Re: Is my inbound authentication working or not??

From: Andreas Schulze <sca_at_andreasschulze.de>
Date: Tue, 13 Jul 2010 10:35:00 +0200 (CEST)

Hello,

> Authentication-Results: foo.umrk.org; dkim=pass
> (1024-bit key; insecure key) header.i=_at_gmail.com; dkim-adsp=pass
does DNSSEC verification occur only if opendkim is compiled with
--with-unbound=... ?

> Jul 10 18:03:34 cobalt opendkim[3282]: ABC653FC3B mail-fx0-f50.google.com
> [209.85.161.50] not internal
> Jul 10 18:03:34 cobalt opendkim[3282]: ABC653FC3B not authenticated

this is very confusing to users. Opendkim can act a signer or verifier.
In this context opendkim decides to sign or verify. Opendkim logs here some
marginal intermediate results. But the final result (sign or verify) would
only be logged if syslogsuccess is set to yes. But this is unfortunly not
the default.

Stephen,
in your setup you call opendkim twice for each message.
first time when it arrived via smtp an a second time if spamd reinjects
the mail via smtp at localhost.

You should remove smtpd_milters=...opendkim from main.cf and put it
in the master.cf as an option to the external smtp-server
(I assume, you have already 2 smtp servers in your master.cf )

Andreas

-- 
Viele Gre
Andreas Schulze
Received on Tue Jul 13 2010 - 08:35:21 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:19:47 PST