Re: [exim] Possible DKIM issue query

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Dave Mal
Datum:  
To: exim-users
Betreff: Re: [exim] Possible DKIM issue query
On 07/10/2022 12:12, Jeremy Harris via Exim-users wrote:
> I don't think either of those should matter.
> Suggest enabling targeted debug for these domains, using ACL
> control=debug,
> probably best in RCPT ACL.  You'll want at least the acl and dns debug
> categories.
> In the debug output find that "failed key import" being logged,
> and look at the processing leading up to it.
>

This helped a lot! - Thank You

its showing the following in that debug output:


DNS lookup of s1._domainkey.sendgrid.com. (TXT) gave TRY_AGAIN
s1._domainkey.sendgrid.com. in dns_again_means_nonexist? no (option unset)
returning DNS_AGAIN
LOG: MAIN
  PDKIM: d=sendgrid.com s=s1 [failed key import]
PDKIM [sendgrid.com] rsa-sha256 signature status: PDKIM_VERIFY_INVALID
(PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE)


I'm guessing that the most important here is the "TRY_AGAIN" part

Is that down to a broken resolver on my part ? i.e. system resolver or
something in exim I'm missing
or is that down to my host?

My resolve.conf is set by my host to use their in house resolvers



> Not sure what you mean by "turn down".
> Obviously you could avoid doing dkim verification.
>

Yes, this is what i meant; to turn it off entirely
I feel this would be an option as spamassassin is also verifying the
DKIM (pass) when it does its check.