Re: opendkim getting hardfail with Google from Rolf E. Sonneveld on 2011-03-09 (OpenDKIM Users mailing list)

From: Rolf E. Sonneveld <R.E.Sonneveld_at_sonnection.nl>
Date: Wed, 09 Mar 2011 19:43:46 +0100

On 3/9/11 7:34 PM, Chris C wrote:
> Hm, we had that working also. That was the first thing we got working
> then built up from there. This is our main email router that has
> exchange, strongmail, majordomo lists on other servers sitting behind
> this box. We have to masq or business functions would break.
>
> Here is my configuration (minus comments)...
>
> divert(-1)dnl
> include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
> VERSIONID(`setup for linux')dnl
> OSTYPE(`linux')dnl
> define(`confDEF_USER_ID', ``8:12'')dnl
> define(`confTO_CONNECT', `1m')dnl
> define(`confTRY_NULL_MX_LIST', `True')dnl
> define(`confDONT_PROBE_INTERFACES', `True')dnl
> define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
> define(`ALIAS_FILE', `/etc/aliases')dnl
> define(`STATUS_FILE', `/var/log/mail/statistics')dnl
> define(`UUCP_MAILER_MAX', `2000000')dnl
> define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
> define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
> define(`confAUTH_OPTIONS', `A')dnl
> define(`confTO_IDENT', `0')dnl
> FEATURE(`no_default_msa', `dnl')dnl
> FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
> FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
> FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
> FEATURE(redirect)dnl
> FEATURE(always_add_domain)dnl
> FEATURE(use_cw_file)dnl
> FEATURE(use_ct_file)dnl
> FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
> FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
> FEATURE(`blacklist_recipients')dnl
> EXPOSED_USER(`root')dnl
> DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
> FEATURE(`accept_unresolvable_domains')dnl
> LOCAL_DOMAIN(`localhost.localdomain')dnl
> MASQUERADE_AS(`akc.org')dnl
> FEATURE(masquerade_envelope)dnl
> FEATURE(masquerade_entire_domain)dnl
> MASQUERADE_DOMAIN(`localhost')dnl
> MASQUERADE_DOMAIN(`localhost.localdomain')dnl
> MASQUERADE_DOMAIN(`mailgate1.akc.org')dnl
> INPUT_MAIL_FILTER(`opendkim', `S=inet:8891_at_127.0.0.1')dnl
> MAILER(smtp)dnl
> MAILER(procmail)dnl
>
>
> Any ideas?

it seems that the OpenDKIM milter is signing before Sendmail rewrites
the From address in accordance with your masquerade settings. Change the
order and you're done ;-)

/rolf
Received on Wed Mar 09 2011 - 18:42:23 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:16 PST