Tony Meyer wrote: > Hi, > > When I try to use the 4.71 dkim-signing functionality to sign > messages, the connection is lost when Exim sends the data to the > remote host. I've tried sending to gmail (debug output below) and > also to a server of my own that is definitely not doing any DKIM > checking. The DKIM DNS entry isn't setup for this domain, but IIUC > that shouldn't be necessary for the signing process, only the > validation process. > > Can anyone shed any light on what I'm doing wrong? > > Thanks, > Tony
Just a guess - but the presence of a DKIM signature 'most probably' triggers any DKIM-verification-capable receiving host to *attempt* such a verification. Which will of course fail until you set up your DKIM info in the DNS... 'I could be wrong...' etc.. Feel free to send a direct test message to my address. It 'notices' DKIM, but not in the conventional manner. Bill > > Transport configuration (the domain, selector and private key are > actually MySQL lookups, but those work correctly): > > remote_smtp: > debug_print = "T: remote_smtp for $local_p...@$domain" > driver = smtp > dkim_domain = spamexperts.com > dkim_selector = testing > dkim_private_key = XXXXXXXX > dkim_strict = true > > Debug output (with the certificate and lookups hidden a bit): > > 24282 delivering 1NIV7o-0006JM-8J to ASPMX2.GOOGLEMAIL.com > [209.85.135.27] ([email protected]) > 24282 set_process_info: 24282 delivering 1NIV7o-0006JM-8J to > ASPMX2.GOOGLEMAIL.com [209.85.135.27] ([email protected]) > 24280 set_process_info: 24280 delivering 1NIV7o-0006JM-8J: waiting for > a remote delivery subprocess to finish > 24280 selecting on subprocess pipes > 24282 Connecting to ASPMX2.GOOGLEMAIL.com [209.85.135.27]:25 ... connected > 24282 waiting for data on socket > 24282 read response data: size=42 > 24282 SMTP<< 220 mx.google.com ESMTP w5si749815mue.22 > 24282 209.85.135.27 in hosts_avoid_esmtp? no (option unset) > 24282 SMTP>> EHLO server1.devtrunk.simplyspamfree.com > 24282 waiting for data on socket > 24282 read response data: size=126 > 24282 SMTP<< 250-mx.google.com at your service, [188.40.178.34] > 24282 250-SIZE 35651584 > 24282 250-8BITMIME > 24282 250-ENHANCEDSTATUSCODES > 24282 250 PIPELINING > 24282 209.85.135.27 in hosts_require_tls? no (option unset) > 24282 209.85.135.27 in hosts_avoid_pipelining? no (option unset) > 24282 using PIPELINING > 24282 209.85.135.27 in hosts_require_auth? no (option unset) > 24282 SMTP>> MAIL FROM:<[email protected]> SIZE=1833 > 24282 SMTP>> RCPT TO:<[email protected]> > 24282 SMTP>> DATA > 24282 waiting for data on socket > 24282 read response data: size=31 > 24282 SMTP<< 250 2.1.0 OK w5si749815mue.22 > 24282 waiting for data on socket > 24282 read response data: size=63 > 24282 SMTP<< 250 2.1.5 OK w5si749815mue.22 > 24282 SMTP<< 354 Go ahead w5si749815mue.22 > 24282 SMTP>> writing message and terminating "." > 24282 writing data block fd=7 size=813 timeout=300 > 24282 search_open: mysql "NULL" > 24282 search_find: file="NULL" > 24282 key="SELECT dkim_selector XXX" partial=-1 affix=NULL starflags=0 > 24282 LRU list: > 24282 internal_search_find: file="NULL" > 24282 type=mysql key="SELECT dkim_selector XXX" > 24282 database lookup required for SELECT dkim_selector XXX > 24282 MySQL query: SELECT dkim_selector XXX > 24282 MYSQL new connection: host=localhost port=0 socket=NULL > database=mx user=exim > 24282 lookup yielded: testing > 24282 search_open: mysql "NULL" > 24282 cached open > 24282 search_find: file="NULL" > 24282 key="SELECT certificate XXX" partial=-1 affix=NULL starflags=0 > 24282 LRU list: > 24282 internal_search_find: file="NULL" > 24282 type=mysql key="SELECT certificate XXX" > 24282 database lookup required for SELECT certificate XXX > 24282 MySQL query: SELECT certificate XXX > 24282 MYSQL using cached connection for localhost/mx/exim > 24282 lookup yielded: -----BEGIN CERTIFICATE-----XXX=-----END CERTIFICATE----- > 24282 > PDKIM >> Hashed body data, canonicalized >>>>>>>>>>>>>>>>>>>>>>>>>>>>> > Ths{SP}is{SP}atest.{CR}{LF}PDKIM > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< > PDKIM [spamexperts.com] Body bytes hashed: 15 > PDKIM [spamexperts.com] bh computed: > 26054105837d58c20fa7cf59c6d54d281113407ea09f82baad61d6520a46387f > PDKIM >> Hashed header data, canonicalized, in sequence >>>>>>>>>>>>>> > message-id:<[email protected]>{CR}{LF} > from:[email protected]{cr}{lf} > subject:test{CR}{LF} > PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< > PDKIM >> Signed DKIM-Signature header, canonicalized >>>>>>>>>>>>>>>>> > dkim-signature:v=1;{SP}a=rsa-sha256;{SP}q=dns/txt;{SP}c=relaxed/relaxed;{SP}d=spamexperts.com;{SP}s=testing;{SP}h=Message-ID:From:Subject;{SP}bh=JgVBBYN9WMIPp89ZxtVNKBETQH6gn4K6rWHWUgpGOH8=;{SP}b=; > PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< > PDKIM [spamexperts.com] hh computed: > acd4376f8bf24154fda23fd565e5d56772c5f2a941f987ba8ee6b1c9554cd42f > 24282 ok=0 send_quit=0 send_rset=1 continue_more=0 yield=1 first_address is > NULL > 24282 LOG: MAIN > 24282 Remote host ASPMX2.GOOGLEMAIL.com [209.85.135.27] closed > connection in response to sending data block > 24282 set_process_info: 24282 delivering 1NIV7o-0006JM-8J: just tried > ASPMX2.GOOGLEMAIL.com [209.85.135.27] for [email protected]: result > DEFER > > mainlog output for remote server (mine, not gmail's, obviously): > > 2009-12-09 23:44:51 SMTP connection from > server1.devtrunk.simplyspamfree.com [188.40.178.34] lost while reading > message data (header) > > mainlog output for sending server when not in debug mode: > > 2009-12-09 23:58:31 1NIVUH-0006TH-Tb Remote host > fallbackmx.spamexperts.com [78.46.212.49] closed connection in > response to sending data block > > Exim version: > > Exim version 4.71 #1 built 09-Dec-2009 07:44:54 > Copyright (c) University of Cambridge, 1995 - 2007 > Berkeley DB: Berkeley DB 4.6.21: (September 27, 2007) > Support for: crypteq iconv() Expand_dlfunc OpenSSL Content_Scanning > DKIM Experimental_SPF Experimental_SRS > Lookups: lsearch wildlsearch nwildlsearch iplsearch dbm dbmnz dnsdb mysql > Authenticators: cram_md5 plaintext > Routers: accept dnslookup ipliteral manualroute queryprogram redirect > Transports: appendfile/maildir autoreply pipe smtp > Fixed never_users: 0 > Size of off_t: 8 > OpenSSL compile-time version: OpenSSL 0.9.8g 19 Oct 2007 > OpenSSL runtime version: OpenSSL 0.9.8g 19 Oct 2007 > -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
