Re: opendkim/postfix: no signature for emails submitted through port 25 from patrick.proniewski_at_free.fr on 2013-03-17 (OpenDKIM Users mailing list)

From: <patrick.proniewski_at_free.fr>
Date: Mon, 18 Mar 2013 07:03:13 +0100

On 18 mars 2013, at 00:30, Todd Lyons wrote:

> On Sun, Mar 17, 2013 at 7:20 AM, <patrick.proniewski_at_free.fr> wrote:
>> - opendkim won't sign emails I send from my workstation to my server via an ssh tunnel (or if i use telnet port 25 to send an email from localhost)
>> -------------------------------------------------------
>> transcript for a mail submitted via ssh tunnel (or telnet on localhost):
>>
>> rack postfix/smtpd[57044]: connect from localhost[127.0.0.1]
>> rack milter-greylist: (unknown id): Sender IP 127.0.0.1 and address <patpro_at_mydomain.tld> are SPF-compliant, bypassing greylist
>
> You have LogWhy set to yes in your opendkim.conf. If opendkim was
> seeing the message, there would be a line there that says why it
> decided not to sign it. Since there is no line from opendkim, we can
> only conclude that postfix is not actually submitting it to opendkim
> when you submit the messages from the ssh tunnel or from the
> commandline.
>
> I don't know enough about postfix configuration to know if the milter
> _should_ be getting called from your configuration.

As you can see, the milter-greylist is successfully called. So I there are no reason for opendkim not to be called too. And I've checked with tcpdump: opendkim is also triggered. Would it be possible that it won't get every piece of info it needs to work properly (ie. something linked to MACRO definitions) ?

-----------------------------------------------------------------
For now, I have this configuration on postfix side:

# postconf | grep milter
milter_command_timeout = 30s
milter_connect_macros = j
milter_connect_timeout = 30s
milter_content_timeout = 300s
milter_data_macros = i
milter_default_action = accept
milter_end_of_data_macros = i
milter_end_of_header_macros = i
milter_header_checks =
milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
milter_macro_daemon_name = $myhostname
milter_macro_v = $mail_name $mail_version
milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}
milter_protocol = 6
milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer}
milter_unknown_command_macros =
non_smtpd_milters = inet:127.0.0.1:8891
smtpd_milters = unix:/var/milter-greylist/milter-greylist.sock inet:127.0.0.1:8891

-----------------------------------------------------------------
tcpdump output for submission via ssh tunnel:

# tcpdump -A -s0 -i lo0 src or dst port 8891
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo0, link-type NULL (BSD loopback), capture size 65535 bytes

06:46:27.558074 IP localhost.15462 > localhost.8891: Flags [P.], ack 492897053, win 8960, options [nop,nop,TS val 1204475614 ecr 3867348518], length 15
E..C.[_at_.@...........<f".u.-..a....#..@.....
G......&....A....A....Q
06:46:27.558090 IP localhost.15462 > localhost.8891: Flags [F.], seq 15, ack 1, win 8960, options [nop,nop,TS val 1204475614 ecr 3867348518], length 0
E..4.\_at_.@...........<f".u.-..a....#........
G......&
06:46:27.558117 IP localhost.8891 > localhost.15462: Flags [.], ack 16, win 8958, options [nop,nop,TS val 3867351521 ecr 1204475614], length 0
E..4.]_at_.@...........".<f.a..u.-..."........
....G...
06:46:27.558154 IP localhost.8891 > localhost.15462: Flags [F.], seq 1, ack 16, win 8960, options [nop,nop,TS val 3867351521 ecr 1204475614], length 0
E..4.__at_.@...........".<f.a..u.-...#........
....G...
06:46:27.558173 IP localhost.15462 > localhost.8891: Flags [.], ack 2, win 8959, options [nop,nop,TS val 1204475614 ecr 3867351521], length 0
E..4.`_at_.@...........<f".u.-..a...."........
G.......
06:46:29.032928 IP localhost.30298 > localhost.8891: Flags [P.], ack 914253463, win 8960, options [nop,nop,TS val 1204477089 ecr 145629209], length 120
E....i_at_.@...........vZ".
...6~f...#........
G..... .....DT....A...PDM{mail_addr}.patpro_at_mydomain.tld.{mail_host}.rack.mydomain.tld.{mail_mailer}.local.....M<patpro_at_mydomain.tld>.
06:46:29.032985 IP localhost.8891 > localhost.30298: Flags [P.], ack 120, win 8960, options [nop,nop,TS val 145681313 ecr 1204477089], length 5
E..9.j_at_.@...........".vZ6~f.
..4..#..~.....
....G.......c
06:46:29.063048 IP localhost.30298 > localhost.8891: Flags [P.], ack 6, win 8960, options [nop,nop,TS val 1204477119 ecr 145681313], length 105
E....n_at_.@...........vZ".
..46~f...#........
G..........NDR{rcpt_addr}.root_at_mydomain.tld.{rcpt_host}.rack.mydomain.tld.{rcpt_mailer}.local.....R<root_at_mydomain.tld>.
06:46:29.063081 IP localhost.8891 > localhost.30298: Flags [P.], ack 225, win 8960, options [nop,nop,TS val 145681343 ecr 1204477119], length 5
E..9.o_at_.@...........".vZ6~f.
.....#.
......
....G.......c
06:46:29.162903 IP localhost.30298 > localhost.8891: Flags [.], ack 11, win 8960, options [nop,nop,TS val 1204477219 ecr 145681343], length 0
E..4.._at_.@...........vZ".
...6~f...#.my.....
G..#....

