Hi, SM wrote: > At 15:07 16-12-2009, Rolf E. Sonneveld wrote: > >> Today I discovered that dkim-milter rejected messages, while I have (as >> far as I know) no configuration settings that would explain this rejection. >> >> AFAICS there are three settings in dkim-filter.conf that could make a >> message be rejected: >> >> ADSPDiscard >> ADSPNoSuchDomain >> RequiredHeaders >> >> Default for all of them is 'no' which means: do not reject. In my >> configuration I did not explicitely define them, so they should not be >> responsible for the reject action (correct?). >> >> The two most recent log entries on system 1 are: >> >> Dec 16 23:11:09 lynx postfix/cleanup[21219]: A600B70395: milter-reject: >> END-OF-MESSAGE from russian-caravan.cloud9.net[168.100.1.4]: 4.7.1 >> Service unavailable - try again later; >> from=<owner-postfix-us...@postfix.org> to=<first.l...@sonnection.nl> >> proto=ESMTP helo=<russian-caravan.cloud9.net> >> Dec 16 23:27:24 lynx postfix/cleanup[21347]: 3224870395: milter-reject: >> END-OF-MESSAGE from 128-220.colo.introweb.nl[84.241.128.220]: 4.7.1 >> Service unavailable - try again later; from=<addison...@ms29.hinet.net> >> to=<first.l...@sonnection.nl> proto=ESMTP helo=<lisa.crolox.nl> >> >> The most recent log entries on system 2 are: >> >> 16-Dec-2009 23:08:44.88 tcp_internet JE 0 >> 31:owner-postfix-us...@postfix.org 7:rfc822; 0: 0: 3:msg >> 52:russian-caravan.cloud9.net ([unknown] [168.100.1.4]) 33:451 4.3.2 >> Milter rejected message >> 16-Dec-2009 23:25:01.10 tcp_internet JE 0 >> 25:addison...@ms29.hinet.net 7:rfc822; 0: 0: 3:msg 43:lisa.crolox.nl >> ([unknown] [84.241.128.220]) 33:451 4.3.2 Milter rejected message >> > > The 451 code denotes a temporary failure when the message was DKIM > verified. Add: > > Syslog Yes > > in your dkim-milter configuration file. The maillog will show what > caused the error. >
In addition to the information I sent in my previous message, I captured some debug information of the communication between MTA and dkim-filter: 11:04:41.71: Initializing Milter message context 11:04:41.71: Creating socket to connect to milter server 11:04:41.71: pmt_getconnected(): calling getaddrinfo("<systemname>", "<portnumber>", ...) 11:04:41.71: pmt_getconnected(): lookup hints: ai_family=AF_INET (2); ai_flags=0x20 (32); ai_socktype=SOCK_STREAM (1) 11:04:41.71: pmt_getconnected(): A record: <IP number> 11:04:41.71: pmt_getconnected(): getaddrinfo() returned 1 host records (1 A records; 0 AAAA records) 11:04:41.71: pmt_getconnected(): attempting connect(9,...); family=AF_INET; addr=<IP number>; port=<portnumber> 11:04:41.71: pmt_getconnected(): connection to "<systemname>" established; IP address <IP number>; TCP port <portnumber> 11:04:41.71: Sending Milter server the OPTNEG command length 13 11:04:41.71: OPTNEG actions response = 49: 11:04:41.71: Add headers (SMFIR_ADDHEADER) 11:04:41.71: Change or delete headers (SMFIR_CHGHEADER) 11:04:41.71: Quarantine message (SMFIR_QUARANTINE) 11:04:41.71: OPTNEG protocol response = 2: 11:04:41.71: Skip HELO 11:04:41.71: Sending Milter server the MACRO command length 52 11:04:41.71: Sending Milter server the CONNECT command length 36 11:04:41.75: Received milter response 'c' 11:04:41.75: Processing continues... 11:04:41.75: Skipping milter HELO 11:04:41.75: Sending Milter server the MACRO command length 116 11:04:41.75: Sending Milter server the MAIL command length 29 11:04:41.79: Received milter response 'c' 11:04:41.79: Processing continues... 11:05:02.19: Milter recipient: matthijs.sonnev...@sonnection.nl 11:05:02.19: Optin value: spam 11:05:02.19: Sending Milter server the MACRO command length 115 11:05:02.19: Sending Milter server the RCPT command length 36 11:05:02.23: Received milter response 'c' 11:05:02.23: Processing continues... 11:05:02.23: Milter end to list, start header 11:05:02.26: Sending Milter server the HEADER command length 131 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 140 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 47 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 178 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 186 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 77 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 111 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 109 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 33 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 65 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 78 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 177 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 162 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 19 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 110 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 63 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 65 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 38 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 64 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 25 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 44 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 18 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the HEADER command length 21 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Milter plugin end header called 11:05:02.26: Sending Milter server the HEADER command length 11 11:05:02.26: Received milter response 'c' 11:05:02.26: Processing continues... 11:05:02.26: Sending Milter server the EOH command length 1 11:05:04.45: Received milter response 'c' 11:05:04.45: Processing continues... 11:05:04.45: Milter plugin end body called 11:05:04.45: Sending Milter server the BODY command length 295 11:05:04.45: Received milter response 'c' 11:05:04.45: Processing continues... 11:05:04.45: Sending Milter server the BODYEOB command length 1 11:05:04.45: Milter plugin end message called 11:05:05.11: Received milter response 'i' 11:05:05.11: Insert header Authentication-Results index 1: mx1.sonnection.nl; dkim=neutral header...@nmvf.us; x-dkim-adsp=none 11:05:05.15: Received milter response 't' 11:05:05.15: Temporary reject with no further processing 11:05:05.15: Closing connection after failure action 11:05:05.15: Sending Milter server the QUIT command length 1 11:05:05.15: Pending failure type -101014 on 1 recipients, 1 recipients total 11:05:05.15: Freeing Milter message context I replaced some 'sensitive' information with <systemname> and <IP address etc.>. Seems dkim-filter responds with a 't' in this situation; I would expect that if a domain does not exist (nmvf.us does not exist, so a _domainkey subdomain cannot exist either), dkim-filter would not return a Tempfail status? I would expect an 'Accept'. /rolf ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ dkim-milter-discuss mailing list dkim-milter-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss