SM wrote:
At 15:07 16-12-2009, Rolf E. Sonneveld wrote:
Today I discovered that dkim-milter rejected messages, while I have (as
far as I know) no configuration settings that would explain this rejection.
AFAICS there are three settings in dkim-filter.conf that could make a
message be rejected:
ADSPDiscard
ADSPNoSuchDomain
RequiredHeaders
Default for all of them is 'no' which means: do not reject. In my
configuration I did not explicitely define them, so they should not be
responsible for the reject action (correct?).
The two most recent log entries on system 1 are:
Dec 16 23:11:09 lynx postfix/cleanup[21219]: A600B70395: milter-reject:
END-OF-MESSAGE from russian-caravan.cloud9.net[168.100.1.4]: 4.7.1
Service unavailable - try again later;
from=<[email protected]> to=<[email protected]>
proto=ESMTP helo=<russian-caravan.cloud9.net>
Dec 16 23:27:24 lynx postfix/cleanup[21347]: 3224870395: milter-reject:
END-OF-MESSAGE from 128-220.colo.introweb.nl[84.241.128.220]: 4.7.1
Service unavailable - try again later; from=<[email protected]>
to=<[email protected]> proto=ESMTP helo=<lisa.crolox.nl>
The most recent log entries on system 2 are:
16-Dec-2009 23:08:44.88 tcp_internet JE 0
31:[email protected] 7:rfc822; 0: 0: 3:msg
52:russian-caravan.cloud9.net ([unknown] [168.100.1.4]) 33:451 4.3.2
Milter rejected message
16-Dec-2009 23:25:01.10 tcp_internet JE 0
25:[email protected] 7:rfc822; 0: 0: 3:msg 43:lisa.crolox.nl
([unknown] [84.241.128.220]) 33:451 4.3.2 Milter rejected message
The 451 code denotes a temporary failure when the message was DKIM
verified. Add:
Syslog Yes
in your dkim-milter configuration file. The maillog will show what
caused the error.
From maillog:
Dec 17 09:54:42 lion dkim-filter[29733]: 0KUS00EAFGR5IO00 no signing
keylist match for `"Jermaine Pitts"<[email protected]'
Dec 17 09:54:42 lion dkim-filter[29733]: 0KUS00EAFGR5IO00 not internal
Dec 17 09:54:42 lion dkim-filter[29733]: 0KUS00EAFGR5IO00 not authenticated
Dec 17 09:54:42 lion dkim-filter[29733]: 0KUS00EAFGR5IO00 mode select:
verifying
Dec 17 09:54:42 lion dkim-filter[29733]: 0KUS00EAFGR5IO00: key retrieval
failed (s=s1024, d=nmvf.us): res_query(): `s1024._domainkey.nmvf.us'
Unknown host
and another example:
Dec 17 01:38:34 lion dkim-filter[29733]: 0KUR00E2HTSAIO00 no signing
keylist match for `[email protected]'
Dec 17 01:38:34 lion dkim-filter[29733]: 0KUR00E2HTSAIO00 not internal
Dec 17 01:38:34 lion dkim-filter[29733]: 0KUR00E2HTSAIO00 not authenticated
Dec 17 01:38:34 lion dkim-filter[29733]: 0KUR00E2HTSAIO00 mode select:
verifying
Dec 17 01:38:35 lion dkim-filter[29733]: 0KUR00E2HTSAIO00: key retrieval
failed (s=dkim.private, d=splitstreams.com): res_query():
`dkim.private._domainkey.splitstreams.com' Unknown host
Seems these messages carry a DKIM signature, but their DKIM DNS entry is
not correct. I assume the dkim-filter status is then not 'reject' but
maybe the mail server is interpreting the result of dkim-filter as a
temp. failure, giving back a 4.x.y status code to the SMTP partner?
/rolf
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
dkim-milter-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
