> From: [email protected]
> To: [email protected]; [email protected]
> Date: Sat, 10 Apr 2010 21:24:47 -0700
> Subject: RE: [dkim-ops] No signature on incoming mail
>
> > -----Original Message-----
> > From: [email protected] [mailto:dkim-ops-
> > [email protected]] On Behalf Of Ernie Grossmann
> > Sent: Saturday, April 10, 2010 1:33 PM
> > To: [email protected]
> > Subject: [dkim-ops] No signature on incoming mail
> >
> > I'm using a basic Ubuntu Server 9.10 x64 installation with
> > Postfix/Amavis/DKIM setup. My outgoing mail is signed fine. However,
> > the incoming mail doesn't appear to be.
> >
> > 99.9% of the mail comes in with this in the mail log:
> > <code>
> > dkim-filter[1626]: 07CF5134C5: no signature data
> > </code>
>
> Most of your incoming mail is still unsigned. This isn't an error, just an
> observation in the log.
>
> > I did have one come in with this in the log:
> > <code>
> > dkim-filter[1626]: CD2CCD95 ADSP query: syntax error in policy data
> > dkim-filter[1626]: CD2CCD95: no signature data
> > </code>
>
> Probably either a malformed ADSP record in the sending domain's DNS, or a
> wildcard record that causes the ADSP record to point at something like an SPF
> record. And the message was unsigned.
>
> > and another one with this one (and this is the one that makes me wonder
> > about DNS resolution):
> > <code>
> > dkim-filter[1626]: 7E6FDD95 ADSP query: timeout DNS query for
> > `d49.org'
> > dkim-filter[1626]: 7E6FDD95: no signature data
> > </code>
>
> DNS timeouts aren't all that unusual.
>
> > This error comes from the header of an email from gmail user:
> > <code>
> > domainkeys=softfail (invalid, public key: DNS query timeout for
> > gamma._domainkey.gmail.com)
> > </code>
> >
> > Do most senders *NOT* use DK or DKIM signatures? Do I have a problem
> > with my DNS? How can I troubleshoot/fix?
>
> It looks like it's operating normally to me.
>
> DKIM is supplanting DK, but still both together don't have as much traction
> as we'd like (yet).
>
> That error doesn't look like something dkim-filter generated. Are you pasting
> or typing those manually? You might look at using something like OpenDKIM.
> The dkim-filter package is unmaintained.
Thanks -- you were very helpful.
The error messages were cut-n-paste. The last one (which doesn't look like
dkim-filter) may be dk-filter or may be amavis-new (which checks dk/dkim
signatures).
I've changed the DNS servers in my resolv.conf so hopefully I'll get better DNS
replies. But your answers gave me a good 'sanity check' that things appear to
be working normally.
Thanks again.
Ernie Grossmann
_________________________________________________________________
Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_1_______________________________________________
dkim-ops mailing list
[email protected]
http://mipassoc.org/mailman/listinfo/dkim-ops
