Re: Signing problems with OpenDKIM on Ubuntu

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Sun, 21 Apr 2013 07:21:14 -0700 (PDT)

Most of the time, a message is selected to be either signed or verified,
but not both. The mode is selected based on the "Mode" value and on
either the old-school Domain/Selector/KeyFile method or the new
KeyTable/SigningTable method.

When a message is selected for verification, LogWhy only causes a "no
signature data" message to be logged if the message was not signed.

When a message is selected for signing, the following are also added by
LogWhy:

- if the ExemptDomains setting exists and the From: domain matched a name
in it, something will be logged to indicate this

- if the MTA data set is defined and there was no match in there for the
MTA name provided to the filter, something is logged

- if the Macros data set is defined and none of the macro tests were
satisfied, something is logged

- if the client IP address didn't match the InternalHosts table, something
is logged

- if the From: domain didn't match the Domain or SigningTable setting,
something is logged

- if the From: domain didn't match as a subdomain of the Domain or
SigningTable setting and subdomain signing is enabled, something is logged

All of this is meant to help you debug the very problem you're having.

What would be helpful would be to select any message that should have been
signed but wasn't and then do "fgrep <queueid> mail.log" (or equivalent)
for that message so we can see what did get logged, and then post that
here.

-MSK
Received on Sun Apr 21 2013 - 14:21:47 PST

This archive was generated by hypermail 2.3.0 : Sun Apr 21 2013 - 14:27:01 PST