Re: [exim] dkim error in paniclog

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Jethro R Binks
Dátum:  
Címzett: exim-users
Új témák: Re: [exim] *Suspect* Re: dkim error in paniclog
Tárgy: Re: [exim] dkim error in paniclog
On Thu, 17 Dec 2009, Kerstin Espey wrote:

> > after upgrading to exim 4.71 we get the following error in paniclog:
> >
> > 2009-12-02 22:06:05 1NFwOj-0005JP-2X DKIM: Error while running this message
> > through validation, disabling signature verification.
> > 2009-12-03 00:36:35 1NFykN-0007Js-6B DKIM: Error while running this message
> > through validation, disabling signature verification.
> > 2009-12-03 01:01:03 1NFz83-0001RP-9U DKIM: Error while running this message
> > through validation, disabling signature verification.
> >
>
> Still no one else with this error?


Sorry, yes, I get it too, but I don't have anything much to offer.

That's not strictly true, I did start to write something about this and
other issues but not sent it. Made some documentation comments in
bugzilla.

> We now have a list of 17 IP addresses, which do often trigger the error.
> It looks like it depends on the sender address, if we get the error or
> not. I have done a tcpdump for some of these ip, and passed the data to
> exim with debugging mode enabled. No error occurs.
>
> The mails I have seen so far, are sent from qmail-servers. But I'm not
> sure if this is always the case. They don't have any dkim-header, but a
> header "DomainKey-Status: no signature". All of them seem to be
> newsletters.


I had added to data acl:

  warn
         condition = ${if def:h_dkim-signature:}
       log_message = Recording DKIM-Signature: $h_dkim-signature


but it didn't record anything for these failing messages. I hadn't got
any further, so your comment about "DomainKey-Status: no signature" was
news to me, and maybe explains why I get nothing logged.

Here are the hosts I see:

H=(mail.vgpharma.com) [61.129.51.38]
H=(smtp.outsourcingprofessional.org) [216.139.217.166]
H=(xbadon.info) [86.104.195.114]
H=(xbutcher.info) [86.104.195.85]
H=(xcarland.info) [86.104.195.81]
H=(xcostello.info) [86.104.195.90]
H=(xelizondo.info) [86.104.195.64]
H=(xforcier.info) [86.104.195.108]
H=(xheloise.info) [86.104.195.91]
H=(xhendrich.info) [86.104.195.109]
H=(xhoaglin.info) [86.104.195.117]
H=(xhuberty.info) [86.104.195.94]
H=(xjanet.info) [86.104.195.103]
H=(xlemley.info) [86.104.195.68]
H=(xmazzarella.info) [86.104.195.92]
H=(xrueth.info) [86.104.195.69]
H=(xshubin.info) [86.104.195.118]
H=(xspeigner.info) [86.104.195.97]
H=(xspruill.info) [86.104.195.106]
H=(xtingler.info) [86.104.195.80]
H=(xtwist.info) [86.104.195.84]
H=(xwhorton.info) [86.104.195.93]
H=81-179-28-156.dsl.pipex.com (office.scotwebshops.com)
H=ausc60ps301.us.dell.com [143.166.148.206]
H=chrome-onfofo.cccampaigns.net [81.92.121.144]
H=healthorbit.ca (server5131.internal.developersnetwork.com)
H=lv3-4.domainxyz.de [87.119.205.37]
H=mercure-ei.ccemails.net [81.92.123.8]
H=mercure-onei.ccemails.net [81.92.123.18]
H=mercure-sitw.ccemails.net [81.92.123.62]
H=n1-vm2.bullet.mail.sp2.yahoo.com [67.195.134.222]
H=n73b.bullet.mail.sp1.yahoo.com [98.136.45.46]
H=ns6618.ovh.net [87.98.222.132]
H=raspberry.hosteurope.com (raspberry.webfusion.co.uk)
H=snt0-omc2-s7.snt0.hotmail.com [65.55.90.82]
H=snt0-omc4-s35.snt0.hotmail.com [65.55.90.238]
H=theadventuristsmail.bucklehosting.com (mail.bucklehosting.com)

Hmm. Looking more closely at them, the yahoo ones are more suspicious.
Seemingly the validation error occurred but I also did record the
signature header, which I will send to Tom direct to take a look at.

Jethro.

. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK