On 7/1/2016 8:04 PM, Jasen Betts wrote:
> On 2016-07-01, Rob Szarka <szlists@???> wrote:
>> On 7/1/2016 10:22 AM, jgh wrote:
>>> OK. So then when verify is invoked you should (given the right debug flags) see the onward SMTP conversation up to the RCPT acceptance, and (I think) a mention of holding the connection open for cutthrough?
>>>
>> In one test with a different address, I did get this message:
>>
>> Cutthrough cancelled by presence of DKIM signing
> you have to turn off all dkim features that access the email data
> (including headers) to use cutthru.
>
I'm not sure I understand. I do have DKIM set up for signing some
domains, but the sender domain that triggered the above cancelling of
cutthrough is not one of them. In other words, I have this in my config:
#1.0
dkim_domain = $sender_address_domain
dkim_selector = x
dkim_private_key = ${if
exists{/etc/virtual/$sender_address_domain/dkim.private.key}{/etc/virtual/$sender_address_domain/dkim.private.key}{0}}
dkim_canon = relaxed
dkim_strict = 0
But
/etc/virtual/$sender_address_domain/dkim.private.key}{/etc/virtual/$sender_address_domain
did not exist. So, first of all, I'm confused about why exim was trying
to sign the message! But, that issue aside, this is not relevant to the
actual relay traffic I want the cutthrough to work for, which is for a
domain that is not hosted on this server. And I don't see any indication
that, for this traffic (live or in testing), exim is trying to dkim sign
the message. (I certainly don't get this same "Cutthrough cancelled"
message.)
Thinking maybe you meant that dkim verification might be the issue, I
revised the relevant acl block to this:
accept domains = +relay_domains
endpass
logwrite = DEBUG made it to this acl
control = dkim_disable_verify
verify = recipient/callout=use_sender
But I don't see that making any difference.
Am I missing something?
(Really appreciate all the help on this, BTW! Learning a lot from you
guys, even though none of it has solved my problem yet.)
--
Rob Szarka
http://szarka.org/