-US style='color:blue'>carsten.delellis@delellis.net</span></a></span><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black;mso-fareast-language:DE'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black;mso-fareast-language:DE'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black;mso-fareast-language:DE'><a href="http://www.linkedin.com/in/carstenlaundelellis"><span lang=EN-US style='color:blue'>http://www.linkedin.com/in/carstenlaundelellis</span></a></span><span lang=EN-US style='color:#1F497D;mso-fareast-language:DE'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D;mso-fareast-language:DE'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black;mso-fareast-language:DE'>---------------------------------------------------<br><br>Diese E-Mail könnte vertrauliche und/oder rechtlich geschützte Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.<br><br></span><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black;mso-fareast-language:DE'>This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.</span><span lang=EN-US style='mso-fareast-language:DE'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p></div></body></html>