From: Todd L. <tl...@iv...> - 2010-09-27 16:06:35
|
On Mon, Sep 27, 2010 at 12:30 AM, alf...@ya... <alf...@ya...> wrote: > Thanks Todd, > In fact everywhere it says example.com should say zaaam.com. I edited the > email and replaced all zaaam by example. > The problem is not there :( Ok, but I'll mention that when you obfuscate things like that, you make it impossible for us to diagnose and see the real problem. If you're obfuscating in the future, please announce it so that we will know to overlook that. Hmmm, postfix, don't really have any experience with milters and postfix, so you'll have to ask others for more help. One thing that I do see that is really weird is this: CentOS48[root@smtp4 mail]# dig +trace -t txt mail._domainkey.zaaam.com 2>&1 | grep mail._domainkey | grep -v txt mail._domainkey.zaaam.com. 0 IN NS WlVRXnlaUoaZ._domainkey.zaaam.com. CentOS48[root@smtp4 mail]# dig +trace -t txt mail._domainkey.zaaam.com 2>&1 | grep mail._domainkey | grep -v txt mail._domainkey.zaaam.com. 0 IN NS OZQZRVjdXoPK._domainkey.zaaam.com. CentOS48[root@smtp4 mail]# dig +trace -t txt mail._domainkey.zaaam.com 2>&1 | grep mail._domainkey | grep -v txt mail._domainkey.zaaam.com. 0 IN NS UcimUfdKNjjV._domainkey.zaaam.com. CentOS48[root@smtp4 mail]# dig +trace -t txt mail._domainkey.zaaam.com 2>&1 | grep mail._domainkey | grep -v txt mail._domainkey.zaaam.com. 0 IN NS TkdiOKUSSeim._domainkey.zaaam.com. I'm not saying that's what is wrong, but it sure is very odd. If I query your two nameservers directly, I get the same strange results: CentOS48[root@smtp4 mail]# dig -t txt mail._domainkey.zaaam.com @ns25.domaincontrol.com ; <<>> DiG 9.2.4 <<>> -t txt mail._domainkey.zaaam.com @ns25.domaincontrol.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4691 ;; flags: qr cd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail._domainkey.zaaam.com. IN TXT ;; AUTHORITY SECTION: mail._domainkey.zaaam.com. 0 IN NS VYYiMQkZLYfc._domainkey.zaaam.com. I am going to guess that something in the DNS query that dkim-filter is doing is triggering the weird result above. This will probably require packet dumps of dns lookups going to your dns servers (or what dns lookups are coming from the mail server attempting to verify the signature). Overall, it looks like something in DNS is configured incorrectly at domaincontrol.com, or you are somehow unearthing a bug in their dns software. Googling, I found this: http://www.mail-archive.com/bin...@li.../msg06399.html ...which may not be related. > Should I remove dkim and install Opendkim then? I think you should consider using opendkim, yes, because it's a newer version with another year of development and improvements. You'll also find more people with milter/postfix experience and actual operation. However, I will also advise that if dkim-filter does not generate signatures that verify, that you will likely have the same problem with opendkim until you figure out what's wrong. -- Regards... Todd I seek the truth...it is only persistence in self-delusion and ignorance that does harm. -- Marcus Aurealius |