Hello Phil, On Mon, 21 Nov 2016 23:00:47 +0000 Phil Pennock wrote:
> On 2016-11-21 at 17:44 +0900, Christian Balzer wrote: > > To wit, the record had "v=DKIM1\\\; k=rsa\\\; ..." in it, instead of a > > single backslash. > > The people responsible are being taken out to the backyard for creative > > lead catching courses. > > > > Again, I might have spotted this earlier if Exim itself wouldn't have been > > totally happy to ignore the extra garbage and concentrate on the actual > > yummy contents. > > Are you sure that Exim ever saw this? > Yup. > The MTA which _signs_ the message doesn't look in DNS to do so; it just > uses the keyfile (with private key) on disk, and configuration. > > The MTA which _receives_ a message looks in DNS for the public keys. > Quite aware of this, 20+ years Exim user and large scale operator. ^_^ > Unless you've looked in the logs for MTAs for other domains receiving > email from yours, your own MTA's logs won't tell you much because they > never really look at that record in DNS. > MUAs and MXs are totally separate entities here, with distinct configurations. So yes, I did send a test mail from the domain in question to my main address above and the MX did log this with a happy "[verification succeeded]" entry. > If you have signs of Exim doing this, please file a bug-report: a > `v=DKIM1\` value (after de-escaping) should be ignored. > Will do, sure as hell will have to reset my bugzilla PW, my last Exim bug report was 7 years ago. > While there's no need to have Exim check DNS needlessly for outbound > messages, and stuff like selectors makes it hard to statically check, I > wonder if it's worth a `-d+dns` debug output on the SMTP transport when > signing with DKIM, to do the DNS lookup and check for a match (and WARN > LOUDLY if it doesn't match). That seems fair to me. > Sounds fine for testing purposes, wouldn't have saved my bacon in this particular case of course. Christian > Jeremy? > > -Phil > -- Christian Balzer Network/Systems Engineer ch...@gol.com Global OnLine Japan/Rakuten Communications http://www.gol.com/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/