Hi, I'll comment in-line. I am using zdkimfilter-1.2 , provided by gentoo ebuild/portage. Compiler is gcc 4.7.3
Thank you very much. ~A On 2013-07-24 11:13, Alessandro Vesely wrote: > Hi, > > On Wed 24/Jul/2013 00:17:17 +0200 Anders wrote: >> So, now comes to testing it all... To summarize, no mails are signed >> because I think that zdkimfilter can't find anything suitable to match >> domain/selector against. What can be the cause? > I think that's because you set RELAYCLIENT based on the IP address, > and have no authsender in the control file (a control record starting > with 'i'). The signing domain is derived from the user id, if it has > a '@'. Courier can work both ways, zdkimfilter should do so as well. I am using courier with virtual users mapped through mysql. The full email address is the user name. What is a control record, and where/how do I find how they are created and looks like? > >> I have a test.mail file >> ====================== >> Message-ID: <51eee029.8070...@lechevalier.se> >> Date: Tue, 23 Jul 2013 21:57:29 +0200 >> From: Anders <and...@lechevalier.se> >> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 >> Thunderbird/17.0.7 >> MIME-Version: 1.0 >> To: anders <crimsoncott...@gmail.com> >> Subject: test >> Content-Type: text/plain; charset=ISO-8859-1; format=flowed >> Content-Transfer-Encoding: 7bit >> >> test >> ====================== >> >> I run "dkimsign test.mail" and get the following output: >> ====================== >> WARN: zfilter: zdkimfilter[27853]:Mismatched library versions: >> compile=0X2020200 link=0X2080400 > (That warning is due to a mismatch between libopendkim-dev and the > actual libopendkim library. It might cause hiccups when verifying > signatures --not the current issue. OK, does this happen at compile time, or is it something predefined by zdkimfiler code? Looks like it was compiled against opendkim 2.2.2, but I actually have only opendkim 2.8.4 installed (Gentoo mail-filter/opendkim-2.8.4). ======================== # ls -l /usr/lib64/libopendkim* lrwxrwxrwx 1 root root 20 Jul 24 12:51 /usr/lib64/libopendkim.so -> libopendkim.so.9.0.1 lrwxrwxrwx 1 root root 20 Jul 24 12:51 /usr/lib64/libopendkim.so.9 -> libopendkim.so.9.0.1 -rwxr-xr-x 1 root root 136200 Jul 24 12:50 /usr/lib64/libopendkim.so.9.0.1 ======================== I did notice a segmentation fault with courier/zdkimfilter once I have started with filterctl. It happens on every received email: ======================== Jul 24 13:09:14 e350 courieresmtpd: started,ip=[::ffff:216.34.181.88] Jul 24 13:09:17 e350 courierfilter: zdkimfilter[13997]: started child Jul 24 13:09:17 e350 courieresmtpd: error,relay=::ffff:216.34.181.88,from=<courier-users-boun...@lists.sourceforge.net>: 432 Mail filters temporarily unavailable. Jul 24 13:09:17 e350 submit: Bad file descriptor Jul 24 13:09:17 e350 submit: Connection closed when processing: Jul 24 13:09:17 e350 courierfilter: zdkimfilter[13997]:reading 2 names completed by first call Jul 24 13:09:17 e350 courierfilter: zdkimfilter[13997]:id=0000000000C804F7.0000000051EFB5DC.000036A7: verifying dkim_eoh: No signature (stat=2) ======================== ...and kernel log ======================== [2329247.997445] zdkimfilter[12231]: segfault at e ip 00007f41ffb36411 sp 00007fff9d08ce00 error 4 in libopendkim.so.9.0.1[7f41ffb25000+20000] [2329937.290754] zdkimfilter[13997]: segfault at e ip 00007f41ffb36411 sp 00007fff9d08ce00 error 4 in libopendkim.so.9.0.1[7f41ffb25000+20000] ======================== > >> INFO: zfilter: zdkimfilter: running for dkimsign on 1 ctl + 1 mail files >> INFO: zfilter: zdkimfilter[27854]: started child >> DEBUG: zfilter: zdkimfilter[27854]:reading 2 names completed by first call >> INFO: zfilter: zdkimfilter[27854]:id=dkimsign: not signing for >> postmaster: no domain >> INFO: zfilter: zdkimfilter[27854]:id=dkimsign: response: 250 not filtered. >> ====================== >> What is the mismatched library versions? >> dkimsign doesn't see the domain in FROM: or Message-ID: fields. Is this >> normal? >> >> I run "dkimsign --domain lechevalier.se test.mail" > Yes, dkimsign needs the domain to create a control file similar to > those supplied by Courier. OK, so all seems OK so far then? > >> zdkimfilter.conf: >> ====================== >> all_mode = Y >> verbose = 8 >> domain_keys = /etc/courier/filters/keys >> selector = s >> ====================== > That looks fine. A default_domain = lechevalier.se would be needed > only if it is needed for Courier too. That is, if your Courier user > id is "anders" rather than "and...