Hello,
> Authentication-Results: foo.umrk.org; dkim=pass
> (1024-bit key; insecure key) header.i=_at_gmail.com; dkim-adsp=pass
does DNSSEC verification occur only if opendkim is compiled with
--with-unbound=... ?
> Jul 10 18:03:34 cobalt opendkim[3282]: ABC653FC3B mail-fx0-f50.google.com
> [209.85.161.50] not internal
> Jul 10 18:03:34 cobalt opendkim[3282]: ABC653FC3B not authenticated
this is very confusing to users. Opendkim can act a signer or verifier.
In this context opendkim decides to sign or verify. Opendkim logs here some
marginal intermediate results. But the final result (sign or verify) would
only be logged if syslogsuccess is set to yes. But this is unfortunly not
the default.
Stephen,
in your setup you call opendkim twice for each message.
first time when it arrived via smtp an a second time if spamd reinjects
the mail via smtp at localhost.
You should remove smtpd_milters=...opendkim from main.cf and put it
in the master.cf as an option to the external smtp-server
(I assume, you have already 2 smtp servers in your master.cf )
Andreas
--
Viele Grüße
Andreas Schulze
Received on Tue Jul 13 2010 - 08:35:21 PST