-----------------------------------------------------------------
tcpdump output for submission via webmail frontend:

# tcpdump -A -s0 -i lo0 src or dst port 8891
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo0, link-type NULL (BSD loopback), capture size 65535 bytes

06:52:14.337333 IP localhost.58590 > localhost.8891: Flags [S], seq 1566991691, win 65535, options [mss 16344,nop,wscale 3,sackOK,TS val 1204822391 ecr 0], length 0
E..<.._at_.@.............".]feK.........J....?........
G.!w....
06:52:14.337355 IP localhost.8891 > localhost.58590: Flags [S.], seq 3054875381, ack 1566991692, win 65535, options [mss 16344,nop,wscale 3,sackOK,TS val 2809858961 ecr 1204822391], length 0
E..<.._at_.@...........".......]feL.....!....?........
.{..G.!w
06:52:14.337368 IP localhost.58590 > localhost.8891: Flags [.], ack 1, win 8960, options [nop,nop,TS val 1204822391 ecr 2809858961], length 0
E..4.._at_.@.............".]feL......#........
G.!w.{..
06:52:14.337426 IP localhost.58590 > localhost.8891: Flags [P.], ack 1, win 8960, options [nop,nop,TS val 1204822391 ecr 2809858961], length 17
E..E.._at_.@.............".]feL......#........
O............
06:52:14.337487 IP localhost.8891 > localhost.58590: Flags [P.], ack 18, win 8960, options [nop,nop,TS val 2809858961 ecr 1204822391], length 17
E..E.._at_.@...........".......]fe]..#........
O............
06:52:14.337512 IP localhost.58590 > localhost.8891: Flags [P.], ack 18, win 8960, options [nop,nop,TS val 1204822391 ecr 2809858961], length 52
E..h.._at_.@.............".]fe]......#.Ew.....
G.!w.{......DCj.rack.mydomain.tld.....Clocalhost.4..127.0.0.1.
06:52:14.337542 IP localhost.8891 > localhost.58590: Flags [P.], ack 70, win 8960, options [nop,nop,TS val 2809858961 ecr 1204822391], length 5
E..9.._at_.@...........".......]fe...#........
.{..G.!w....c
06:52:14.337572 IP localhost.58590 > localhost.8891: Flags [P.], ack 23, win 8960, options [nop,nop,TS val 1204822391 ecr 2809858961], length 79
E....._at_.@.............".]fe.......#..|.....
G.!w.{......DH....DMi.5146C1CC04A.{mail_addr}.patpro_at_mydomain.tld.....Mpatpr.tld.
06:52:14.337603 IP localhost.8891 > localhost.58590: Flags [P.], ack 149, win 8960, options [nop,nop,TS val 2809858961 ecr 1204822391], length 5
E..9.._at_.@...........".......]fe...#..U.....
.{..G.!w....c
06:52:14.338097 IP localhost.58590 > localhost.8891: Flags [P.], ack 28, win 8960, options [nop,nop,TS val 1204822391 ecr 2809858961], length 69
E..y.._at_.@.............".]fe.......#..B.....
G.!w.{.....,DRi.5146C1CC04A.{rcpt_addr}.root_at_mydomain.tld.....Rroot_at_mydom.tld.
06:52:14.338129 IP localhost.8891 > localhost.58590: Flags [P.], ack 218, win 8960, options [nop,nop,TS val 2809858962 ecr 1204822391], length 5
E..9.._at_.@...........".......]ff%..#..
.....
.{..G.!w....c
06:52:14.338180 IP localhost.58590 > localhost.8891: Flags [P.], ack 33, win 8960, options [nop,nop,TS val 1204822392 ecr 2809858962], length 67
E..w.._at_.@.............".]ff%......#..0.....
G.!x.{......DTi.5146C1CC04A.....DLi.5146C1CC04A.....LTo. <root_at_mydomain.tld>.
06:52:14.338212 IP localhost.8891 > localhost.58590: Flags [P.], ack 285, win 8960, options [nop,nop,TS val 2809858962 ecr 1204822392], length 5
