On Fri, Oct 22, 2010 at 10:47:11AM -0700, Murray S. Kucherawy wrote:
>
> Can you attach your configuration and, if you have InternalHosts
> set, include the contents of that file or table? Also the command
> line arguments used to start it would be helpful.
Here are the non-default settings:
<mills_at_setup01:159>$ egrep -v '^#|^$' /etc/mail/opendkim.conf
Domain testing.umanitoba.ca
KeyFile /etc/dkim/key.private
LogWhy yes
NoHeaderB yes
Selector testing
SingleAuthResult yes
Socket inet:8891_at_localhost
Syslog Yes
UserID daemon
> Also, set LogWhy to "True", reload/restart, and try sending a
> message that should be signed. The resulting log entries will tell
> you what checks it did.
My test:
<mills_at_setup01:158>$ mailx mills_at_cc.umanitoba.ca
Subject: Test Message
This one should say why it's not signed.
.
EOT
The logs are pretty clear now:
Oct 22 13:21:20 setup01 opendkim[10848]: [ID 858676 mail.info] o9MILKuK010865: no signing domain match for `testing.UManitoba.CA'
Oct 22 13:21:20 setup01 opendkim[10848]: [ID 880812 mail.info] o9MILKuK010865: no signing subdomain match for `testing.UManitoba.CA'
Oct 22 13:21:20 setup01 opendkim[10848]: [ID 699540 mail.debug] o9MILKuK010865: no signature data
It seems to be attempting a case-sensitive match. That can't be right
for domain names. People can chose any letter case they want for them.
--
-Gary Mills- -Unix Group- -Computer and Network Services-
Received on Fri Oct 22 2010 - 18:33:31 PST