Re: [exim] DKIM behavior change following a reboot

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MMichelle Pooley at <-
 
Delete this message
Reply to this message
Author: Todd Lyons
Date:  
To: Michelle Pooley
CC: exim-users@exim.org
Subject: Re: [exim] DKIM behavior change following a reboot
On Mon, Oct 1, 2012 at 5:06 PM, Michelle Pooley <mpooley@???> wrote:
> Hi,
>
> After some troubleshooting advice, hope someone has seen this before!
>
> We have Exim 4.71 on a Ubuntu 10.04 server that we use for shared hosting accounts. We rebooted all the servers in this system a few weeks ago, and since then the email server seems to be having a problem verifying DKIM for any email from Google's systems (googlemail.com, gmail.com etc.)
>
> 2012-09-22 10:30:00 1TFM2C-0001EU-JU DKIM: d=gmail.com s=20120113 c=relaxed/relaxed a=rsa-sha256 [verification succeeded]
> 2012-09-22 10:34:03 1TFM67-0001Je-4i DKIM: d=gmail.com s=20120113 c=relaxed/relaxed a=rsa-sha256 [verification succeeded]
> 2012-09-22 11:34:05 1TFN29-0003HJ-LG DKIM: d=gmail.com s=20120113 c=relaxed/relaxed a=rsa-sha256 [verification succeeded]
> 2012-09-22 12:14:10 1TFNel-0003oJ-Dt DKIM: d=gmail.com s=20120113 c=relaxed/relaxed a=rsa-sha256 [verification succeeded]
> 2012-09-22 12:28:14 1TFNsU-0004YD-0H DKIM: d=gmail.com s=20120113 c=relaxed/relaxed a=rsa-sha256 [verification succeeded]
> 2012-09-22 16:24:59 1TFQqK-0000w5-Om DKIM: d=gmail.com s=20120113 c=relaxed/relaxed a=rsa-sha256 [invalid - public key record (currently?) unavailable]
> 2012-09-22 16:34:35 1TFQzS-0001rY-Mf DKIM: d=gmail.com s=20120113 c=relaxed/relaxed a=rsa-sha256 [invalid - public key record (currently?) unavailable]
> 2012-09-22 16:35:56 1TFR0v-0001v9-B4 DKIM: d=gmail.com s=20120113 c=relaxed/relaxed a=rsa-sha256 [invalid - public key record (currently?) unavailable]
> 2012-09-22 16:47:51 1TFRCS-0002OL-7P DKIM: d=gmail.com s=20120113 c=relaxed/relaxed a=rsa-sha256 [invalid - public key record (currently?) unavailable]

Possiblities:
1. Something about your server(s) DNS resolution has changed.
2. Something about the resolver your servers use has changed.
3. Something about a firewall doing packet inspection between your
server(s)/resolver and the outside world has changed. (Check for Cisco
ASA doing dns fixup...though it's not called that any more, the name
escapes me).

> Users on this system have noticed that emails from Gmail are repeatedly being delivered locally (remote id is the same each time). Can anyone explain why this is happening? Our support guys have spent some hours checking but there is very little information about this particular error. It worked fine before the reboot, and no config changes have been made to Exim.

I do agree, it sounds like something outside of Exim. What else was
going on in this presumed maintenance window that Exim mail servers
were restarted?

...Todd
--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Strange behaviour using non default port in remote smtpRe: [exim] Strange behaviour using non default port in remote smtp->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)