FWIW, I had issues with what sounds like the same thing. I removed the CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10" trom tcp.smtp
And so far I haven't had issues. If you use spamdyke it takes care of the max_recipients=50 for you. You might even try removing the CHKUSER_WRONGRCPTLIMIT="10" and see if the issue goes away. I'm not sure how that rule works. But I suspect it fails after ten attempts to an address. Even if it's one address failing. Someone correct me if I'm guessing wrong on that. _____ From: [email protected] [mailto:[email protected]] Sent: Friday, May 13, 2011 8:24 AM To: [email protected] Subject: Re: [qmailtoaster] problem with dkim I have the _domainkey.your-domain.com TXT "t=y\;" set in DNS, and it has been a week since we implemented dkim. I have also tested our DNS servers, and I pretty sure there are not any timeouts. I have found that it does not matter if the format is "Aaron Powell"<[email protected]> or not. If I send to: [email protected], [email protected], [email protected], [email protected], [email protected] I get dkim=permerror (bad sig) but if I send to fewer recipients it works. it is like I am limited to a certain number of characters on the to: line, and not necessarily, by recipients. any other ideas? -- Aaron Powell IT Manager S&T Communications Office: 785-460-7300 Fax: 785-460-7301 Quoting Toma Bogdan <[email protected]>: > On 5/12/2011 9:48 PM, [email protected] wrote: >> Here is the headers of a dkim=permerror (bad sig) >> >> From [email protected] Thu May 12 12:52:19 2011 >> X-Apparently-To: [email protected] via >> 68.142.199.191; Thu, 12 May 2011 05:52:22 -0700 >> Return-Path: <[email protected]> >> Received-SPF: pass (mta140.mail.sp2.yahoo.com: >> domain of [email protected] designates 63.170.92.52 as permitted >> sender) >> bW11bmljYXRpb25zCk9mZmljZTogNzg1LTQ2MC03MzAwCkZheDogNzg1LTQ2 >> MC03MzAxATABAQEB >> X-YMailISG: >> BKczKe0cZAp_Kh4Pvn1OCHTN0GqUVYw0_NRMSykOs7JnEqjC >> lGzt5FZrLq40JE8u0IoDIJEJslXMatTuxXDy61bEN.CmuYFkMnIxivLThB56 >> NY2Zmx_Tn5IqdrX2kQKtMGngmsjuVbNeOKRs9HjzW5xucV.4MpwRq1ElZAvD >> eWtKKHdyPQTtKfTs1T2cKchvgabQPHb2kHnjqZ0LT9_L9ok9yhbCGc8XcQ81 >> WZmPFdrqkwSoEG9GLKSPOjKRo_vzLuSBK8Huw1rIlHJP79PnzNLEhyeUIuvg >> fFYAy.eJDkGDPZtUS1VF38ZnMGQuI1hs5IOuLqyyvIouHBOGvAIZuLvQFf1e >> c0bVvayQx4DZclN9QWZgwWKHOyeM8uRSXLvLSQTmtbZR9j4VqDZh0YSdxjqR >> 9bUlPFWFOdgMr2WQXzipzX7e8k6pdiGP6xILHGCBPICd5kN6peqeC4PcJC_r >> HujN_T4M9K69ekAuLthlbeW.lqN_rZ1p5jxLf6T1cbIhov4MgFtNqiOAYqyy >> lGpw4dXg0wInHlHlLl9u5SZPNygqq1srxLmauGuIM5sz4uwj43iTgcrzUBsW >> L29RR8.RKxX4OKNKtcmAeYQFbnZsB7w1RXFK35zyjWDAcrxTpP9Ih350BqHY >> cXDXTnswoV3jpiDgBluaYLq_0UsgBXhN__zrhYXmus7Yz0Ar3QzyZePGAWhC >> pdZ54WeptgnfJbYbVvSvVsqLQwgEE4slabXwsgxtJOtADkJU7ZvcqkhR8it9 >> YkJRIjW3pHACqumQFFZZEq7EpOZyCbsTA91Rzyr9kIZQwYYwOD1kzJKQEo.f >> 9YkeRX52yFA8UhSm4VCDaB5vixH4PLFNGOwjlX6PWzrGJbrodmvjS1CI76x0 >> 7jt93FYw3tAWu13cgzhjbKmXCKEsjncIijTYTSw03u5ly_GpfWaaz2zPWzq_ >> c1jsXXZFId45z96M4rmWWI5RpgZ4DQ6Jt.39nWzNga.XPLDM6x4qwCHkTbkE >> V77Tl1fyf_MxANcZdMGg1gNFHPCZx5yee5vxqqha7Db8_pf_OsykAsgG1F9A >> ReFXG2OrHAILNjoHh35_jQEHSNmMhI2o5m.wWg_hcG8hmDD1pKXBR7yoJxt9 >> 4eX7pf5vQlK9IBCkLunc0CWbYiV6.OQ8fjBcwSvogtWz54tfIPOcpWbUJgtX >> jn9RllSceq0f3UzD_cZ4RRPibbeeZdeU3iiEX0i3h74Bu3F.N1FJBTwjnyJw >> goll1A.f79tJZvgTSeXgEgeTmecCnkKNIXAj0zfiVNFVJNF8xcqWo_zM0LVl >> Iwtj5dhpR4yG9GUF6kXf7Dkui4D3Yh8kc9d8k7BWVrX4ZaxmbTTZjkPjVoa9 >> NnNdYusW3qh4sb53FDuxaFIqsk0hLJwYFUu6kJl91mYlP6BNadWFFN.GM2rb >> 5TQyr8MgI0w1 >> X-Originating-IP: [63.170.92.52] >> Authentication-Results: mta140.mail.sp2.yahoo.com >> from=st-tel.net; domainkeys=neutral (no sig); >> from=stmail-nfs1.st-tel.net; dkim=permerror (bad sig) >> Received: from 127.0.0.1 (EHLO mx2.st-tel.net) >> (63.170.92.52) by mta140.mail.sp2.yahoo.com with SMTP; Thu, 12 May >> 2011 05:52:22 -0700 >> Received: from stmail-nfs1.st-tel.net >> (stmail-nfs1.st-tel.net [10.2.1.160]) by mx2.st-tel.net >> (8.13.8/8.13.8/Debian-3+etch1) with ESMTP id p4CCqKWl014236 for >> <[email protected]>; Thu, 12 May 2011 07:52:21 -0500 >> DKIM-Signature: v=1; a=rsa-sha1; c=simple; >> d=stmail-nfs1.st-tel.net; h= >> message-id:date:from:to:subject:mime-version:content-type >> :content-transfer-encoding; s=dkim1; bh=qWaYy1rzecELWi+MGj9iPd9l >> YlY=; b=fwOb2HLSZkZWZYkhB73PnzZr4nL2Vce3b8lxtgpt5GpoL+dTN8W68Xsw >> hHgLm+iM >> Received: (qmail 9866 invoked by uid 89); 12 May >> 2011 12:52:19 -0000 >> Received: by simscan 1.4.0 ppid: 9860, pid: 9861, >> t: 0.0092s scanners: attach: 1.4.0 clamav: 0.97/m:53/d:13061 >> Received: from unknown (HELO localhost) >> (10.2.1.180) by stmail-nfs1.st-tel.net with SMTP; 12 May 2011 >> 12:52:19 -0000 >> Received: from 10.2.4.63 ([10.2.4.63]) by >> stwebmail.st-tel.net (Horde Framework) with HTTP; Thu, 12 May 2011 >> 07:52:19 -0500 >> Message-ID: <[email protected]> >> X-Priority: 3 (Normal) >> Date: Thu, 12 May 2011 07:52:19 -0500 >> From: >> [email protected] >> View contact details >> To: Gmail test <[email protected]>, Yahoo test >> <[email protected]>, Aaron test <[email protected]> >> Subject: test >> MIME-Version: 1.0 >> Content-Type: text/plain; charset=ISO-8859-1; >> DelSp="Yes"; format="flowed" >> Content-Disposition: inline >> Content-Transfer-Encoding: 7bit >> User-Agent: Internet Messaging Program (IMP) H3 (4.3.6) >> X-Bayes-Prob: 0.0001 (Score 0, tokens from: @@RPTN, >> outbound) >> X-Spam-Score: 0.00 () [Hold at 13.00] SPF(pass:0) >> X-CanIt-Geo: No geolocation information available >> for 10.2.1.160 >> X-CanItPRO-Stream: outbound >> X-Canit-Stats-ID: 03EGAQkXK - ade7763c5d5c - 20110512 >> X-Scanned-By: CanIt (www . roaringpenguin . com) on >> 10.2.1.52 >> Content-Length: 97 >> >> Here is the headers of a dkim=pass (ok) >> >> From [email protected] Thu May 12 01:48:10 2011 >> X-Apparently-To: [email protected] via >> 68.142.199.195; Wed, 11 May 2011 18:48:12 -0700 >> Return-Path: <[email protected]> >> Received-SPF: pass (mta1221.mail.sk1.yahoo.com: >> domain of [email protected] designates 63.170.92.52 as permitted >> sender) >> bW11bmljYXRpb25zCk9mZmljZTogNzg1LTQ2MC03MzAwCkZheDogNzg1LTQ2 >> MC03MzAxATABAQEB >> X-YMailISG: >> 9ROR0XYcZAp4h_IaiVNuc6zi0qsAKWmEZJfFP0_jFAZxrJLR >> 7fWW2ZaAOdzcnixD7ZkTkF0LPTOlo0c1d7GUkxaPyfsJmtsmdY8KL_tQXXyc >> lxrIplJkEsTY4_2PyEegIPDMRwx7ayqaiqRt9qlBBKGRZhLku8P8G1_NpggK >> yzbRa36s3tze1B_QdQnSYfdc4ZAgfqz2KK_t0LqWp0XObDE37RDZRJZ7g4Bq >> 5HcMCX7y_IsmC5scUUO1yrMdRQBuTF2kWWcufPJmLl9zbWKxnG0hkph4FhEJ >> EdNkc4kj_sIt65rAOLb3EOvxArhmpyvgtH4uWzDt16JQF3ZvKAqNnTanBmnL >> U2_U_VK1eo_dXwEGK2VZdmdeapqX5d6fPTPsm0FjmPQHZRPfFk44NEAkBKkv >> bXOfx67S.JRv5nNdLxiM3c2eaqsosH2lTHguuLkjGa5otPa35HKmrLZOmqpF >> Tz.hs542I387Hf0jbDUQKfcbz3KjiF9m8L2KZXbSfIBxUrrANSJMsu7cK.7a >> MC7wSmYW7DyfDNPM1c.5MR1qzCtVEya1dumYHZwVIOPcKIcuqDph5KFtZZFH >> 3oQD1Wl63A3Bo5PzPeGMaFGM2M65Cjk6mX26MVcTWQW2_Dk_clch26gi5eT_ >> lMZa3CNy_X_y5jM91gp.b_XzstkXvn3a9FVObOURR2vV_j1yGYi1ByUTOprT >> MXC4xuC1R7zsI20X1L7eZ.LbDaTXPMmtd0W2.UQcMJSU8tYH5VO0I7UFiXRL >> 291h5JQuDFxNHI0kn_JnxXP15MyJCcN2uMJOqa1.iDTF80BTjiAGA.HQPULU >> ZOXFK_JEC53USz6n1mowuQgOEbEc1pjuYSB7Xwo3aBqJGBwOc2Q.G9k2nPAY >> fWV7QnDmzr8qhh0UIeTF6.Otx2ocWGF7rRFPJVABzkl0SoQjCCR6W7aJ8mWA >> uD4rAC4ZdH4s_8pebA50BG.3WOltoaSu6MlB.nYzgA92KLY_4qfUhT2vIkfJ >> .R8GTP9MRfD5yIWv.VCJhazVpNXvpGRpNmVERr17WK3vyZKWw7jC3CsJJZbK >> Z8gn05b02sIM8er7i3jKU5oQI9t1LbG1Vnw61MnA.Tl9cxDXACgWWUznys3Q >> 4SpR1oiv6WePob8LNOuNBhggguhiCpInfWNccKoYiRmExYkWaD_6KzUt8dMz >> fdH0gJe3ThMnfkXc8JBhGNr84Asql8qNx0ksBRbgoxJU44aSHDAUhMG_Pjdm >> pKmEKA1_1GEQBHS2eYr1MUFtCCbzE.FOGWv8wG5C33onpl0IPmSu0HMl3gVA >> a45T7CePcJUYiAxTctsQpl7V50cE3s6hINgpI9gxycTfrCSRf5g89xxCnYBH >> X4lSRv.n3VizTen.806V.mTVhL3yH7GS5rY8IehEASPKZZF_wnybX5z44FvW >> W0rTQihRWPbj_TIjCdQln8ntZY3hWQ-- >> X-Originating-IP: [63.170.92.52] >> Authentication-Results: mta1221.mail.sk1.yahoo.com >> from=st-tel.net; domainkeys=neutral (no sig); >> from=stmail-nfs1.st-tel.net; dkim=pass (ok) >> Received: from 127.0.0.1 (EHLO mx2.st-tel.net) >> (63.170.92.52) by mta1221.mail.sk1.yahoo.com with SMTP; Wed, 11 May >> 2011 18:48:12 -0700 >> Received: from stmail-nfs1.st-tel.net >> (stmail-nfs1.st-tel.net [10.2.1.160]) by mx2.st-tel.net >> (8.13.8/8.13.8/Debian-3+etch1) with ESMTP id p4C1mAlT026209 for >> <[email protected]>; Wed, 11 May 2011 20:48:10 -0500 >> DKIM-Signature: v=1; a=rsa-sha1; c=simple; >> d=stmail-nfs1.st-tel.net; h= >> message-id:date:from:to:subject:mime-version:content-type >> :content-transfer-encoding; s=dkim1; bh=qWaYy1rzecELWi+MGj9iPd9l >> YlY=; b=AcwT7q7jLGCYpLnLgd3jrtkyrqYPclyj0dBtkjpwx6FUMZol+QKB8WFw >> JtWo0pMj >> Received: (qmail 22996 invoked by uid 89); 12 May >> 2011 01:48:10 -0000 >> Received: by simscan 1.4.0 ppid: 22990, pid: 22991, >> t: 0.0080s scanners: attach: 1.4.0 clamav: 0.97/m:53/d:13061 >> Received: from unknown (HELO localhost) >> (10.2.1.180) by stmail-nfs1.st-tel.net with SMTP; 12 May 2011 >> 01:48:10 -0000 >> Received: from 63.163.22.1 ([63.163.22.1]) by >> stwebmail.st-tel.net (Horde Framework) with HTTP; Wed, 11 May 2011 >> 20:48:10 -0500 >> Message-ID: <[email protected]> >> X-Priority: 3 (Normal) >> Date: Wed, 11 May 2011 