Re: DKIM - InternalHosts

From: John Espiro <john_espiro_at_yahoo.com>
Date: Thu, 27 Jan 2011 00:46:34 +0100

Hi Murray -

Actually, you raise an interesting point... If I have only lowercase in
the conf file, but my email client capitalizes the "from" field, I would
run into the same issue too right?

John

On 1/26/2011 6:55 PM, Murray S. Kucherawy wrote:
>
> Ah, I think I see what's going on.
>
> There are, of course, two domain names that have to match for a
> signature to be added. One comes from the From: field and one comes
> from the Domain list (or database, depending on your configuration).
> We do convert the former to lowercase, but we're not converting the
> latter. So you might say:
>
> Domain NiceExample.com
>
> And you might even have:
>
> From: user_at_NiceExample.com <mailto:user_at_NiceExample.com>
>
> ...but the latter is converted to lowercase while the former is not,
> so they don't match. I guess it never occurred that someone would put
> capitalized letters in the configuration file which is why we haven't
> seen it before.
>
> This will be fixed in 2.3.0.Beta5. Thanks for the report!
>
> -MSK
>
> *From:*opendkim-users-bounce_at_lists.opendkim.org
> [mailto:opendkim-users-bounce_at_lists.opendkim.org] *On Behalf Of *John
> Espiro
> *Sent:* Wednesday, January 26, 2011 1:46 AM
> *To:* opendkim-users_at_lists.opendkim.org
> *Subject:* Re: DKIM - InternalHosts
>
> OK, after following hte guide from Steve, and your post earlier, I
> have this working now, with the exception that it seems to be
> case-sensitive. Is that as-designed? Is there a workaround? What do
> you think?
>
> Steve
>
> On 1/26/2011 1:12 AM, Murray S. Kucherawy wrote:
>
> Is there an upper/lowercase mismatch between what's in your config
> file and what's in From:?
>
> *From:*opendkim-users-bounce_at_lists.opendkim.org
> <mailto:opendkim-users-bounce_at_lists.opendkim.org>
> [mailto:opendkim-users-bounce_at_lists.opendkim.org] *On Behalf Of *John
> Espiro
> *Sent:* Tuesday, January 25, 2011 4:02 PM
> *To:* opendkim-users_at_lists.opendkim.org
> <mailto:opendkim-users_at_lists.opendkim.org>
> *Subject:* Re: DKIM - InternalHosts
>
> Hi Murray -
> Thanks for your reply.
>
> The Domain line looks like:
> Domain domainA.com,domainB.com
>
> There's no space after the comma (I had read a while ago that there
> were problems with a space). So I wonder what else it could be...
>
> Re: the MTA issue, I'll take a look at my sendmail config - that
> should be an easy fix.
>
> John
>
> On 1/26/2011 12:09 AM, Murray S. Kucherawy wrote:
>
> Is there a space around the comma in the Domain line? I can't tell
> from the way this MUA formats your mail. If there is, try without it.
>
> The issue is that "DomainB.com" doesn't appear to be in the domain
> list. It sees that in your From: but not in the list of domains to
> sign. Prior to v2.3.0, spaces weren't discarded in the Domain value
> which can unfortunately lead to mismatches.
>
> "no MTA name match" means the MTA connecting to the filter didn't
> announce its name as "MSA", matching what you have configured.
>
> The message would be signed if either of those were true.
>
> *From:*opendkim-users-bounce_at_lists.opendkim.org
> <mailto:opendkim-users-bounce_at_lists.opendkim.org>
> [mailto:opendkim-users-bounce_at_lists.opendkim.org] *On Behalf Of *John
> Espiro
> *Sent:* Tuesday, January 25, 2011 2:54 PM
> *To:* opendkim-users_at_lists.opendkim.org
> <mailto:opendkim-users_at_lists.opendkim.org>
> *Subject:* DKIM - InternalHosts
>
> Hi there -
>
> Sorry for the length of this message, however I wanted to fit as much
> data in to describe the issue I am having...
>
> I had been using DKIM-milter and switched to OpenDKIM just recently. I
> have 2 domains: domainA.com and domainB.com.
>
> My server handles email for both, and I use mail.domainA.com as my
> outgoing server for both. (mail.domainA.com is a pointer for domainA.com).
>
> From Thunderbird, via my home connection (sending with the outgoing
> smtp as mail.domainA.com) from domainB.com as the "from", I see the
> following:
>
> Jan 25 22:39:59 opendkim[21561]: p0PMdtQh021667: no MTA name match
> Jan 25 22:39:59 opendkim[21561]: p0PMdtQh021667: no signing domain
> match for `DomainB.com'
> Jan 25 22:39:59 opendkim[21561]: p0PMdtQh021667: no signing subdomain
> match for `DomainB.com'
> Jan 25 22:39:59 opendkim[21561]: p0PMdtQh021667: no signature data
>
> Sending via my webmail, I see OpenDKIM working perfectly.
>
> From thunderbird, via my home connection (sending with the outgoing
> smtp as mail.domainA.com) from domainA.com as the "from", I see
> OpenDKIM working perfectly. Although it does say " no MTA name match".
>
> 1.) What do I need to configure so that sending with domainB.com works?
> 2.) What does " no MTA name match" mean and how can I fix it?
>
> cat /etc/opendkim.conf:
>
> Syslog yes
> UMask 002
> Canonicalization relaxed/simple
> KeyFile /var/db/dkim/mail.key.pem
> MTA MSA
> Selector mail
> Socket inet:8891_at_localhost
> SignatureAlgorithm rsa-sha256
> Syslog Yes
> Userid opendkim
> X-Header Yes
> Mode sv
> InternalHosts /etc/dkim-internal-hosts
> LogWhy True
>
> cat /etc/dkim-internal-hosts:
>
> ip address of domainA.com
> ip address of domainB.com
> 127.0.0.1/8
>
>
> John
>
Received on Wed Jan 26 2011 - 23:47:32 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:15 PST