Re: opendkim and sendmail starttls auth from Philippe TEMESI on 2012-06-07 (OpenDKIM Users mailing list)

From: Philippe TEMESI <philippe.temesi_at_gmail.com>
Date: Thu, 07 Jun 2012 12:55:17 +0200

Sendmail log extract:

Jun 7 12:37:35 revo sendmail[22219]: NOQUEUE: connect from [188.188.86.21]
Jun 7 12:37:35 revo sendmail[22219]: AUTH: available mech=ANONYMOUS
LOGIN, allowed mech=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
Jun 7 12:37:35 revo sendmail[22219]: q57AbZfg022219: Milter (opendkim):
init success to negotiate
Jun 7 12:37:35 revo sendmail[22219]: q57AbZfg022219: Milter
(mimedefang): init success to negotiate
Jun 7 12:37:35 revo sendmail[22219]: q57AbZfg022219: Milter (greylist):
init success to negotiate
Jun 7 12:37:35 revo sendmail[22219]: q57AbZfg022219: Milter: connect to
filters
Jun 7 12:37:35 revo sendmail[22219]: q57AbZfg022219: milter=opendkim,
action=connect, continue
Jun 7 12:37:35 revo sendmail[22219]: q57AbZfg022219: milter=mimedefang,
action=connect, continue
Jun 7 12:37:35 revo sendmail[22219]: q57AbZfg022219: milter=greylist,
action=connect, continue
Jun 7 12:37:37 revo sendmail[22219]: q57AbZfg022219: milter=opendkim,
action=helo, continue
Jun 7 12:37:37 revo sendmail[22219]: q57AbZfg022219: milter=mimedefang,
action=helo, continue
Jun 7 12:37:37 revo sendmail[22223]: NOQUEUE: connect from
remote.highsmithlawfirm.com [24.199.183.218]
Jun 7 12:37:37 revo sendmail[22223]: AUTH: available mech=ANONYMOUS
LOGIN, allowed mech=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
Jun 7 12:37:37 revo sendmail[22223]: q57Abb5S022223: Milter (opendkim):
init success to negotiate
Jun 7 12:37:37 revo sendmail[22223]: q57Abb5S022223: Milter
(mimedefang): init success to negotiate
Jun 7 12:37:37 revo sendmail[22223]: q57Abb5S022223: Milter (greylist):
init success to negotiate
Jun 7 12:37:37 revo sendmail[22223]: q57Abb5S022223: Milter: connect to
filters
Jun 7 12:37:37 revo sendmail[22223]: q57Abb5S022223: milter=opendkim,
action=connect, continue
Jun 7 12:37:37 revo sendmail[22223]: q57Abb5S022223: milter=mimedefang,
action=connect, continue
Jun 7 12:37:37 revo sendmail[22223]: q57Abb5S022223: milter=greylist,
action=connect, continue
Jun 7 12:37:38 revo sendmail[22219]: STARTTLS=server,
relay=[188.188.86.21], version=TLSv1/SSLv3, verify=NO,
cipher=DHE-RSA-AES256-SHA, bits=256/256
Jun 7 12:37:38 revo sendmail[22219]: STARTTLS=server, cert-subject=,
cert-issuer=, verifymsg=ok
Jun 7 12:37:38 revo sendmail[22219]: AUTH: available mech=ANONYMOUS
LOGIN, allowed mech=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
Jun 7 12:37:38 revo sendmail[22219]: poststats:
/var/run/sendmail/statistics: No such file or directory
Jun 7 12:37:38 revo sendmail[22219]: q57AbZfh022219: milter=opendkim,
action=helo, continue
Jun 7 12:37:38 revo sendmail[22219]: q57AbZfh022219: milter=mimedefang,
action=helo, continue
Jun 7 12:37:38 revo sendmail[22219]: AUTH=server,
relay=[188.188.86.21], authid=mail.tems, mech=LOGIN, bits=0
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=opendkim,
action=mail, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=mimedefang,
action=mail, continue
Jun 7 12:37:39 revo milter-greylist: User mail.tems authenticated,
bypassing greylisting
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=greylist,
action=mail, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=opendkim,
action=rcpt, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=mimedefang,
action=rcpt, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=greylist,
action=rcpt, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219:
from=<philippe_at_tems.be>, size=351, class=0, nrcpts=1,
msgid=<4FD0846F.5050707_at_tems.be>, proto=ESMTP, daemon=Daemon2,
relay=[188.188.86.21]
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=opendkim,
action=header, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=opendkim,
action=header, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=opendkim,
action=header, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=opendkim,
action=header, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=opendkim,
