RE: Signing problem

From: Murray S. Kucherawy <>
Date: Tue, 26 Oct 2010 15:48:42 -0700

Using "Domain" is a simple way but it makes some assumptions, like a direct domain name match also means that's the domain where the key lives. That's why "d=" changed in your test.

You'll probably have more success with Subdomains, or failing that, you should try setting up a KeyTable and SigningTable which gives you much more direct control.

From: Jason Clint []
Sent: Tuesday, October 26, 2010 3:36 PM
To: Murray S. Kucherawy;
Subject: RE: Signing problem

the only other thing I did was, add to the Domain. Guess that would make sense though since it would go through right, but then wouldn't I be back to my same problem of not being able to send mail as instead of as
Date: Tue, 26 Oct 2010 15:30:34 -0700
Subject: RE: Signing problem
Ah, you changed something else. The signature that was added has a new "d=" value, namely "". You don't have a public key posted for that domain, resulting in the temp-fail.

From: [] On Behalf Of Jason Clint
Sent: Tuesday, October 26, 2010 3:21 PM
Subject: RE: Signing problem

apparently sendmail is starting to get sick of me:

Oct 26 16:16:03 mail sendmail[6668]: o9QMG3VX006668: from=root, size=26, class=0, nrcpts=1, msgid=<>, relay=root_at_localhost
Oct 26 16:16:03 mail sendmail[6669]: o9QMG3SJ006669: from=<>, size=332, class=0, nrcpts=1, msgid=<>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain []
Oct 26 16:16:03 mail sendmail[6669]: o9QMG3SJ006669: Milter insert (1): header: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;\n\; s=mail; t=1288131363;\n\tbh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=;\n\th=Date:From:Message-Id:To;\n\tz=Date:=20Tue,=2026=20Oct=202010=2016:16:03=20-0600|From:=20root=20\n\t <>|Message-Id:=20<201010262216.o9QMG3V\n\t>|;\n\tb=DQ8aTRbSD2BwKTo8DQoqyrPbFs5xoDkQIodZmuJvfJ93GGUfANjXoTSGINdS14EGN\n\t F4BeCntzj1A7GW1qeEWXIi2cbT6/I4L3AAzWkqkutS5hxm/76ljxZ4lX8bnK5ma6jz\n\t t+V/MnxHKfbnU8quKhQHzjnxqHLTegIF30b40eEw=
Oct 26 16:16:03 mail sendmail[6668]: o9QMG3VX006668:, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30026, relay=[] [], dsn=2.0.0, stat=Sent (o9QMG3SJ006669 Message accepted for delivery)
Oct 26 16:16:04 mail sendmail[6672]: STARTTLS=client,, version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Oct 26 16:16:05 mail sendmail[6672]: o9QMG3SJ006669: to=<>, ctladdr=<> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=esmtp, pri=120332, [], dsn=4.0.0, stat=Deferred: 451 4.3.2 Please try again later

I will have to check on it in a minute!
Subject: RE: Signing problem
Date: Tue, 26 Oct 2010 22:17:29 +0000

Just so you know its not whats in the log that bothers me but the response I get back from which is.......check that, I just looked at the last log entry and saw this:

We hope this service has been helpful to you.

Authentication System: DomainKeys Identified Mail
   Result: DKIM signature confirmed GOOD
   Description: Signature verified, message arrived intact
   Reporting host:
   More information:
   Sendmail milter:

give me a second while I verify if its right and I didn't just doze off and dream it started working.

> Date: Tue, 26 Oct 2010 15:11:27 -0700
> Subject: Re: Signing problem
> From:
> To:
> CC:
> On Tue, Oct 26, 2010 at 2:24 PM, Jason Clint <> wrote:
> > Another update, setting the Domain to
> >, gets rid of the other errro:
> > Oct 26 15:07:44 mail opendkim[6446]: o9QL7iJ8006451: no signing domain match
> > for `'
> I just wanted to point out that what you are seeing is not an "error",
> it's debug output caused by the "LogWhy" statement being enabled in
> your opendkim configuration.
> Murray, maybe a log identifier to indicate it's debug output and not
> an error would be beneficial. I'm torn though...
> --
> Regards... Todd
> I seek the is only persistence in self-delusion and
> ignorance that does harm. -- Marcus Aurealius
Received on Tue Oct 26 2010 - 22:49:02 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:19:49 PST