Autor: Dave Mal Datum: To: exim-users Betreff: Re: [exim] Possible DKIM issue query
On 07/10/2022 12:12, Jeremy Harris via Exim-users wrote: > I don't think either of those should matter.
> Suggest enabling targeted debug for these domains, using ACL
> control=debug,
> probably best in RCPT ACL. You'll want at least the acl and dns debug
> categories.
> In the debug output find that "failed key import" being logged,
> and look at the processing leading up to it.
> This helped a lot! - Thank You
its showing the following in that debug output:
DNS lookup of s1._domainkey.sendgrid.com. (TXT) gave TRY_AGAIN
s1._domainkey.sendgrid.com. in dns_again_means_nonexist? no (option unset)
returning DNS_AGAIN
LOG: MAIN
PDKIM: d=sendgrid.com s=s1 [failed key import]
PDKIM [sendgrid.com] rsa-sha256 signature status: PDKIM_VERIFY_INVALID
(PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE)
I'm guessing that the most important here is the "TRY_AGAIN" part
Is that down to a broken resolver on my part ? i.e. system resolver or
something in exim I'm missing
or is that down to my host?
My resolve.conf is set by my host to use their in house resolvers
> Not sure what you mean by "turn down".
> Obviously you could avoid doing dkim verification.
> Yes, this is what i meant; to turn it off entirely
I feel this would be an option as spamassassin is also verifying the
DKIM (pass) when it does its check.