Re: on VerifyError

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Fri, 27 Aug 2010 00:18:51 -0700 (PDT)

On Mon, 23 Aug 2010, Andreas Schulze wrote:
> i sent a mail to the spamassasin mailinglist. The mail was dkimsigned.
> While getting the mail back from apache.org servers, my dkim tries to
> verify the (of course changes message).
>
> But I got an unexpected logs from my postfix:
>
> Aug 23 12:08:19 taro postfix/smtpd[971]: 04A3D2CD3:
> client=hermes.apache.org[140.211.11.3]
> Aug 23 12:08:19 taro postfix/cleanup[958]: 04A3D2CD3:
> message-id=<bcd22473b21024d918cab12fbab14abc.squirrel_at_andreasschulze.de>
> Aug 23 12:08:20 taro opendkim[5494]: 04A3D2CD3: no MTA name match
> Aug 23 12:08:20 taro opendkim[5494]: 04A3D2CD3: hermes.apache.org
> [140.211.11.3] not internal
> Aug 23 12:08:20 taro opendkim[5494]: 04A3D2CD3: not authenticated
> Aug 23 12:08:20 taro postfix/cleanup[958]: 04A3D2CD3: milter-reject:
> END-OF-MESSAGE from hermes.apache.org[140.211.11.3]: 4.7.1 Service
> unavailable - try again later;
> from=<users-return-90620-**me**_at_spamassassin.apache.org> to=<**me**>
> proto=SMTP helo=<mail.apache.org>
>
> I have "SendReports yes" in opendkim.conf an my public key in dns has
> 'r=dkim+2010' so my dkim sent a "Verify failed for a message I sent".
> to myself. At least this works ;-)
>
> On-BadSignature ist default "accept" so I expect a nonvalidatin Message
> would pass. Could this assumtion change if I also set my adsp Record to
> "dkim=all" ???

None of this should cause the temporary failure. Something else is going
on.

Did the filter die at this point? Was there a coredump, or did it
auto-restart?

opendkim almost always logs something when it is returning a rejection
instruction of any kind to the MTA, so it's strange that there's nothing
in the logs here.

The default TEMPFAIL actions are security matters, internal errors or DNS
errors, but I can't imagine a case where something like that isn't
accompanied by a log message. Everything else is accepted for delivery by
default.

Do you have a copy of a message you can share that reproduces this
condition?

-MSK
Received on Fri Aug 27 2010 - 07:19:22 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:19:48 PST