On 07/10/2022 12:12, Jeremy Harris via Exim-users wrote:
I don't think either of those should matter.
Suggest enabling targeted debug for these domains, using ACL
control=debug,
probably best in RCPT ACL. You'll want at least the acl and dns debug
categories.
In the debug output find that "failed key import" being logged,
and look at the processing leading up to it.
This helped a lot! - Thank You
its showing the following in that debug output:
DNS lookup of s1._domainkey.sendgrid.com. (TXT) gave TRY_AGAIN
s1._domainkey.sendgrid.com. in dns_again_means_nonexist? no (option unset)
returning DNS_AGAIN
LOG: MAIN
PDKIM: d=sendgrid.com s=s1 [failed key import]
PDKIM [sendgrid.com] rsa-sha256 signature status: PDKIM_VERIFY_INVALID
(PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE)
I'm guessing that the most important here is the "TRY_AGAIN" part
Is that down to a broken resolver on my part ? i.e. system resolver or
something in exim I'm missing
or is that down to my host?
My resolve.conf is set by my host to use their in house resolvers
Not sure what you mean by "turn down".
Obviously you could avoid doing dkim verification.
Yes, this is what i meant; to turn it off entirely
I feel this would be an option as spamassassin is also verifying the
DKIM (pass) when it does its check.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
