Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

2019-10-26 Thread Jason Hirsh 
You actually got me on right track.  Peeled back the onion abit to how OpenDkim 
was being started

I looked in more depth at start up script used  by rc.cof.It was looking 
for a opendkim.conf in /usr/local/etc/mail not /usr/local/etc/opemdkim

Copied opedkim.conf back that and all is good


There is a mystery how opendkim started with out its conf file but ai issue it 
used defaults and thus the fault

Thanks to all and sorry for polluting the mailing list

Jason

> On Oct 25, 2019, at 4:12 PM, Fazzina, Angelo  wrote:
> 
> Hi again,
> Maybe this will help you trouble shoot where the misconfiguration is  ?
> 
> Hi, here's my signing table
> [root@mta5 opendkim]# more SigningTable  |grep -v "#"
> 
> 
> *@appmail.uconn.edu dkim1._domainkey.mta5.uits.uconn.edu 
> 
> *@uconn.edu dkim1._domainkey.mta5.uits.uconn.edu 
> 
> *@uits.uconn.edu dkim1._domainkey.mta5.uits.uconn.edu 
> 
> *@mta5.uits.uconn.edu dkim1._domainkey.mta5.uits.uconn.edu 
> 
> *@localhost dkim1._domainkey.mta5.uits.uconn.edu 
> 
> 
>

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

2019-10-25 Thread Jason Hirsh 
The thing is … that isn an INCOMING not an outgoing email..   Maybe its is 
failing a DKIM test for incoming


I can’t seem to get OpenDKIM to sign my OUTGOING

> On Oct 25, 2019, at 1:17 PM, Fazzina, Angelo  > wrote:
> 
>  
> From what I can tell the DNS record was not found.
>  
> Oct 23 18:26:14 triggerfish opendkim[5845]: E0C34CB4A69: key retrieval failed 
> (s=zendesk1, d=lightandmotion.com 
> ):
>  'zendesk1._domainkey.lightandmotion.com 
> '
>  record not found
>  
> And I can’t find it…..
>  
> [root@exa02dbadm01 ~]# dig -t txt zendesk1._domainkey.lightandmotion.com 
> 
>  
> ; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> -t txt 
> zendesk1._domainkey.lightandmotion.com 
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33283
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>  
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;zendesk1._domainkey.lightandmotion.com 
> .IN TXT
>  
> ;; AUTHORITY SECTION:
> lightandmotion.com . 10800   IN  SOA 
> dns042.a.register.com . root.register.com 
> . 2019021518 28800 7200 604800 14400
>  
> ;; Query time: 65 msec
> ;; SERVER: 137.99.25.14#53(137.99.25.14)
> ;; WHEN: Fri Oct 25 13:12:38 EDT 2019
> ;; MSG SIZE  rcvd: 126
>  
>  
>  
> -ANGELO FAZZINA
>  
> ang...@uconn.edu 
> University of Connecticut,  ITS, SSG, Server Systems
> 860-486-9075
>

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

2019-10-25 Thread Christian Kivalo 



On October 25, 2019 9:58:28 PM GMT+02:00, Jason Hirsh  wrote:
>I am getting entries in my maiillog, but only in regards to OpenDKIM
>working to verify INCOMING
>These are clearly entries from OpenDKIM.  There is nothing
>corresponding for actions relative to outgoing mail
What happens when you comment the ExternalIgnoreList and InternalHost settings 
in opendkim.conf, restart the service and send a test mail originating from one 
of the domains you're trying to sign?
What do the logs show?

My opendkim.conf has refile: prefix also for the KeyTable option. 

Regards
Christian
-- 
Christian Kivalo

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

2019-10-25 Thread Jason Hirsh 
I am getting entries in my maiillog, but only in regards to OpenDKIM working to 
verify INCOMING
These are clearly entries from OpenDKIM.  There is nothing corresponding for 
actions relative to outgoing mail

