Re: [exim] Possible DKIM issue query

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJeremy Harris at <-
MJeremy Harris at ->
Delete this message
Reply to this message
Author: Dave Mal
Date:  
To: exim-users
Subject: Re: [exim] Possible DKIM issue query
On 07/10/2022 12:12, Jeremy Harris via Exim-users wrote:
> I don't think either of those should matter.
> Suggest enabling targeted debug for these domains, using ACL
> control=debug,
> probably best in RCPT ACL.  You'll want at least the acl and dns debug
> categories.
> In the debug output find that "failed key import" being logged,
> and look at the processing leading up to it.
>
This helped a lot! - Thank You

its showing the following in that debug output:


DNS lookup of s1._domainkey.sendgrid.com. (TXT) gave TRY_AGAIN
s1._domainkey.sendgrid.com. in dns_again_means_nonexist? no (option unset)
returning DNS_AGAIN
LOG: MAIN
  PDKIM: d=sendgrid.com s=s1 [failed key import]
PDKIM [sendgrid.com] rsa-sha256 signature status: PDKIM_VERIFY_INVALID
(PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE)


I'm guessing that the most important here is the "TRY_AGAIN" part

Is that down to a broken resolver on my part ? i.e. system resolver or
something in exim I'm missing
or is that down to my host?

My resolve.conf is set by my host to use their in house resolvers



> Not sure what you mean by "turn down".
> Obviously you could avoid doing dkim verification.
>
Yes, this is what i meant; to turn it off entirely
I feel this would be an option as spamassassin is also verifying the
DKIM (pass) when it does its check.




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Possible DKIM issue queryRe: [exim] Possible DKIM issue query->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)