Hi, When I try to use the 4.71 dkim-signing functionality to sign messages, the connection is lost when Exim sends the data to the remote host. I've tried sending to gmail (debug output below) and also to a server of my own that is definitely not doing any DKIM checking. The DKIM DNS entry isn't setup for this domain, but IIUC that shouldn't be necessary for the signing process, only the validation process.
Can anyone shed any light on what I'm doing wrong? Thanks, Tony Transport configuration (the domain, selector and private key are actually MySQL lookups, but those work correctly): remote_smtp: debug_print = "T: remote_smtp for $local_p...@$domain" driver = smtp dkim_domain = spamexperts.com dkim_selector = testing dkim_private_key = XXXXXXXX dkim_strict = true Debug output (with the certificate and lookups hidden a bit): 24282 delivering 1NIV7o-0006JM-8J to ASPMX2.GOOGLEMAIL.com [209.85.135.27] ([email protected]) 24282 set_process_info: 24282 delivering 1NIV7o-0006JM-8J to ASPMX2.GOOGLEMAIL.com [209.85.135.27] ([email protected]) 24280 set_process_info: 24280 delivering 1NIV7o-0006JM-8J: waiting for a remote delivery subprocess to finish 24280 selecting on subprocess pipes 24282 Connecting to ASPMX2.GOOGLEMAIL.com [209.85.135.27]:25 ... connected 24282 waiting for data on socket 24282 read response data: size=42 24282 SMTP<< 220 mx.google.com ESMTP w5si749815mue.22 24282 209.85.135.27 in hosts_avoid_esmtp? no (option unset) 24282 SMTP>> EHLO server1.devtrunk.simplyspamfree.com 24282 waiting for data on socket 24282 read response data: size=126 24282 SMTP<< 250-mx.google.com at your service, [188.40.178.34] 24282 250-SIZE 35651584 24282 250-8BITMIME 24282 250-ENHANCEDSTATUSCODES 24282 250 PIPELINING 24282 209.85.135.27 in hosts_require_tls? no (option unset) 24282 209.85.135.27 in hosts_avoid_pipelining? no (option unset) 24282 using PIPELINING 24282 209.85.135.27 in hosts_require_auth? no (option unset) 24282 SMTP>> MAIL FROM:<[email protected]> SIZE=1833 24282 SMTP>> RCPT TO:<[email protected]> 24282 SMTP>> DATA 24282 waiting for data on socket 24282 read response data: size=31 24282 SMTP<< 250 2.1.0 OK w5si749815mue.22 24282 waiting for data on socket 24282 read response data: size=63 24282 SMTP<< 250 2.1.5 OK w5si749815mue.22 24282 SMTP<< 354 Go ahead w5si749815mue.22 24282 SMTP>> writing message and terminating "." 24282 writing data block fd=7 size=813 timeout=300 24282 search_open: mysql "NULL" 24282 search_find: file="NULL" 24282 key="SELECT dkim_selector XXX" partial=-1 affix=NULL starflags=0 24282 LRU list: 24282 internal_search_find: file="NULL" 24282 type=mysql key="SELECT dkim_selector XXX" 24282 database lookup required for SELECT dkim_selector XXX 24282 MySQL query: SELECT dkim_selector XXX 24282 MYSQL new connection: host=localhost port=0 socket=NULL database=mx user=exim 24282 lookup yielded: testing 24282 search_open: mysql "NULL" 24282 cached open 24282 search_find: file="NULL" 24282 key="SELECT certificate XXX" partial=-1 affix=NULL starflags=0 24282 LRU list: 24282 internal_search_find: file="NULL" 24282 type=mysql key="SELECT certificate XXX" 24282 database lookup required for SELECT certificate XXX 24282 MySQL query: SELECT certificate XXX 24282 MYSQL using cached connection for localhost/mx/exim 24282 lookup yielded: -----BEGIN CERTIFICATE-----XXX=-----END CERTIFICATE----- 24282 PDKIM >> Hashed body data, canonicalized >>>>>>>>>>>>>>>>>>>>>>>>>>>>> Ths{SP}is{SP}atest.{CR}{LF}PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< PDKIM [spamexperts.com] Body bytes hashed: 15 PDKIM [spamexperts.com] bh computed: 26054105837d58c20fa7cf59c6d54d281113407ea09f82baad61d6520a46387f PDKIM >> Hashed header data, canonicalized, in sequence >>>>>>>>>>>>>> message-id:<[email protected]>{CR}{LF} from:[email protected]{cr}{lf} subject:test{CR}{LF} PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< PDKIM >> Signed DKIM-Signature header, canonicalized >>>>>>>>>>>>>>>>> dkim-signature:v=1;{SP}a=rsa-sha256;{SP}q=dns/txt;{SP}c=relaxed/relaxed;{SP}d=spamexperts.com;{SP}s=testing;{SP}h=Message-ID:From:Subject;{SP}bh=JgVBBYN9WMIPp89ZxtVNKBETQH6gn4K6rWHWUgpGOH8=;{SP}b=; PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< PDKIM [spamexperts.com] hh computed: acd4376f8bf24154fda23fd565e5d56772c5f2a941f987ba8ee6b1c9554cd42f 24282 ok=0 send_quit=0 send_rset=1 continue_more=0 yield=1 first_address is NULL 24282 LOG: MAIN 24282 Remote host ASPMX2.GOOGLEMAIL.com [209.85.135.27] closed connection in response to sending data block 24282 set_process_info: 24282 delivering 1NIV7o-0006JM-8J: just tried ASPMX2.GOOGLEMAIL.com [209.85.135.27] for [email protected]: result DEFER mainlog output for remote server (mine, not gmail's, obviously): 2009-12-09 23:44:51 SMTP connection from server1.devtrunk.simplyspamfree.com [188.40.178.34] lost while reading message data (header) mainlog output for sending server when not in debug mode: 2009-12-09 23:58:31 1NIVUH-0006TH-Tb Remote host fallbackmx.spamexperts.com [78.46.212.49] closed connection in response to sending data block Exim version: Exim version 4.71 #1 built 09-Dec-2009 07:44:54 Copyright (c) University of Cambridge, 1995 - 2007 Berkeley DB: Berkeley DB 4.6.21: (September 27, 2007) Support for: crypteq iconv() Expand_dlfunc OpenSSL Content_Scanning DKIM Experimental_SPF Experimental_SRS Lookups: lsearch wildlsearch nwildlsearch iplsearch dbm dbmnz dnsdb mysql Authenticators: cram_md5 plaintext Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/maildir autoreply pipe smtp Fixed never_users: 0 Size of off_t: 8 OpenSSL compile-time version: OpenSSL 0.9.8g 19 Oct 2007 OpenSSL runtime version: OpenSSL 0.9.8g 19 Oct 2007 -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
