On Tue, Aug 18, 2009 at 08:28:39PM +0200, Frank Bartels
<[email protected]> wrote:
> I have two questions:
>
> 1. Why does dkim-filter say "not authenticated" but milter-greylist
> was happy with "succeeded SMTP AUTH"? I do not want to use InternalHosts
> by IP address, people should be able to send mail from everywhere
> using this mailserver and have to use smtp auth.
>
> dkim (and dk) work fine if I deliver mail via 127.0.0.1.
You may be able to deal with this by putting that server in the
InternalHosts list (see dkim-filter.conf's manpage). 127.0.0.1 is the
only host in that list if there isn't one specified in the config.
If you're sure that the remote host IS authenticating, then there are
two possibilities, and both revolve around the fact that milter-greylist
and dkim-filter use different Sendmail macros to check if authentication
has occurred:
1. The milter-greylist README still suggests overriding
Milter.macros.envfrom to read "i, {auth_authen}". If you've done
that, then that means dkim-filter is no longer getting the macro *it*
needs to check SMTP AUTH ({auth_type}). The default is now
"Milter.macros.envfrom=i, {auth_type}, {auth_authen}, {auth_ssf},
{auth_author}, {mail_mailer}, {mail_host}, {mail_addr}". That should
satisfy both filters.
2. If you haven't changed Milter.macros.envfrom and it still contains
both {auth_type} and {auth_authen}, then there's the possibility that
the mechanism you're using for auth isn't properly setting one macro.
That's probably a bug in Sendmail, but I'm not aware of such a bug
offhand. The first option seems a lot more likely to me.
> 2. Why does dkim-filter say "mode select: verifying", even if I use
> "Mode s" in dkim-filter.conf?
That's linked to the previous two lines:
> Aug 18 19:27:23 cheese dkim-filter[17347]: n7IHRNqD017363 not internal
> Aug 18 19:27:23 cheese dkim-filter[17347]: n7IHRNqD017363 not authenticated
> Aug 18 19:27:23 cheese dkim-filter[17347]: n7IHRNqD017363 mode select:
> verifying
After seeing that the host is not internal, and thinking that the host
has not authenticated, it decides it cannot sign the message and should
instead be verifying it. Mind you, that's just the LogWhy message making
that declaration. Right after the debug message is printed, the filter
decides whether it's actually in the right mode to perform the operation
requested. So that's at least part of the confusion: it's not really
verifying, but the debug messages are saying that the decision tree so
far points to verifying.
--
Mike Markley <[email protected]>
Utility is when you have one telephone, luxury is when you have two,
opulence is when you have three -- and paradise is when you have none.
- Doug Larson
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
dkim-milter-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
