Hi Murray;
Ok, I really thank you for your help, you shed a light on this issue for me.
I added my mail generating system's IP to "InternalHosts" section in
/etc/opendkim.conf file and the result belonging to log file as below:
Mar 13 00:32:46 mail01 opendkim[25237]: OpenDKIM Filter v2.0.0 starting
(args: -x /etc/opendkim.conf)
Mar 13 00:33:18 mail01 opendkim[25237]: o2CMXIRV025247 no MTA name match
Mar 13 00:34:50 mail01 opendkim[25237]: o2CMYo58025254 no MTA name match
Mar 13 00:41:48 mail01 opendkim[25237]: o2CMflTB025289 no MTA name match
I sent a new mail now and it successfully reached to gmail as signed however
in yahoo, despite the fact that I am seeing DKIM header in mail, there is no
indication (key sembol or tooltip) that it has been signed. Could it be a
spesific issue with yahoo?
By the way, for the "MTA dataset" section of my /etc/opendkim.conf file the
line is the following:
MTA MSA
Should I change the "MSA" with the localhost or the FQDN of my Sendmail box?
Any helps? Thanks again.
On Sat, Mar 13, 2010 at 12:16 AM, Murray S. Kucherawy <msk_at_cloudmark.com>wrote:
> This was caught by the list software as you're still not subscribed to the
> list. Please visit http://lists.opendkim.org to subscribe.
>
> > -----Original Message-----
> > From: Listria [mailto:listria_at_lists.opendkim.org]
> > Sent: Friday, March 12, 2010 2:09 PM
> > To: opendkim-users-moderators_at_lists.opendkim.org
> > Subject: opendkim-users: murataltiparmak_at_gmail.com post needs approval
> >
> > [...]
> >
> > Hi Murray,
> >
> > I really appreciate for your reply and help. Ok, I changed the LogWhy
> > value
> > to "yes" and sent one mail through Sendmail MTA and got the following
> > logs:
> >
> > Mar 12 23:53:55 mail01 opendkim[18687]: OpenDKIM Filter: mi_stop=3D1
> > Mar 12 23:53:55 mail01 opendkim[18687]: OpenDKIM Filter v2.0.0
> > terminating
> > with status 0, errno =3D 0
> > Mar 12 23:56:06 mail01 opendkim[25079]: OpenDKIM Filter v2.0.0 starting
> > (args: -x /etc/opendkim.conf)
> > Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096 no MTA name
> > match
> > Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096 [10.255.0.2]
> > [10.255.0.2] not internal
> > Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096 not
> > authenticated
> > Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096: no signature
> > data
> >
> > 10.255.0.2 is the IP address that my e-mail client resides.
> >
> > Could you please explain the logs in detail?
> >
> > Thanks again for your time.
>
> You should read the section of the opendkim(8) man page called OPERATION.
> It explains how the filter decides whether or not it should sign a message.
> There are two requirements: (a) the mail must be "From:" a domain for which
> you should be signing, and (b) the SMTP client sending the mail must be
> classified as internal, so you don't end up signing mail that actually comes
> from unauthorized sources even if the domain name is right.
>
> So looking at these log entries, you probably did get a domain name match
> on the mail, satisfying (a) above; however:
>
> > Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096 no MTA name match
>
> You didn't have any configuration information that indicates what MTA names
> should be considered as internal sources;
>
> > Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096 [10.255.0.2]
> [10.255.0.2] not internal
>
> The internal host table does not contain 10.255.0.2, your SMTP client;
>
> > Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096 not authenticated
>
> ...and SMTP AUTH was not done by the SMTP client sending the mail. So
> condition (b) above has not been met, so it will not sign your mail.
>
> > Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096: no signature data
>
> So it tried to verify the mail instead, and this log entry indicates it was
> not signed.
>
> Try adding 10.255.0.2 (or perhaps that whole subnet) to your internal hosts
> table and try sending again. Check the opendkim.conf(5) man page for the
> InternalHosts setting description.
>
> -MSK
>
Received on Fri Mar 12 2010 - 23:00:34 PST