@lechevalier.se". No, default domain would not work since courier is providing email for several different domain names. But, each user must login with the full email address. Login is over TLS or SSL connection. > >> I have a symlink /etc/courier/filters/keys/lechevalier.se -> s.private > Correct. > >> So, when sending emails, I get only the following in my mail log: >> ====================== >> Jul 24 00:09:42 e350 courierfilter: zdkimfilter[29197]: started child >> Jul 24 00:09:42 e350 courierfilter: zdkimfilter[29197]:reading 2 names >> completed by first call >> Jul 24 00:09:42 e350 courierfilter: >> zdkimfilter[29197]:id=0000000000C81E83.0000000051EEFF26.0000720B: >> response: 250 not filtered. >> ====================== >> >> I'm at a loss now what could be the root cause here. How can I debug >> this problem? It seems as the verbosity in the log is too low, even >> though I have verbosity=8. > You should have got at least a "not signing for /user id/: no > /something/" message if it had entered signing mode. That's why I > think you don't authenticate on sending. Please confirm that. I'll > add a message for that case anyway. No all users must authenticate to be able to send emails (relaying denied otherwise). It could be that my courier config is completely wrong, should I post it here? In that case, which of the config files are interresting for you? Output from sending a test email from and...@lechevalier.se to crimsoncott...@gmail.com. At least "from=" is clearly defined in the log file. zdkimfilter is turned off. ==================== Jul 24 13:33:33 e350 courierd: newmsg,id=0000000000C804F7.0000000051EFBB8D.00004626: dns; [IPv6:2001:16d8:ff02:0:3d19:ef23:9df5:18fe] ([2001:16d8:ff02:0:3d19:ef23:9df5:18fe]) Jul 24 13:33:33 e350 courierd: started,id=0000000000C804F7.0000000051EFBB8D.00004626,from=<and...@lechevalier.se>,module=esmtp,host=gmail.com,addr=<crimsoncott...@gmail.com> Jul 24 13:33:33 e350 courierd: Waiting. shutdown time=none, wakeup time=none, queuedelivering=1, inprogress=1 Jul 24 13:33:34 e350 courieresmtp: id=0000000000C804F7.0000000051EFBB8D.00004626,from=<and...@lechevalier.se>,addr=<crimsoncott...@gmail.com>: 250 2.0.0 OK 1374665609 g5si1547113laa.79 - gsmtp Jul 24 13:33:34 e350 courieresmtp: id=0000000000C804F7.0000000051EFBB8D.00004626,from=<and...@lechevalier.se>,addr=<crimsoncott...@gmail.com>,size=630,success: delivered: gmail-smtp-in.l.google.com [173.194.71.26] Jul 24 13:33:34 e350 courieresmtp: id=0000000000C804F7.0000000051EFBB8D.00004626,from=<and...@lechevalier.se>,addr=<crimsoncott...@gmail.com>,size=630,status: success Jul 24 13:33:34 e350 courierd: completed,id=0000000000C804F7.0000000051EFBB8D.00004626 Jul 24 13:33:34 e350 courierd: Waiting. shutdown time=Wed Jul 24 13:45:45 2013, wakeup time=Wed Jul 24 13:45:45 2013, queuedelivering=0, inprogress=0 ==================== This is doing a simple "echo test | mail -s testmail crimsoncott...@gmail.com" as root user: ==================== Jul 24 13:37:01 e350 courierd: newmsg,id=0000000000C804F7.0000000051EFBC5D.00004851: dns; localhost (localhost [127.0.0.1]) Jul 24 13:37:01 e350 courierd: started,id=0000000000C804F7.0000000051EFBC5D.00004851,from=<root@e350>,module=esmtp,host=gmail.com,addr=<crimsoncott...@gmail.com> Jul 24 13:37:01 e350 courierd: Waiting. shutdown time=none, wakeup time=none, queuedelivering=1, inprogress=1 Jul 24 13:37:02 e350 courieresmtp: id=0000000000C804F7.0000000051EFBC5D.00004851,from=<root@e350>,addr=<crimsoncott...@gmail.com>: 250 2.0.0 OK 1374665817 r4si16184921lbw.103 - gsmtp Jul 24 13:37:02 e350 courieresmtp: id=0000000000C804F7.0000000051EFBC5D.00004851,from=<root@e350>,addr=<crimsoncott...@gmail.com>,size=328,success: delivered: gmail-smtp-in.l.google.com [173.194.71.26] Jul 24 13:37:02 e350 courieresmtp: id=0000000000C804F7.0000000051EFBC5D.00004851,from=<root@e350>,addr=<crimsoncott...@gmail.com>,size=328,status: success Jul 24 13:37:02 e350 courierd: completed,id=0000000000C804F7.0000000051EFBC5D.00004851 Jul 24 13:37:02 e350 courierd: Waiting. shutdown time=Wed Jul 24 13:45:45 2013, wakeup time=Wed Jul 24 13:45:45 2013, queuedelivering=0, inprogress=0 ==================== > ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users