E..9.._at_.@...........".......]ffh..#........
.{..G.!x....c
06:52:14.338232 IP localhost.58590 > localhost.8891: Flags [P.], ack 38, win 8960, options [nop,nop,TS val 1204822392 ecr 2809858962], length 57
E..m.._at_.@.............".]ffh......#.sx.....
G.!x.{......DLi.5146C1CC04A....!LSubject. Fwd: News du plat pays.
06:52:14.338256 IP localhost.8891 > localhost.58590: Flags [P.], ack 342, win 8960, options [nop,nop,TS val 2809858962 ecr 1204822392], length 5
E..9.._at_.@...........".......]ff...#........
.{..G.!x....c
06:52:14.338276 IP localhost.58590 > localhost.8891: Flags [P.], ack 43, win 8960, options [nop,nop,TS val 1204822392 ecr 2809858962], length 84
E....._at_.@.............".]ff.... ..#.E......
G.!x.{......DLi.5146C1CC04A....<LX-PHP-Script. mail.mydomain.tld/index.php for 82.230.x.y.
06:52:14.338300 IP localhost.8891 > localhost.58590: Flags [P.], ack 426, win 8960, options [nop,nop,TS val 2809858962 ecr 1204822392], length 5
E..9.._at_.@..........."...... ]ff...#..*.....
.{..G.!x....c
06:52:14.338320 IP localhost.58590 > localhost.8891: Flags [P.], ack 48, win 8960, options [nop,nop,TS val 1204822392 ecr 2809858962], length 62
E..r.._at_.@.............".]ff....%..#.v3.....
G.!x.{......DLi.5146C1CC04A....&LX-PHP-Originating-Script. 0:main.inc.
06:52:14.338342 IP localhost.8891 > localhost.58590: Flags [P.], ack 488, win 8960, options [nop,nop,TS val 2809858962 ecr 1204822392], length 5
E..9.._at_.@..........."......%]fg3..#........
.{..G.!x....c
06:52:14.338367 IP localhost.58590 > localhost.8891: Flags [P.], ack 53, win 8960, options [nop,nop,TS val 1204822392 ecr 2809858962], length 201
E....._at_.@.............".]fg3...*..#..!.....
G.!x.{......DLi.5146C1CC04A.....LReceived. from ...CUT...=
(...CUT...)
by mail.mydomain.tld
with HTTP (HTTP/1.1 POST); Mon, 18 Mar 2013 06:52:14 +0100.
06:52:14.338392 IP localhost.8891 > localhost.58590: Flags [P.], ack 689, win 8960, options [nop,nop,TS val 2809858962 ecr 1204822392], length 5
E..9.._at_.@..........."......*]fg...#........
.{..G.!x....c
06:52:14.338412 IP localhost.58590 > localhost.8891: Flags [P.], ack 58, win 8960, options [nop,nop,TS val 1204822392 ecr 2809858962], length 43
E.._.._at_.@.............".]fg..../..#.*......
G.!x.{......DLi.5146C1CC04A.....LMIME-Version. 1.0.
06:52:14.338440 IP localhost.8891 > localhost.58590: Flags [P.], ack 732, win 8960, options [nop,nop,TS val 2809858962 ecr 1204822392], length 5
E..9.._at_.@..........."....../]fh'..#........
.{..G.!x....c
06:52:14.338466 IP localhost.58590 > localhost.8891: Flags [P.], ack 63, win 8960, options [nop,nop,TS val 1204822392 ecr 2809858962], length 81
E....._at_.@.............".]fh'...4..#..,.....
G.!x.{......DLi.5146C1CC04A....9LContent-Type. text/plain; charset=UTF-8;
format=flowed.
06:52:14.338491 IP localhost.8891 > localhost.58590: Flags [P.], ack 813, win 8960, options [nop,nop,TS val 2809858962 ecr 1204822392], length 5
E..9.._at_.@..........."......4]fhx..#........
.{..G.!x....c
06:52:14.338525 IP localhost.58590 > localhost.8891: Flags [P.], ack 68, win 8960, options [nop,nop,TS val 1204822392 ecr 2809858962], length 57
E..m.._at_.@.............".]fhx...9..#.P......
G.!x.{......DLi.5146C1CC04A....!LContent-Transfer-Encoding. 8bit.
