RE: InternalHosts Issue

From: Murray S. Kucherawy <msk_at_cloudmark.com>
Date: Tue, 5 Oct 2010 22:06:58 -0700

Interesting. It should be matching on that based on that input. I'll see if I can simulate what you're seeing and thus figure out if it's a bug or not.

One thing though: You don't need "refile" for a file that contains no wildcards or regular expressions on which to match. Since everything in there is a string, you can just change it to "file".

-MSK

From: opendkim-users-bounce_at_lists.opendkim.org [mailto:opendkim-users-bounce_at_lists.opendkim.org] On Behalf Of Steve Jenkins
Sent: Tuesday, October 05, 2010 9:24 PM
To: opendkim-users_at_lists.opendkim.org
Subject: RE: InternalHosts Issue

Well, I think I answered my own issue. For some reason I don't understand, the localhost IP (127.0.0.1/8) must appear LAST in the trusted-hosts list. If it appears before any of the other trusted hosts, those other hosts aren't considered "internal." Can someone confirm this is a feature and not a bug? I couldn't find anything on Google that explains why this works this way, but I'm glad I figured it out and mail from my trusted host is now being signed. :)

SteveJ


From: opendkim-users-bounce_at_lists.opendkim.org [mailto:opendkim-users-bounce_at_lists.opendkim.org] On Behalf Of Steve Jenkins
Sent: Tuesday, October 05, 2010 5:11 PM
To: opendkim-users_at_lists.opendkim.org
Subject: InternalHosts Issue

I've googled for the answer, and searched through the archives, but can't seem to see what I'm doing wrong. It's GOTTA be something simple that I'm overlooking. :)

I have two servers: Zork and Yar. Both are running Postfix and Zork is running OpenDKIM (2.2.0 released on 10/3/10).

Zork sends signed mail no problem and says:

"Oct 5 16:32:58 zork opendkim[23594]: 0116C15F513: DKIM-Signature header added"

Yar is set up to relay mail through Zork. I've added Yar's hostname (and IP for good measure) to the InternalHosts file on Zork, but I still get this error in Zork's maillog:

Oct 5 17:02:20 zork opendkim[437]: (unknown-jobid): yar.gamerid.com [216.168.47.162] not internal
Oct 5 17:02:20 zork opendkim[437]: (unknown-jobid): not authenticated
Oct 5 17:02:20 zork opendkim[437]: 7DE9915F513: no signature data

Here's my /etc/opendkim.conf:

##
## opendkim.conf -- configuration file for OpenDKIM filter
##
## $Id: opendkim.conf.sample,v 1.5 2010/03/05 03:32:12 mmarkley Exp $
##
ADSPAction Continue
ADSPNoSuchDomain Yes
AutoRestart Yes
AutoRestartRate 10/1h
Canonicalization relaxed/relaxed
ExternalIgnoreList refile:/etc/mail/dkim/trusted-hosts
InternalHosts refile:/etc/mail/dkim/trusted-hosts
KeyTable refile:/etc/mail/dkim/keyTable
LogWhy Yes
On-Default accept
On-BadSignature accept
On-DNSError tempfail
On-InternalError accept
On-NoSignature accept
On-Security tempfail
PidFile /var/run/opendkim/dkim-milter.pid
SignatureAlgorithm rsa-sha256
SigningTable refile:/etc/mail/dkim/signingTable
Socket inet:20209_at_localhost
Syslog Yes
SyslogSuccess Yes
TemporaryDirectory /var/tmp
UMask 022
UserID opendkim-milt:opendkim-milt
X-Header Yes

Here's my /etc/mail/dkim/trusted-hosts file:
127.0.0.1
216.168.47.162
yar.gamerid.com

I've been pulling my hair out. I'm not sure what else OpenDKIM needs to accept Yar as "internal." Can anyone shove me in the right direction?

Thanks in advance,

Steve
Received on Wed Oct 06 2010 - 05:07:14 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:19:49 PST