Re: Signing problems with OpenDKIM on Ubuntu from Jim Fenton on 2013-04-21 (OpenDKIM Users mailing list)

From: Jim Fenton <fenton_at_bluepopcorn.net>
Date: Sun, 21 Apr 2013 11:14:41 -0700

On 04/21/2013 07:21 AM, Murray S. Kucherawy wrote:
>
> What would be helpful would be to select any message that should have
> been signed but wasn't and then do "fgrep <queueid> mail.log" (or
> equivalent) for that message so we can see what did get logged, and
> then post that here.

Hi Murray,

Here's everything from the mail log at the time of the message
submission/relay:

Apr 21 11:02:48 kernel sm-mta[27061]: STARTTLS=server, relay=localhost
[127.0.0.1], version=TLSv1/SSLv3, verify=NO,
cipher=DHE-RSA-CAMELLIA256-SHA, bits=256/256
Apr 21 11:02:48 kernel sm-mta[27061]: AUTH=server, relay=localhost
[127.0.0.1], authid=fenton, mech=CRAM-MD5, bits=0
Apr 21 11:02:48 kernel sm-mta[27061]: r3LI2l4K027061:
from=<fenton_at_bluepopcorn.net>, size=422, class=0, nrcpts=1,
msgid=<517429C7.7020400_at_bluepopcorn.net>, proto=ESMTP, daemon=MSP-v6,
relay=localhost [127.0.0.1]
Apr 21 11:02:48 kernel dovecot: imap(fenton): Disconnected: Disconnected
in IDLE in=975 out=143400
Apr 21 11:02:49 kernel sm-mta[27064]: r3LI2l4K027061:
to=<fenton_at_oneid.com>, ctladdr=<fenton_at_bluepopcorn.net> (1000/1000),
delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=120422,
relay=mx1.emailsrvr.com. [173.203.2.36], dsn=2.0.0, stat=Sent (Ok:
queued as DF/D3-25440-6A924715)

Nothing at all from the opendkim daemon. And I do see messages from
opendkim when I intentionally misconfigure something, as well as
messages from sm-mta when a header field is added.

And here's the current opendkim.conf:

# debugging stuff: log a lot, and try to sign everything
LogWhy yes
InternalHosts 127.0.0.0/8,10.0.0.0/8,68.164.244.152/29
AlwaysAddARHeader yes
# This is a basic configuration that can easily be adapted to suit a
standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.

# Log to syslog
Syslog yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask 002

Domain bluepopcorn.net
KeyFile /etc/mail/dkim/buttered.key.pem
Selector buttered

MTA MSP-v6,MSP-v4

# Commonly-used options; the commented-out versions show the defaults.
Canonicalization relaxed
Mode sv
#SubDomains no
#ADSPDiscard no

# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier. From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders From

# List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures
# (ATPS) (experimental)

#ATPSDomains example.com

#Accept messages regardless
On-Default accept

===
I'm still struggling to figure out what is unique in my configuration.
Aside from IPv6 (which a lot of others use), I can't think of anything
out of the ordinary.

-Jim
Received on Sun Apr 21 2013 - 18:14:36 PST

This archive was generated by hypermail 2.3.0 : Sun Apr 21 2013 - 18:18:01 PST