Re: opendkim/postfix: no signature for emails submitted through port 25

From: <>
Date: Mon, 18 Mar 2013 21:29:09 +0100

On 18 mars 2013, at 15:10, Murray S. Kucherawy wrote:

> On Mon, 18 Mar 2013, Patrick Proniewski wrote:
>> An email submitted via webmail (hence being signed) leaves those traces:
>> [34380753600] milter_negotiate: mta_actions=0x1ff, mta_flags=0x1fffff actions=0x111, flags=0x100702
>> [34380753600] abort: cur 3 (8) new 11 (800) next 12018
>> pretty sure the problem is not with libmilter.
> In libmilter terms, a filter is told "abort" by the MTA when a message has started processing, but some other filter has given a final action on the message; the filter is being told to cancel processing. What this tells me is that some other filter you're using might be the culprit.
> Specifically, this looks like what's happening:
> - MTA gets a new SMTP connection
> - MTA connects to all of your filters, including opendkim
> - MTA goes through option negotiation with all filters (this is the first log line you pasted)
> - some other filter decides traffic from this connection should be allowed unfiltered
> - MTA tells opendkim that the transaction is being aborted (and thus, of course, the message isn't being signed)

On smtpd side, I have a before-queue content filter (smtpd+amavisd-new -> backend smtpd). So I've changed few settings: provided my backend smtpd with a smtpd_milter, and telneted an email directly to this backend smtpd (port 10025 instead of 25).
My email was signed. Unfortunately, it means that every email passing through my antispam filter will also be examined by milter-opendkim.

After running things with high level of debugging, it appears that having a before-queue content filter like amavisd prevents the MACRO "i" from being populated (before-queue -> no queue ID), and I guess this has to do with milter-opendkim failure to sign the message.

I see only 2 solutions here: either I find a way to trigger smtpd_milter once more, after the queue_id (MACRO "i") is populated, or I create another localhost smtpd dedicated to local submission. I do prefer solution 1.
Ideas welcome :)

Received on Mon Mar 18 2013 - 20:29:27 PST

This archive was generated by hypermail 2.3.0 : Mon Mar 18 2013 - 20:36:02 PST