Re: Signing problems with OpenDKIM on Ubuntu from Jim Fenton on 2013-04-22 (OpenDKIM Users mailing list)

From: Jim Fenton <fenton_at_bluepopcorn.net>
Date: Mon, 22 Apr 2013 21:53:32 -0700

On 04/22/2013 11:28 AM, Murray S. Kucherawy wrote:
> On Mon, 22 Apr 2013, Jim Fenton wrote:
>> Good thought, I don't see anything in syslog configs to limit logging
>> that way. And some of these messages are from LogWhy, right?
>>
>> Apr 21 07:50:56 kernel opendkim[23151]: r3LEosIT026155: no MTA name
>> match (host=kernel.bluepopcorn.net, MTA=MTA-v6)
>> Apr 21 07:50:56 kernel opendkim[23151]: r3LEosIT026155:
>> medusa.blackops.org [208.69.40.157] not internal
>> Apr 21 07:50:56 kernel opendkim[23151]: r3LEosIT026155: not
>> authenticated
>> Apr 21 07:50:56 kernel opendkim[23151]: r3LEosIT026155: no signing
>> domain match for 'blackops.org'
>> Apr 21 07:50:56 kernel opendkim[23151]: r3LEosIT026155: no signing
>> subdomain match for 'blackops.org'
>
> This is the LogWhy stuff we're looking for. Was it not added for your
> other message? When LogWhy is enabled it should be there for all
> messages regardless of mode, because it's explaining the logic it's
> using to make the sign vs. verify decision before it makes its
> conclusion.

That's right; it's not being added. Just for fun, I tried changing my
mail client back to port localhost:25 and here's what happened:

Apr 22 21:41:48 kernel sm-mta[4911]: r3N4fmbd004911:
from=<fenton_at_bluepopcorn.net>, size=399, class=0, nrcpts=1,
msgid=<5176110C.7090209_at_bluepopcorn.net>, proto=ESMTP, daemon=MTA-v6,
relay=localhost [127.0.0.1]
Apr 22 21:41:48 kernel opendkim[27009]: r3N4fmbd004911: no MTA name
match (host=kernel.bluepopcorn.net, MTA=MTA-v6)
Apr 22 21:41:49 kernel dovecot: imap(fenton): Disconnected: Disconnected
in IDLE in=919 out=140579
Apr 22 21:41:49 kernel sm-mta[4913]: r3N4fmbd004911:
to=<fenton_at_oneid.com>, ctladdr=<fenton_at_bluepopcorn.net> (1000/1000),
delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=120399,
relay=mx1.emailsrvr.com. [173.203.2.36], dsn=2.0.0, stat=Sent (Ok:
queued as AA/8C-03395-7D016715)

So it correctly logged that MTA-v6 isn't one of the configured mailer
ports (rule 2c) but didn't say anything about the address 127.0.0.1
being permitted (rule 2b).

-Jim
Received on Tue Apr 23 2013 - 04:53:07 PST

This archive was generated by hypermail 2.3.0 : Tue Apr 23 2013 - 05:00:01 PST