20:48:10 -0500 >> From: >> [email protected] >> View contact details >> To: "Aaron Powell (Home)" <[email protected]> >> Subject: test >> MIME-Version: 1.0 >> Content-Type: text/plain; charset=ISO-8859-1; >> DelSp="Yes"; format="flowed" >> Content-Disposition: inline >> Content-Transfer-Encoding: 7bit >> User-Agent: Internet Messaging Program (IMP) H3 (4.3.6) >> X-Bayes-Prob: 0.0001 (Score 0, tokens from: @@RPTN, >> outbound) >> X-Spam-Score: 0.00 () [Hold at 13.00] SPF(pass:0) >> X-CanIt-Geo: No geolocation information available >> for 10.2.1.160 >> X-CanItPRO-Stream: outbound >> X-Canit-Stats-ID: 03EGpMayv - 19fdb5f15a2f - 20110511 >> X-Scanned-By: CanIt (www . roaringpenguin . com) on >> 10.2.1.52 >> Content-Length: 97 >> Compact Headers >> >> it seems that if we send to three or more recipiants then we get >> the dkim=permerror (bad sig) >> >> but only if those three are in the format of "Aaron Powell" >> <[email protected]> and not just [email protected]. >> >> any help would be appreciated. >> >> Thanks > - dns query timeout from your servers > - an yahoo server have old dns cache of your dns dkim sig > > if you just implement dkim or renew dkim sig it better to have a > small TTL, and set DNS TXT for > _domainkey.your-domain.com TXT "t=y\;" > > > Hope that helps you... > > -- > Bogdan T. > Network/Systems Security > tbogdan['a+t']direkt.ro > > > ---------------------------------------------------------------------------- ----- > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and installations. > If you need professional help with your setup, contact them today! > ---------------------------------------------------------------------------- ----- > Please visit qmailtoaster.com for the latest news, updates, and packages. > To unsubscribe, e-mail: > [email protected] > For additional commands, e-mail: [email protected] > > > > > -- > BEGIN-ANTISPAM-VOTING-LINKS > ------------------------------------------------------ > > Teach CanIt if this mail (ID 04EGT9GSP) is spam: > Spam: > http://spam.st-tel.net/canit/b.php?i=04EGT9GSP <http://spam.st-tel.net/canit/b.php?i=04EGT9GSP&m=1b09be09b9c4&t=20110513&c= s> &m=1b09be09b9c4&t=20110513&c=s > Not spam: > http://spam.st-tel.net/canit/b.php?i=04EGT9GSP <http://spam.st-tel.net/canit/b.php?i=04EGT9GSP&m=1b09be09b9c4&t=20110513&c= n> &m=1b09be09b9c4&t=20110513&c=n > Forget vote: > http://spam.st-tel.net/canit/b.php?i=04EGT9GSP <http://spam.st-tel.net/canit/b.php?i=04EGT9GSP&m=1b09be09b9c4&t=20110513&c= f> &m=1b09be09b9c4&t=20110513&c=f > ------------------------------------------------------ > END-ANTISPAM-VOTING-LINKS > > ---------------------------------------------------------------------------- ----- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! ---------------------------------------------------------------------------- ----- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] _____ No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1375 / Virus Database: 1500/3633 - Release Date: 05/12/11
