RE: Can't make LocalADSP to work from Murray S. Kucherawy on 2011-12-21 (OpenDKIM Users mailing list)

From: Murray S. Kucherawy <msk_at_cloudmark.com>
Date: Wed, 21 Dec 2011 15:18:08 -0800

> -----Original Message-----
> From: SamLT [mailto:sam_at_sltosis.org]
> Sent: Wednesday, December 21, 2011 2:35 PM
> To: Murray S. Kucherawy
> Cc: opendkim-users_at_lists.opendkim.org
> Subject: Re: Can't make LocalADSP to work
>
> Ok, I did a quick try with v2.4.2, I may be doing something wrong since
> this is the header I receive when doing the same test as before
> (sending an email with telnet from yahoo, without DKIM signature):
>
> | Authentication-Results: mx.sltosis.org; dkim=none (no signature);
> | dkim-adsp=temperror ('_adsp._domainkey.yahoo.com' reply was
> | unresolved CNAME)
>
> The funny thing is the AR header is now "at the bottom" (below the
> Subject: in the header).

That means your compilation didn't find a version of libmilter that supports smfi_insheader(), which is what does at-the-top insertions.

> Well some settings have apparently changed (eg: no more ADSPDiscard),
> so I'll take the time to read the manual and do the test again.

If you have LocalADSP set to read a file containing:

yahoo.com discardable

...and you give it a message where the From: domain is yahoo.com and it doesn't also have a valid yahoo.com signature on it, you should see it reject that message. I see that in test mode:

medusa[3341]% opendkim/opendkim -x conf -t x -v -v -v
opendkim: mlfi_connect() returned SMFIS_CONTINUE
opendkim: x: mlfi_envfrom() returned SMFIS_CONTINUE
opendkim: x: mlfi_envrcpt() returned SMFIS_CONTINUE
opendkim: x: line 1: mlfi_header() returned SMFIS_CONTINUE
opendkim: x: line 2: mlfi_header() returned SMFIS_CONTINUE
opendkim: x: line 3: mlfi_header() returned SMFIS_CONTINUE
opendkim: x: mlfi_eoh() returned SMFIS_CONTINUE
opendkim: x: mlfi_body() returned SMFIS_CONTINUE
### SETREPLY: rcode='550' xcode='5.7.1' replytxt='rejected due to DKIM ADSP evaluation'
opendkim: x: mlfi_eom() returned SMFIS_REJECT
opendkim: mlfi_close() returned SMFIS_CONTINUE

Do you also have "ADSPAction" set to something? The documentation says:

Selects the action to be taken when an ADSP check against a message with
no valid author signature results in the message being deemed suspicious and
discardable. Possible values are "discard" (accept the mesasge but throw
it away) and "reject" (bounce the message). If not set, discardable messages
will still be delivered.
Received on Wed Dec 21 2011 - 23:18:17 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:22 PST