Hello, I have problem with dkim-milter (dkim-milter-2.8.3).
dkim-milter successfully signing most emails, but some emails (which look normal) pass via relay without signing. My research show that problem occurs when From and To headers follow in some order. There are two cases. Case 1: message does not signed. SMTP session: ================================8<======================= [[email protected] /]# telnet 0 25 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. 220 mailrelay.ourdomain.com ESMTP Postfix EHLO localhost 250-mailrelay.ourdomain.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM: <[email protected]> 250 2.1.0 Ok RCPT TO: <[email protected]> 250 2.1.5 Ok DATA 354 End data with <CR><LF>.<CR><LF> From: <[email protected]> To: <[email protected]> . 250 2.0.0 Ok: queued as 427862C8819 ================================8<======================= Postfix log: ================================8<======================= 2012-08-17T17:08:29.360923+04:00 mailrelay postfix/smtpd[22226]: connect from localhost.localdomain[127.0.0.1] 2012-08-17T17:08:41.274738+04:00 mailrelay postfix/smtpd[22226]: 427862C8819: client=localhost.localdomain[127.0.0.1] 2012-08-17T17:08:51.217937+04:00 mailrelay postfix/cleanup[21928]: 427862C8819: message-id=<[email protected]> 2012-08-17T17:08:51.218055+04:00 mailrelay dkim-filter[1425]: (unknown-jobid): no sender header found; accepting 2012-08-17T17:08:51.222046+04:00 mailrelay postfix/qmgr[19619]: 427862C8819: from=<[email protected]>, size=204, nrcpt=1 (queue active) 2012-08-17T17:08:51.511028+04:00 mailrelay postfix/smtp[22194]: 427862C8819: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.70.27]:25, delay=19, delays=19/0/0.05/0.24, dsn=2.0.0, status=sent (250 2.0.0 OK 4145308131 l8si01973873odq.99) 2012-08-17T17:08:51.511150+04:00 mailrelay postfix/qmgr[19619]: 427862C8819: removed ================================8<======================= Case 2: message signed successfully. Sic! I just changes From and To headers in message body (not in envelope). SMTP session: ================================8<======================= [[email protected] /]# telnet 0 25 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. 220 mailrelay.ourdomain.com ESMTP Postfix EHLO localhost 250-mailrelay.ourdomain.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM: <[email protected]> 250 2.1.0 Ok RCPT TO: <[email protected]> 250 2.1.5 Ok DATA 354 End data with <CR><LF>.<CR><LF> To: <[email protected]> From: <[email protected]> . 250 2.0.0 Ok: queued as 480582C8822 ================================8<======================= Postfix log: ================================8<======================= 2012-08-17T17:14:00.026839+04:00 mailrelay postfix/smtpd[22226]: connect from localhost.localdomain[127.0.0.1] 2012-08-17T17:14:12.295149+04:00 mailrelay postfix/smtpd[22226]: 480582C8822: client=localhost.localdomain[127.0.0.1] 2012-08-17T17:14:19.177684+04:00 mailrelay postfix/cleanup[22399]: 480582C8822: message-id=<[email protected]> 2012-08-17T17:14:19.177845+04:00 mailrelay dkim-filter[1425]: (unknown-jobid) mode select: signing 2012-08-17T17:14:19.183373+04:00 mailrelay dkim-filter[1425]: 480582C8822 "DKIM-Signature" header added 2012-08-17T17:14:19.193229+04:00 mailrelay postfix/qmgr[19619]: 480582C8822: from=<[email protected]>, size=200, nrcpt=1 (queue active) 2012-08-17T17:14:19.428857+04:00 mailrelay postfix/smtp[22308]: 480582C8822: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[173.194.70.27]:25, delay=9.7, delays=9.4/0/0.04/0.19, dsn=2.0.0, status=sent (250 2.0.0 OK 9201917281 wd2si12002916oiq.90) 2012-08-17T17:14:19.428994+04:00 mailrelay postfix/qmgr[19619]: 480582C8822: removed ================================8<======================= dkim-milter config and keys definition: # cat /etc/mail/dkim-milter/dkim-filter.conf | egrep -v '^$'| egrep -v '^#' ================================8<======================= AutoRestart yes Canonicalization relaxed/simple InternalHosts /etc/postfix/mynetworks KeyList /etc/mail/dkim-milter/keys/keylist LogWhy yes SignatureAlgorithm rsa-sha256 Syslog yes SyslogSuccess yes UMask 007 UserID dkim-milter ================================8<======================= # cat /etc/mail/dkim-milter/keys/keylist ================================8<======================= # sender-pattern:signing-domain:keypath # *:example.com:selector *@ourdomain.com:ourdomain.com:/etc/mail/dkim-milter/keys/climail *@list.ourdomain.com:list.ourdomain.com:/etc/mail/dkim-milter/keys/list *@daily.ourdomain.com:daily.ourdomain.com:/etc/mail/dkim-milter/keys/daily ================================8<======================= Somebody known how to fix my problem? P.S. Some software send emails only as described in Case 2 and I cannot fix this problem in this software. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
