On Tue, 13 Nov 2007, Alin N?~Cstac wrote:
For some reason that escapes me, dkim-filter delivers unsigned messages
which originates from my domain. The relevant part of my configuration is:
UseSSPDeny Yes
On-SignatureMissing reject
My SSP DNS record:
_ssp._domainkey IN TXT "dkim=strict; handling=deny"
Despite all that, my MTA happily accepts any message originating from my
domain even if the message doesn't have a DKIM-Signature. All that it
does is adding a "external host unknown attempted to send as
my-domain.com" line to my mail logs.
Anyone know how fix that?
Note the OPERATIONS section of the dkim-filter(8) man page, which reads:
OPERATION
A message will be verified unless it conforms to the signing criteria,
which are: (1) the domain on the From: address or Sender: address (if
present) must be listed by the -d command line switch or the Domain
configuration file setting, and (2) the client connecting to the MTA
must (a) have authenticated, or (b) be listed in the file referenced by
the -i command line switch (or be in the default list for that option),
or (c) be connected to a daemon port named by the -m command line
switch.
Can you verify that both (1) and (2) are satisfied? It sounds to me like
(2) is not. Do you have a "-i" command line option or, equivalently, an
InternalHosts file (referenced from your configuration file) which lists
the sources whose mail should be signed?-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
dkim-milter-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