action=header, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=opendkim,
action=header, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=opendkim,
action=header, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=opendkim,
action=header, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=opendkim,
action=header, continue
Jun 7 12:37:39 revo opendkim[15920]: q57AbZfh022219: external host
[188.188.86.21] attempted to send as tems.be
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=opendkim,
action=eoh, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=opendkim,
action=body, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: Milter insert (1):
header: Authentication-Results: revo.tems.be; dkim=none (no
signature);\n\tdkim-adsp=fail
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: Milter insert (1):
header: X-DKIM: OpenDKIM Filter v2.5.2 revo.tems.be q57AbZfh022219
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=mimedefang,
action=header, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=mimedefang,
action=header, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=mimedefang,
action=header, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=mimedefang,
action=header, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=mimedefang,
action=header, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=mimedefang,
action=header, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=mimedefang,
action=header, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=mimedefang,
action=header, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=mimedefang,
action=header, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=mimedefang,
action=header, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=mimedefang,
action=header, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=mimedefang,
action=eoh, continue
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: milter=mimedefang,
action=body, continue
Jun 7 12:37:39 revo mimedefang.pl[22143]: NOT-SPAM Spamassassin score:
-0.257 () AWL,BAYES_00,RATWARE_GECKO_BUILD required: 4
Jun 7 12:37:39 revo mimedefang.pl[22143]:
MDLOG,q57AbZfh022219,mail_in,,,<philippe_at_tems.be>,<philippe_at_tems.be>,test
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: Milter change
(add): header: X-Spam-Score: -0.257 () AWL,BAYES_00,RATWARE_GECKO_BUILD
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: Milter add:
header: X-Scanned-By: MIMEDefang 2.64 on 213.219.141.178
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: Milter add:
header: X-Greylist: Sender succeeded SMTP AUTH authentication, not
delayed by milter-greylist-3.0 (revo.tems.be [213.219.141.178]); Thu, 07
Jun 2012 12:37:39 +0200 (CEST)
Jun 7 12:37:39 revo sendmail[22219]: q57AbZfh022219: Milter accept: message
Jun 7 12:37:39 revo sendmail[22228]: q57AbZfh022219: to=mail.tems,
delay=00:00:00, xdelay=00:00:00, mailer=local, pri=61038, dsn=2.0.0,
stat=Sent
Jun 7 12:37:39 revo sendmail[22219]: poststats:
/var/run/sendmail/statistics: No such file or directory

===

I've never noticed the poststats error...

The greylist milter seems to identify correctly the SMTP authentication.

The users are relaying trough port 580. I'll probably turn to the
OpenDKIM MTA parameter solution...

Regards,

Philippe

On 7/06/2012 12:12, SM wrote:
> Hi Phillipe,
> At 02:40 07-06-2012, Philippe TEMESI wrote:
>> No It's not an open relay of course.
>> Users authenticate with a local sasldb. This is the most basic
>> authentication method with Sendmail... without ldap, etc.
>>
>> I wonder why OpenDKIM does not detect that.
>
> OpenDKIM looks for {auth_type} to detect SMTP authentication. It
> should catch the above. Can you post an extract of your mail log with
> LogLevel 14 set?
>
> BTW, as your users are probably relaying through port 587, you can set
> the (openDKIM) MTA parameter so that OpenDKIM can detect mail coming
> through that port and sign it.
>
> Regards,
> -sm
Received on Thu Jun 07 2012 - 10:55:38 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:40 PST