Hi,
When I try to use the 4.71 dkim-signing functionality to sign
messages, the connection is lost when Exim sends the data to the
remote host. I've tried sending to gmail (debug output below) and
also to a server of my own that is definitely not doing any DKIM
checking. The DKIM DNS entry isn't setup for this domain, but IIUC
that shouldn't be necessary for the signing process, only the
validation process.
Can anyone shed any light on what I'm doing wrong?
Thanks,
Tony
Transport configuration (the domain, selector and private key are
actually MySQL lookups, but those work correctly):
remote_smtp:
debug_print = "T: remote_smtp for $local_part@$domain"
driver = smtp
dkim_domain = spamexperts.com
dkim_selector = testing
dkim_private_key = XXXXXXXX
dkim_strict = true
Debug output (with the certificate and lookups hidden a bit):
24282 delivering 1NIV7o-0006JM-8J to ASPMX2.GOOGLEMAIL.com
[209.85.135.27] (tony@???)
24282 set_process_info: 24282 delivering 1NIV7o-0006JM-8J to
ASPMX2.GOOGLEMAIL.com [209.85.135.27] (tony@???)
24280 set_process_info: 24280 delivering 1NIV7o-0006JM-8J: waiting for
a remote delivery subprocess to finish
24280 selecting on subprocess pipes
24282 Connecting to ASPMX2.GOOGLEMAIL.com [209.85.135.27]:25 ... connected
24282 waiting for data on socket
24282 read response data: size=42
24282 SMTP<< 220 mx.google.com ESMTP w5si749815mue.22
24282 209.85.135.27 in hosts_avoid_esmtp? no (option unset)
24282 SMTP>> EHLO server1.devtrunk.simplyspamfree.com
24282 waiting for data on socket
24282 read response data: size=126
24282 SMTP<< 250-mx.google.com at your service, [188.40.178.34]
24282 250-SIZE 35651584
24282 250-8BITMIME
24282 250-ENHANCEDSTATUSCODES
24282 250 PIPELINING
24282 209.85.135.27 in hosts_require_tls? no (option unset)
24282 209.85.135.27 in hosts_avoid_pipelining? no (option unset)
24282 using PIPELINING
24282 209.85.135.27 in hosts_require_auth? no (option unset)
24282 SMTP>> MAIL FROM:<tony@???> SIZE=1833
24282 SMTP>> RCPT TO:<tony@???>
24282 SMTP>> DATA
24282 waiting for data on socket
24282 read response data: size=31
24282 SMTP<< 250 2.1.0 OK w5si749815mue.22
24282 waiting for data on socket
24282 read response data: size=63
24282 SMTP<< 250 2.1.5 OK w5si749815mue.22
24282 SMTP<< 354 Go ahead w5si749815mue.22
24282 SMTP>> writing message and terminating "."
24282 writing data block fd=7 size=813 timeout=300
24282 search_open: mysql "NULL"
24282 search_find: file="NULL"
24282 key="SELECT dkim_selector XXX" partial=-1 affix=NULL starflags=0
24282 LRU list:
24282 internal_search_find: file="NULL"
24282 type=mysql key="SELECT dkim_selector XXX"
24282 database lookup required for SELECT dkim_selector XXX
24282 MySQL query: SELECT dkim_selector XXX
24282 MYSQL new connection: host=localhost port=0 socket=NULL
database=mx user=exim
24282 lookup yielded: testing
24282 search_open: mysql "NULL"
24282 cached open
24282 search_find: file="NULL"
24282 key="SELECT certificate XXX" partial=-1 affix=NULL starflags=0
24282 LRU list:
24282 internal_search_find: file="NULL"
24282 type=mysql key="SELECT certificate XXX"
24282 database lookup required for SELECT certificate XXX
24282 MySQL query: SELECT certificate XXX
24282 MYSQL using cached connection for localhost/mx/exim
24282 lookup yielded: -----BEGIN CERTIFICATE-----XXX=-----END CERTIFICATE-----
24282
PDKIM >> Hashed body data, canonicalized >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Ths{SP}is{SP}atest.{CR}{LF}PDKIM
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM [spamexperts.com] Body bytes hashed: 15
PDKIM [spamexperts.com] bh computed:
26054105837d58c20fa7cf59c6d54d281113407ea09f82baad61d6520a46387f
PDKIM >> Hashed header data, canonicalized, in sequence >>>>>>>>>>>>>>
message-id:<E1NIV7o-0006JM-8J@???>{CR}{LF}
from:tony@???{CR}{LF}
subject:test{CR}{LF}
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM >> Signed DKIM-Signature header, canonicalized >>>>>>>>>>>>>>>>>
dkim-signature:v=1;{SP}a=rsa-sha256;{SP}q=dns/txt;{SP}c=relaxed/relaxed;{SP}d=spamexperts.com;{SP}s=testing;{SP}h=Message-ID:From:Subject;{SP}bh=JgVBBYN9WMIPp89ZxtVNKBETQH6gn4K6rWHWUgpGOH8=;{SP}b=;
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM [spamexperts.com] hh computed:
acd4376f8bf24154fda23fd565e5d56772c5f2a941f987ba8ee6b1c9554cd42f
24282 ok=0 send_quit=0 send_rset=1 continue_more=0 yield=1 first_address is NULL
24282 LOG: MAIN
24282 Remote host ASPMX2.GOOGLEMAIL.com [209.85.135.27] closed
connection in response to sending data block
24282 set_process_info: 24282 delivering 1NIV7o-0006JM-8J: just tried
ASPMX2.GOOGLEMAIL.com [209.85.135.27] for tony@???: result
DEFER
mainlog output for remote server (mine, not gmail's, obviously):
2009-12-09 23:44:51 SMTP connection from
server1.devtrunk.simplyspamfree.com [188.40.178.34] lost while reading
message data (header)
mainlog output for sending server when not in debug mode:
2009-12-09 23:58:31 1NIVUH-0006TH-Tb Remote host
fallbackmx.spamexperts.com [78.46.212.49] closed connection in
response to sending data block
Exim version:
Exim version 4.71 #1 built 09-Dec-2009 07:44:54
Copyright (c) University of Cambridge, 1995 - 2007
Berkeley DB: Berkeley DB 4.6.21: (September 27, 2007)
Support for: crypteq iconv() Expand_dlfunc OpenSSL Content_Scanning
DKIM Experimental_SPF Experimental_SRS
Lookups: lsearch wildlsearch nwildlsearch iplsearch dbm dbmnz dnsdb mysql
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir autoreply pipe smtp
Fixed never_users: 0
Size of off_t: 8
OpenSSL compile-time version: OpenSSL 0.9.8g 19 Oct 2007
OpenSSL runtime version: OpenSSL 0.9.8g 19 Oct 2007