06:52:14.338548 IP localhost.8891 > localhost.58590: Flags [P.], ack 870, win 8960, options [nop,nop,TS val 2809858962 ecr 1204822392], length 5
E..9.._at_.@..........."......9]fh...#..U.....
.{..G.!x....c
06:52:14.338570 IP localhost.58590 > localhost.8891: Flags [P.], ack 73, win 8960, options [nop,nop,TS val 1204822392 ecr 2809858962], length 63
......_at_.@.............".]fh....>..#..
G.!x.{......DLi.5146C1CC04A....'LDate. Mon, 18 Mar 2013 06:52:14 +0100.
06:52:14.338593 IP localhost.8891 > localhost.58590: Flags [P.], ack 933, win 8960, options [nop,nop,TS val 2809858962 ecr 1204822392], length 5
E..9.._at_.@..........."......>]fh...#........
.{..G.!x....c
06:52:14.338612 IP localhost.58590 > localhost.8891: Flags [P.], ack 78, win 8960, options [nop,nop,TS val 1204822392 ecr 2809858962], length 58
E..n.._at_.@.............".]fh....C..#..`.....
G.!x.{......DLi.5146C1CC04A...."LFrom. patpro <patpro_at_mydomain.tld>.
06:52:14.338635 IP localhost.8891 > localhost.58590: Flags [P.], ack 991, win 8960, options [nop,nop,TS val 2809858962 ecr 1204822392], length 5
E..9.._at_.@..........."......C]fi*..#........
.{..G.!x....c
06:52:14.338655 IP localhost.58590 > localhost.8891: Flags [P.], ack 83, win 8960, options [nop,nop,TS val 1204822392 ecr 2809858962], length 88
E....._at_.@.............".]fi*...H..#.\^.....
G.!x.{......DLi.5146C1CC04A...._at_LMessage-ID. <347af6351367745a852ae589a585fdae_at_mail.mydomain.tld>.
06:52:14.338678 IP localhost.8891 > localhost.58590: Flags [P.], ack 1079, win 8960, options [nop,nop,TS val 2809858962 ecr 1204822392], length 5
E..9.._at_.@..........."......H]fi...#..u.....
.{..G.!x....c
06:52:14.338697 IP localhost.58590 > localhost.8891: Flags [P.], ack 88, win 8960, options [nop,nop,TS val 1204822392 ecr 2809858962], length 53
E..i.._at_.@.............".]fi....M..#..|.....
G.!x.{......DLi.5146C1CC04A.....LX-Sender. patpro_at_mydomain.tld.
06:52:14.338720 IP localhost.8891 > localhost.58590: Flags [P.], ack 1132, win 8960, options [nop,nop,TS val 2809858962 ecr 1204822392], length 5
E..9.._at_.@..........."......M]fi...#..;.....
.{..G.!x....c
06:52:14.338742 IP localhost.58590 > localhost.8891: Flags [P.], ack 93, win 8960, options [nop,nop,TS val 1204822392 ecr 2809858962], length 61
E..q.._at_.@.............".]fi....R..#........
G.!x.{......DLi.5146C1CC04A....%LUser-Agent. Roundcube Webmail/0.8.5.
06:52:14.338767 IP localhost.8891 > localhost.58590: Flags [P.], ack 1193, win 8960, options [nop,nop,TS val 2809858962 ecr 1204822392], length 5
E..9.._at_.@..........."......R]fi...#........
.{..G.!x....c
06:52:14.338786 IP localhost.58590 > localhost.8891: Flags [P.], ack 98, win 8960, options [nop,nop,TS val 1204822392 ecr 2809858962], length 25
E..M.._at_.@.............".]fi....W..#..q.....
G.!x.{......DNi.5146C1CC04A.....N
06:52:14.339958 IP localhost.8891 > localhost.58590: Flags [P.], ack 1218, win 8960, options [nop,nop,TS val 2809858963 ecr 1204822392], length 5
..#................."......W]fj
.{..G.!x....c
06:52:14.339987 IP localhost.58590 > localhost.8891: Flags [P.], ack 103, win 8960, options [nop,nop,TS val 1204822393 ecr 2809858963], length 780
...\..#...............".]fj
G.!y.{......DBi.5146C1CC04A.....B

