Re: Logging by default

From: Scott Kitterman <>
Date: Thu, 21 Feb 2013 17:15:05 -0500

On Thursday, February 21, 2013 02:05:37 PM Murray S. Kucherawy wrote:
> On Thu, 21 Feb 2013, Scott Kitterman wrote:
> > Feb 21 15:30:13 mailout02 opendkim[1740]: 231D920E4061:
> > [] not internal
> > Feb 21 15:30:13 mailout02 opendkim[1740]: 231D920E4061: not authenticated
> > Feb 21 15:30:13 mailout02 opendkim[1740]: 231D920E4061: external host
> > attempted to send as
> > Feb 21 15:30:13 mailout02 opendmarc[1751]: 231D920E4061: pass
> >
> > There is nothing from opendkim about the actual verification process. In
> > my view, the fact that an external host is sending using a domain that
> > this host also signs for and is not authenticated is not relevant to
> > anything. Not internal isn't very useful either. I'd think those kinds
> > of things should be reserved for debug logging. Regular logging should
> > report actual program errors and optionally (I think default on)
> > signature results.
> Regular logging does. "LogWhy" is a specific debugging flag. I don't
> normally run with it enabled. It's intended to be used when your filter
> isn't signing and you can't figure out why; when things are operating
> normally, that information isn't useful to log.

OK. I took that out. Now it just logs:

opendkim[5199]: C83BB20E4061: external host
attempted to send as

Which is not particularly useful (even more so when there's no other
information in the log). Lots of domains have multiple MTAs, so I don't think
this is a very interesting fact. I do think a log entry similar to
opendmarc's (but with the domain) would be good as a standard item.

> > As an aside (I know this is the wrong list), it would be nice if
> > opendmarc would include the domain in addition to the result.
> Please open a feature request for that one.


Scott K
Received on Thu Feb 21 2013 - 22:15:19 PST

This archive was generated by hypermail 2.3.0 : Thu Feb 21 2013 - 22:18:02 PST