Hi Ben,
Thanks to you and everyone for their help and patience with my frustration!
On Fri, 04 Jan 2008 08:41:57 -0500, you wrote:
>
>> If we are to stand a chance of defeating spammers, then we have to
>> make DKIM
>> easier to install and configure so mere mortals can install and use
>> it, and
>> encourage adoption. I'm sure many would like to see dkim-filter available
>> in rpm for various distros.
>Hey Andy,
>As an experienced sysadmin, I'm sure you're aware that the developers of
>a given software project rarely cater directly to a specific
>distribution. This software is used by many folks on many different
>platforms. There's heavy concentration on making sure that things are
>cross-platform compatible as opposed to "installable in 30 minutes on
>Fedora 7." After all, it's generally up to the folks who make the
>distribution to configure packages for their distribution, not up to the
>developers of the software itself.
Yes, my perception was a little skewed through exasperation and I've only
worked with RedHat flavours of Linux for the last decade. All the couple of
dozen machines I manage are of RH lineage. Of course, it is a subset of
Linux of a subset of a multitude of Unices, which you are all valiantly
trying to cater for!
>I agree that an RPM would be nice. All it takes is a spec file and a
>little time, and since you've already solved the majority of the
>distribution-specific problems, you might be primed and ready to
>construct an RPM that saves the next person a lot of time. You can also
>lobby the developers and maintainers of Fedora to include your package
>in the extras/contrib yum repository for distribution to others.
Yes, I would strongly lobby for this and lower the entry barrier for
'normal' administrators...
>The man page thing can be fixed by adding define(`confMANROOT',
>`/usr/share/man/man') to the site.config.m4... this will put the manuals
>in the right place on a Fedora system (unless they've moved them... I
>can't keep up with a F-release every 6 months) at the ./Build install step.
F-ing hell... :-) Updates are frequent, but rarely cause problems for me,
though there was a classic last year that hosed cron.d... so those relying
on automatic updates didn't get the fix automatically a couple of days
later... Open mouth, insert foot...
>As opposed to relying on a mailing list email from gmail to check
>verification (which is broken for any number of reasons), try sending
>email to the sa-test --at-- sendmail.net autoresponder. It will both
>verify the mail you send it, and properly sign a response that you can
>verify when it comes back. There are also other DKIM autoresponders
>available if you google around a little.
No, not relying on gmail, just noticed it didn't verify. Perhaps signed
messages should be delimited to protect against appendices, and made clear
where the authentication begins and ends?
Like the OSI 7 layer model, can't dkim not make use of wrappers and
encapsulation to preserve integrity during transmission/forwarding?
I used a couple of dkimi test addresses... my test messages did verify ok,
however my verification of the reply from [EMAIL PROTECTED] gave:
Authentication-Results: gaia.haveland.com; dkim=permerror (verification
error: signature timestamp in the future) [EMAIL PROTECTED]
My ntp source is a nuclear physics research institute, and I'm sure my time
is accurate so I think someone ought to check the machine.
>As far as the crash, it might be helpful to get versions of openssl and
>openssl-devel on your system, ensure that no stray, random versions of
>openssl headers exist. Being able to successfully compile, but not
>successfully run a piece of software can sometimes be caused by running
>against different versions of shared libraries than their headers, so
>it's a good thing to check, IMO. Output of ldd /usr/bin/dkim-filter and
>/usr/bin/dkim-filter -V might also be helpful. I don't run any x86_64,
>but I have not had stability trouble with dkim-filter on i386. I will
>let the other, more skilled programmers on the list provide additional
>suggestions, like providing gdb or strace output... which I don't know
>are helpful yet.
Thanks for the hints... I compiled again with a vanilla version, relying on
site defaults, but it still crashes predictably on some locally generated
messages.
ldd /usr/bin/dkim-filter :
linux-vdso.so.1 => (0x00007fffb5dfd000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003160c00000)
libdl.so.2 => /lib64/libdl.so.2 (0x000000315f400000)
libssl.so.6 => /lib64/libssl.so.6 (0x000000362e200000)
libcrypto.so.6 => /lib64/libcrypto.so.6 (0x000000362de00000)
libc.so.6 => /lib64/libc.so.6 (0x000000315ec00000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003164c00000)
/lib64/ld-linux-x86-64.so.2 (0x000000315e800000)
libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x0000003bb5200000)
libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x0000003bb4e00000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x0000003b08e00000)
libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x0000003bb5a00000)
libz.so.1 => /lib64/libz.so.1 (0x0000003160400000)
libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x0000003bb4a00000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x000000316aa00000)
dkim-filter: Sendmail DKIM Filter v2.4.1
Compiled with OpenSSL 0.9.8b 04 May 2006
Supported signing algorithms:
rsa-sha1
rsa-sha256
Supported canonicalization algorithms:
relaxed
simple
previous version:
dkim-filter -V
dkim-filter: Sendmail DKIM Filter v2.4.1
Compiled with OpenSSL 0.9.8b 04 May 2006
Supported signing algorithms:
rsa-sha1
rsa-sha256
Supported canonicalization algorithms:
relaxed
simple
Active code options:
_FFR_CAPTURE_UNKNOWN_ERRORS
I will try and get it to do a core dump and get a trace.
Thanks again,
Andy.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
dkim-milter-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
