Re: [dkim-ops] no signature data on the log

From: Murat ALTIPARMAK <murataltiparmak_at_gmail.com>
Date: Sat, 13 Mar 2010 01:49:30 +0200

Hi Murray,

I am a little bit confused because I finally succeeded in signing the
messages from my domain thanks to you and sent successfully to signed e-mail
to gmail.com. However, the same e-mail is reaching to yahoo but it is not
being treated as signed by Yahoo although DKIM-Signature is available in the
header. As the name states, opendkim should be open to every mail provider
and am I not right about that? Why is not Yahoo accepting the same mail as
signed? Is there a time interval for a domain to start sending signed mails
to Yahoo? Should I open a support ticket?

By the way, I am including the both header files of the same mail from gmail
and yahoo as below. Any suggestions?


>>>>>>

X-Originating-IP: [88.255.231.89]
Authentication-Results: mta196.mail.sp2.yahoo.com from=;
domainkeys=neutral (no sig); from=ttnetbilgilendirme.com.tr; dkim=pass (ok)
Received: from 127.0.0.1 (EHLO mail01.messaging.intra) (88.255.231.89) by
mta196.mail.sp2.yahoo.com with SMTP; Fri, 12 Mar 2010 15:36:56 -0800
Received: from APP01 ([172.18.8.221]) by mail01.messaging.intra
(8.13.8/8.13.8/Debian-3) with SMTP id o2CNapRM025484; Sat, 13 Mar 2010
01:36:51 +0200
Message-ID: <32A1E1C542EB41DC838B1B8831B8F9B1_at_messaging.intra>
Date: Sat, 13 Mar 2010 01:36:45 +0200
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-9";
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=
ttnetbilgilendirme.com.tr; s=mail; t=1268437012;
bh=pKKwBaQeXArcabU4pm9s9oVrVwXYeReoN1t5CS7Bqhs=;
h=Message-ID:From:To:Cc:Subject:Date:MIME-Version:Content-Type:
Content-Transfer-Encoding;
b=BQUK+L3DIapaS6PSLZAU+pYffiK5BOvwtImtOzlT3nxrxVc2RIGNUSApOBk9G1fFu
G44YFQ3vYUG7N4Wv3bHKx3E1fDVWbJtygmGaQmZz6ew0mvMH4irwdOd3DAcQLxVpmu
JagMdQpkfOqPuH+YTMjFrmduzmwuxes3edOK3wfs=
Content-Length: 11



>>>>>>>

Received: by 10.223.117.20 with SMTP id o20cs187543faq;
        Fri, 12 Mar 2010 15:36:54 -0800 (PST)
Received: by 10.204.49.83 with SMTP id u19mr4556585bkf.157.1268437014010;
        Fri, 12 Mar 2010 15:36:54 -0800 (PST)
Received: [88.255.231.89])
        by mx.google.com with ESMTP id
w18si3608872bka.100.2010.03.12.15.36.52;
        Fri, 12 Mar 2010 15:36:52 -0800 (PST)
Received-SPF: pass (google.com: domain of
ttnetbilgilendirme.com.trdesignates 88.255.231.89 as permitted sender)
client-ip=88.255.231.89;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
ttnetbilgilendirme.com.tr designates 88.255.231.89 as permitted sender)
smtp.mail=_at_ttnetbilgilendirme.com.tr; dkim=pass header.i=_at_
ttnetbilgilendirme.com.tr
Sat, 13 Mar 2010 01:36:51 +0200
Message-ID: <32A1E1C542EB41DC838B1B8831B8F9B1_at_messaging.intra>
Date: Sat, 13 Mar 2010 01:36:45 +0200
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="iso-8859-9";
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.3790.3959
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=ttnetbilgilendirme.com.tr; s=mail; t=1268437012;
bh=pKKwBaQeXArcabU4pm9s9oVrVwXYeReoN1t5CS7Bqhs=;
h=Message-ID:From:To:Cc:Subject:Date:MIME-Version:Content-Type:
 Content-Transfer-Encoding;
b=BQUK+L3DIapaS6PSLZAU+pYffiK5BOvwtImtOzlT3nxrxVc2RIGNUSApOBk9G1fFu
 G44YFQ3vYUG7N4Wv3bHKx3E1fDVWbJtygmGaQmZz6ew0mvMH4irwdOd3DAcQLxVpmu
 JagMdQpkfOqPuH+YTMjFrmduzmwuxes3edOK3wfs=


On Sat, Mar 13, 2010 at 1:14 AM, Murray S. Kucherawy <msk_at_cloudmark.com>wrote:

