Jukka Salmi --> dkim-milter-discuss (2007-12-16 16:27:26 +0100):
> Mark Martinec --> dkim-milter-discuss (2007-12-16 02:54:20 +0100):
[...]
> > I'm not so sure. Until you capture and analyze a failing milter
> > session you won't know whether the problem report should be
> > directed to postfix or to dkim-milter, or maybe even to the
> > OS or its sockets layer.
> >
> > > I'm using unix domain sockets - AFAIK it's not possible to
> > > capture a session in this case, is it?
> >
> > I don't think that is possible. This is why I'd suggest you
> > switch to inet socket on a loopback interface. All you need
> > to do is to change the socket specification on a MTA side
> > and on a command line to a dkim-filter. Something like
> > -p inet:[EMAIL PROTECTED] on a dkim-filter, and a
> > smtpd_milters=inet:127.0.0.1:4444 on the Postfix side.
> > This also does away with a tricks you need to play with
> > Unix socket ownership and protection to make it work.
>
> Ok, as soon as I manage to reproduce the problem I'll switch to an
> inet socket, capture the session and report results here. Thanks for
> your help so far!
I didn't manage to reproduce the problem deliberately, but since it
usually occurs every few days I switched to inet sockets anyway and
had tcpdump write the whole milter communication to a file. Yesterday
the problem reoccurred, but I guess I need some help interpreting the
results...
This is still with dkim-milter 2.4.0 and Postfix 2.4.5 on NetBSD/i386
3.1, BTW.
So far the problem always happens more or less like this:
- a remote MTA connects to my local MTA (mx1)
- another remote MTA connects to mx1
- a third remote MTA connects to mx1
- the message from the third MTA is rejected, dkim-milter logs
"X-DKIM" header add failed
and the MTA logs
can't read SMFIC_BODYEOB reply packet header:
Undefined error: 0
- the messages from first and second MTA are rejected, the MTA logs
can't read SMFIC_BODYEOB reply packet header:
Operation timed out
- the remote systems either deliver the message to my backup MTA (mx2)
which forwards it to mx1, or they try again some time later to mx1
which succeeds this time
A complete MTA [1]log is available (I garbled some email adresses...),
as is a tcpdump [2]record of about the same period and some [3]notes
listing the MTA log <--> TCP session mappings.
More context of the MTA log and tcpdump session record is available
on request. I put online what I thought is relevant, but of course I
might have missed some things...
Help is appreciated!
TIA, Jukka
[1] http://salmi.ch/~jukka/dkim-milter/maillog
[2] http://salmi.ch/~jukka/dkim-milter/miltersniff.39902-40249.gz
[3] http://salmi.ch/~jukka/dkim-milter/notes.txt
--
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
dkim-milter-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
