This was caught by the list software as you're still not subscribed to the list. Please visit
http://lists.opendkim.org to subscribe.
> -----Original Message-----
> From: Listria [mailto:listria_at_lists.opendkim.org]
> Sent: Friday, March 12, 2010 2:09 PM
> To: opendkim-users-moderators_at_lists.opendkim.org
> Subject: opendkim-users: murataltiparmak_at_gmail.com post needs approval
>
> [...]
>
> Hi Murray,
>
> I really appreciate for your reply and help. Ok, I changed the LogWhy
> value
> to "yes" and sent one mail through Sendmail MTA and got the following
> logs:
>
> Mar 12 23:53:55 mail01 opendkim[18687]: OpenDKIM Filter: mi_stop=3D1
> Mar 12 23:53:55 mail01 opendkim[18687]: OpenDKIM Filter v2.0.0
> terminating
> with status 0, errno =3D 0
> Mar 12 23:56:06 mail01 opendkim[25079]: OpenDKIM Filter v2.0.0 starting
> (args: -x /etc/opendkim.conf)
> Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096 no MTA name
> match
> Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096 [10.255.0.2]
> [10.255.0.2] not internal
> Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096 not
> authenticated
> Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096: no signature
> data
>
> 10.255.0.2 is the IP address that my e-mail client resides.
>
> Could you please explain the logs in detail?
>
> Thanks again for your time.
You should read the section of the opendkim(8) man page called OPERATION. It explains how the filter decides whether or not it should sign a message. There are two requirements: (a) the mail must be "From:" a domain for which you should be signing, and (b) the SMTP client sending the mail must be classified as internal, so you don't end up signing mail that actually comes from unauthorized sources even if the domain name is right.
So looking at these log entries, you probably did get a domain name match on the mail, satisfying (a) above; however:
> Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096 no MTA name match
You didn't have any configuration information that indicates what MTA names should be considered as internal sources;
> Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096 [10.255.0.2] [10.255.0.2] not internal
The internal host table does not contain 10.255.0.2, your SMTP client;
> Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096 not authenticated
...and SMTP AUTH was not done by the SMTP client sending the mail. So condition (b) above has not been met, so it will not sign your mail.
> Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096: no signature data
So it tried to verify the mail instead, and this log entry indicates it was not signed.
Try adding 10.255.0.2 (or perhaps that whole subnet) to your internal hosts table and try sending again. Check the opendkim.conf(5) man page for the InternalHosts setting description.
-MSK
Received on Fri Mar 12 2010 - 22:16:26 PST