[exim] rejected DKIM.

Author: Alexey V. Degtyarev
Date:
To: exim-users
Subject: [exim] rejected DKIM.

Hello!

I'm trying to use DKIM on my FreeBSD 7.2 amd64 box with Exim 4.70 from
ports but all I get is that messages without DKIM signature rejected
with strange commentary: 550 Administrative prohibition

configure:

...

acl_smtp_dkim = acl_check_dkim

...

acl_check_dkim:

  defer         sender_domains  = gmail.com
                dkim_signers    = gmail.com
                dkim_status     = none:invalid:fail
                log_message     = message must have a valid DKIM signature
                message         = try again later

accept

debug log generated with -d+all -bhc 89.222.154.118 (real domain name screened
for corp security, sorry):

13:43:04 66034 >>Generated Received: header line
13:43:04 66034 P Received: from [89.222.154.118] (helo=foo)
13:43:04 66034  by mx-2.example.com with smtp (Exim)
13:43:04 66034  message id 1NA1rB-000HB4-Mk
13:43:04 66034  for a.degtyarev@???; Mon, 16 Nov 2009 13:43:04 +0000
13:43:04 66034 expanding: $dkim_signers
13:43:04 66034    result:
13:43:04 66034 SMTP>> 550 Administrative prohibition
550 Administrative prohibition
13:43:04 66034 LOG: MAIN REJECT
13:43:04 66034   H=(foo) [89.222.154.118] rejected DKIM : ╨
13:43:04 66034 smtp_setup_msg entered

Messages with valid DKIM signature processed ok. The mail server was running
for a long time (before upgrade) well and the mail recieved and processed
correct. All I done is binary upgrade from 4.69 to 4.70 and add configure
parameters above.

Eximstats shows that rejects in even more strange manner:

3 Rejected DKIM: <BA>^A
2 Rejected DKIM: x<E6>A

Am I missed something?

# exim -d
Exim version 4.70 (FreeBSD 7.2) uid=0 gid=0 pid=66605 D=fbb95cfd
Berkeley DB: Berkeley DB 4.7.25: (May 15, 2008)
Support for: crypteq iconv() IPv6 use_setclassresources PAM Perl Expand_dlfunc OpenSSL Content_Scanning DKIM Old_Demime Experimental_SPF Experimental_DCC
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm nis nis0 passwd
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
OpenSSL compile-time version: OpenSSL 0.9.8e 23 Feb 2007
OpenSSL runtime version: OpenSSL 0.9.8e 23 Feb 2007

--
Alexey V. Degtyarev

This message is part of the following thread:
	the complete thread tree sorted by date

	Tom Kistner at