> If you have it signing by IP address, you don’t need to set the MTA name
> parameter.
>
>
>
> If you are seeing the DKIM-Signature: header field in Yahoo’s mail client,
> then your mail is getting to them signed. I don’t know offhand how Yahoo!
> indicates the verification result; you might look for an
> Authentication-Results: header field which is the most common way of showing
> the results.
>
>
>
> *From:* Murat ALTIPARMAK [mailto:murataltiparmak_at_gmail.com]
> *Sent:* Friday, March 12, 2010 3:00 PM
> *To:* Murray S. Kucherawy
> *Cc:* opendkim-users_at_lists.opendkim.org
> *Subject:* Re: [dkim-ops] no signature data on the log
>
>
>
> Hi Murray;
>
>
>
> Ok, I really thank you for your help, you shed a light on this issue for
> me. I added my mail generating system's IP to "InternalHosts" section in
> /etc/opendkim.conf file and the result belonging to log file as below:
>
>
>
> Mar 13 00:32:46 mail01 opendkim[25237]: OpenDKIM Filter v2.0.0 starting
> (args: -x /etc/opendkim.conf)
>
> Mar 13 00:33:18 mail01 opendkim[25237]: o2CMXIRV025247 no MTA name match
>
> Mar 13 00:34:50 mail01 opendkim[25237]: o2CMYo58025254 no MTA name match
>
> Mar 13 00:41:48 mail01 opendkim[25237]: o2CMflTB025289 no MTA name match
>
>
>
> I sent a new mail now and it successfully reached to gmail as signed
> however in yahoo, despite the fact that I am seeing DKIM header in mail,
> there is no indication (key sembol or tooltip) that it has been signed.
> Could it be a spesific issue with yahoo?
>
>
>
> By the way, for the "MTA dataset" section of my /etc/opendkim.conf file the
> line is the following:
>
>
>
> MTA MSA
>
>
>
> Should I change the "MSA" with the localhost or the FQDN of my Sendmail
> box?
>
>
>
> Any helps? Thanks again.
>
>
>
>
>
> On Sat, Mar 13, 2010 at 12:16 AM, Murray S. Kucherawy <msk_at_cloudmark.com>
> wrote:
>
> This was caught by the list software as you're still not subscribed to the
> list. Please visit http://lists.opendkim.org to subscribe.
>
>
> > -----Original Message-----
> > From: Listria [mailto:listria_at_lists.opendkim.org]
> > Sent: Friday, March 12, 2010 2:09 PM
> > To: opendkim-users-moderators_at_lists.opendkim.org
> > Subject: opendkim-users: murataltiparmak_at_gmail.com post needs approval
> >
> > [...]
> >
> > Hi Murray,
> >
> > I really appreciate for your reply and help. Ok, I changed the LogWhy
> > value
> > to "yes" and sent one mail through Sendmail MTA and got the following
> > logs:
> >
>
> > Mar 12 23:53:55 mail01 opendkim[18687]: OpenDKIM Filter: mi_stop=3D1
>
> > Mar 12 23:53:55 mail01 opendkim[18687]: OpenDKIM Filter v2.0.0
> > terminating
>
> > with status 0, errno =3D 0
>
> > Mar 12 23:56:06 mail01 opendkim[25079]: OpenDKIM Filter v2.0.0 starting
> > (args: -x /etc/opendkim.conf)
> > Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096 no MTA name
> > match
> > Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096 [10.255.0.2]
> > [10.255.0.2] not internal
> > Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096 not
> > authenticated
> > Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096: no signature
> > data
> >
> > 10.255.0.2 is the IP address that my e-mail client resides.
> >
> > Could you please explain the logs in detail?
> >
> > Thanks again for your time.
>
> You should read the section of the opendkim(8) man page called OPERATION.
> It explains how the filter decides whether or not it should sign a message.
> There are two requirements: (a) the mail must be "From:" a domain for which
> you should be signing, and (b) the SMTP client sending the mail must be
> classified as internal, so you don't end up signing mail that actually comes
> from unauthorized sources even if the domain name is right.
>
> So looking at these log entries, you probably did get a domain name match
> on the mail, satisfying (a) above; however:
>
>
> > Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096 no MTA name match
>
> You didn't have any configuration information that indicates what MTA names
> should be considered as internal sources;
>
>
> > Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096 [10.255.0.2]
> [10.255.0.2] not internal
>
> The internal host table does not contain 10.255.0.2, your SMTP client;
>
>
> > Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096 not authenticated
>
> ...and SMTP AUTH was not done by the SMTP client sending the mail. So
> condition (b) above has not been met, so it will not sign your mail.
>
>
> > Mar 12 23:59:31 mail01 opendkim[25079]: o2CLxTPg025096: no signature data
>
> So it tried to verify the mail instead, and this log entry indicates it was
> not signed.
>
> Try adding 10.255.0.2 (or perhaps that whole subnet) to your internal hosts
> table and try sending again. Check the opendkim.conf(5) man page for the
> InternalHosts setting description.
>
> -MSK
>
>
>
Received on Fri Mar 12 2010 - 23:49:52 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:19:46 PST