-------- Original Message --------
...cut...

06:52:14.340035 IP localhost.8891 > localhost.58590: Flags [P.], ack 1998, win 8960, options [nop,nop,TS val 2809858963 ecr 1204822393], length 5
E..9.._at_.@..........."......\]fm...#........
.{..G.!y....c
06:52:14.340054 IP localhost.58590 > localhost.8891: Flags [P.], ack 108, win 8960, options [nop,nop,TS val 1204822393 ecr 2809858963], length 25
E..M.._at_.@.............".]fm....a..#..I.....
G.!y.{......DEi.5146C1CC04A.....E
06:52:14.341268 IP localhost.8891 > localhost.58590: Flags [P.], ack 2023, win 8960, options [nop,nop,TS val 2809858965 ecr 1204822393], length 357
E....._at_.@..........."......a]fm2..#.0/.....
.{..G.!y...ai....DKIM-Signature. v=1; a=rsa-sha256; c=relaxed/simple; d=mydomain.tld; s=patpro;
        t=1363585934; bh=...CUT...=;
        h=To:Subject:Date:From;
        b=...CUT...=.
06:52:14.441110 IP localhost.58590 > localhost.8891: Flags [.], ack 465, win 8960, options [nop,nop,TS val 1204822495 ecr 2809858965], length 0
E..4.._at_.@.............".]fm2......#........
G.!..{..
06:52:14.441124 IP localhost.8891 > localhost.58590: Flags [P.], ack 2023, win 8960, options [nop,nop,TS val 2809859065 ecr 1204822495], length 5
E..9.._at_.@...........".......]fm2..#..y.....
.{..G.!.....a
06:52:14.486417 IP localhost.58590 > localhost.8891: Flags [P.], ack 470, win 8960, options [nop,nop,TS val 1204822540 ecr 2809859065], length 5
E..9.._at_.@.............".]fm2......#..G.....
G."..{......Q
06:52:14.486440 IP localhost.58590 > localhost.8891: Flags [F.], seq 2028, ack 470, win 8960, options [nop,nop,TS val 1204822540 ecr 2809859065], length 0
E..4.._at_.@.............".]fm7......#..O.....
G."..{..
06:52:14.486469 IP localhost.8891 > localhost.58590: Flags [.], ack 2029, win 8960, options [nop,nop,TS val 2809859110 ecr 1204822540], length 0
E..4.._at_.@...........".......]fm8..#..".....
.{.&G.".
06:52:14.486560 IP localhost.8891 > localhost.58590: Flags [F.], seq 470, ack 2029, win 8960, options [nop,nop,TS val 2809859110 ecr 1204822540], length 0
E..4.._at_.@...........".......]fm8..#..!.....
.{.&G.".
06:52:14.486575 IP localhost.58590 > localhost.8891: Flags [.], ack 471, win 8959, options [nop,nop,TS val 1204822540 ecr 2809859110], length 0
E..4.._at_.@.............".]fm8......"..".....
G."..{.&
Received on Mon Mar 18 2013 - 06:03:32 PST

This archive was generated by hypermail 2.3.0 : Mon Mar 18 2013 - 06:09:01 PST