On Thu, 15 Oct 2015, Loudermilk, Stephen wrote:
> If messages are submitted directly on the sendmail host, it seems to be fine
> and this is what we see logged:
>
> Oct 15 10:46:21 sendmail[4135]: t9FEkL2A004135: milter=opendkim,
> action=header, continue
> Oct 15 10:46:21 sendmail[4135]: t9FEkL2A004135: milter=opendkim, action=eoh,
> continue
> Oct 15 10:46:21 sendmail[4135]: t9FEkL2A004135: milter=opendkim,
> action=body, continue
> Oct 15 10:46:21 sendmail[4135]: t9FEkL2A004135: Milter insert (1): header:
> DKIM-Signature: v=1; a=rsa-sha256; c=relax
> ed/simple;\n\td=domain.com; s=ourselector;t=1444920381;\n\tbh=cSAyCJ9bvgBnxKQGW0S45Uk6zPQuGiGTWJbIEt8eYPM=;\n\th=Date
> :From
> :To:Subject;\n\tb=vuJhf0g0mR1Aijrc0hF444LebWi1kt1zJxYOlkJAp03RKRKc7AIQGH7XX
> WDYWSt1M\n\t EUfWwkaA/Q3GeolFZMqO82MSbHaHVUVG0EqzPwaXaQde
> jhoIxMmeRQAxra1cW01bEF\n\t gFkKCZfUneRcrZZMWYIPc8JDJTqCfi6wd092PqfI=
> Oct 15 10:46:21 sendmail[4135]: t9FEkL2A004135: Milter accept: message
>
> We?ve tried listing the originating servers in the opendkim ?TrustedHosts? file.
> No change. Any help is greatly appreciated.
The opendkim(8) explains how the signing/verifying decision is made. A
web page version is available here:
http://www.opendkim.org/opendkim.8.html#OPERATION
The likely case is that your Windows machines are not identified as
machines whose mail should be signed. The default is to sign only mail
injected by localhost, since we're reasonably sure that's safe; it's
impossible to assume any other safe default because we can't guess what
your version of "internal host" means.
You probably want to provide a list of safe IP address blocks, or a domain
name, to InternalHosts.
-MSK
Received on Thu Oct 15 2015 - 19:36:05 PST