Jason

> On Oct 25, 2019, at 3:52 PM, Christian Kivalo  
> wrote:
> 
> On October 25, 2019 6:52:52 PM GMT+02:00, Jason Hirsh  wrote:
>> I have gone over my configuration with a fine tooth comb, but
>> considering I put them together it is not surprising I can’t spot
>> anything
>> 
>> 
>> O have been trying to locate opendkim action in my log file.  It
>> appears that that the  mail is being reviewed but now header added
> 
> You should revert to non debug logging for postfix as it makes it extremely 
> hard to discover the relevant log messages. 
> 
> I have the same opendkim config with regard to the Syslog, SyslogSuccess, 
> Logwhy  options
> 
> My opendkim logs show up in mail.log and syslog as that's how rsyslog in 
> Debian is configured. Opendkim logs with the mail.* facility to syslog so 
> whatever syslog daemon you use it's configuration should tell you where the 
> logging can be found. 
> 
>> The thing that concerns me is the appearance of “dummy”
>> 
>> Any thoughts any one/?
>>> On Oct 24, 2019, at 11:29 AM, Jason Hirsh  wrote:
>>> 
>>> Thank you  for the quick response
>>> 
>>> 
>>> I am 99% certain they are…I had the OpenDkim running for about a week
>> and did not change those (I think0
>>> 
>>> Trusted Hosts
>>> 
>>> 127.0.0.1
>>> localhost
>>> example.com 
>>> example1.com 
>>> 
>>> 
>>> 
>>> KeyTable
>>> 
>>> default._domainkey.example.com
>> :default:/usr/local/etc/opendkim/keys/example.com.com/default.private
>> 
>>> default._domainkey.example1.com
>> :default:/usr/local/etc/opendkim/keys/example1.com/default.private
>> 
>>> 
>>> SigningTable
>>> 
>>> *@example.com default._domainkey.example.com
>> 
>>> *@example1.com default._domainkey.example1.com
>> 
>>> 
>>> In my maillog.  I did find something a little strange response to an
>> outgoing message
>>> 
>>> 
>>> Oct 23 18:26:14 triggerfish opendkim[5845]: E0C34CB4A69: key
>> retrieval failed (s=zendesk1, d=lightandmotion.com
>> ): 'zendesk1._domainkey.lightandmotion.com
>> ' record not found
>>> Oct 24 10:23:10 triggerfish opendkim[5845]: 9B3A8CB4A69:
>> s=verifier201208 d=port25.com  SSL 
>>> Oct 24 11:02:02 triggerfish opendkim[5845]: 93C75CB4A9A:
>> s=verifier201208 d=port25.com  SSL 
>>> Oct 24 11:18:43 triggerfish opendkim[5845]: 4AADACB4A99: key
>> retrieval failed (s=zendesk1, d=lightandmotion.com
>> ): 'zendesk1._domainkey.lightandmotion.com
>> ' record not found
>>> 
>>> Light and Motion was who the message was going to and has no presence
>> in my mail system
>>> 
>>> 
>>> Is this log entry a clue??
>>> 
>>> 
 On Oct 24, 2019, at 10:50 AM, Dominic Raferd
>> mailto:domi...@timedicer.co.uk>> wrote:
 
 On Thu, 24 Oct 2019 at 15:28, Jason Hirsh > > wrote:
> 
> I am trying to revive my OpenDKIM installation. I had it working
>> but managed to break it when I updated my ports.  It is running but not
>> signing outgoing messages
> 
> My main.cf configuration relative to OpenDkim is
> 
> smtpd_milters =  inet:localhost:8891
> non_smtpd_milters =  $smtpd_milters
> milter_default_action = accept
> 
> My OpenDkim.conf is
> 
> AutoRestart Yes
> AutoRestartRate 10/1h
> LogWhy  Yes
> Syslog  Yes
> SyslogSuccess   Yes
> Modesv
> Canonicalizationrelaxed/simple
> ExternalIgnoreList  refile:/usr/local/etc/opendkim/TrustedHosts
> InternalHosts   refile:/usr/local/etc/opendkim/TrustedHosts
> KeyTable/usr/local/etc/opendkim/KeyTable
> SigningTablerefile:/usr/local/etc/opendkim/SigningTable
> SignatureAlgorithm  rsa-sha256
> Socket  inet:8891@127.0.0.1 
> UMask   022
> UserID  opendkim:opendkim
> TemporaryDirectory  /var/tmp
> 
> As I stated it is running... But not signing from a test site...
> 
> Any thoughts would be appreciated
 
 Are files /usr/local/etc/opendkim/TrustedHosts, KeyTable and
 SigningTable set up correctly? Do you need to use KeyTable and
 SigningTable - this is a more complex setup; standard setup uses
 parameters Domain, Selector and KeyFile - see
 http://www.opendkim.org/opendkim-README
>>

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

2019-10-25 Thread Christian Kivalo 
On October 25, 2019 6:52:52 PM GMT+02:00, Jason Hirsh  wrote:
>I have gone over my configuration with a fine tooth comb, but
>considering I put them together it is not surprising I can’t spot
>anything
>
>
>O have been trying to locate opendkim action in my log file.  It
>appears that that the  mail is being reviewed but now header added

You should revert to non debug logging for postfix as it makes it extremely 
hard to discover the relevant log messages. 

I have the same opendkim config with regard to the Syslog, SyslogSuccess, 
Logwhy  options

My opendkim logs show up in mail.log and syslog as that's how rsyslog in Debian 
is configured. Opendkim logs with the mail.* facility to syslog so whatever 
syslog daemon you use it's configuration should tell you where the logging can 
be found. 

>The thing that concerns me is the appearance of “dummy”
>
>Any thoughts any one/?
>> On Oct 24, 2019, at 11:29 AM, Jason Hirsh  wrote:
>> 
>> Thank you  for the quick response
>> 
>> 
>> I am 99% certain they are…I had the OpenDkim running for about a week
>and did not change those (I think0
>> 
>> Trusted Hosts
>> 
>> 127.0.0.1
>> localhost
>> example.com 
>> example1.com 
>> 
>> 
>> 
>> KeyTable
>> 
>> default._domainkey.example.com
>:default:/usr/local/etc/opendkim/keys/example.com.com/default.private
>
>> default._domainkey.example1.com
>:default:/usr/local/etc/opendkim/keys/example1.com/default.private
>
>> 
>> SigningTable
>> 
>> *@example.com default._domainkey.example.com
>
>> *@example1.com default._domainkey.example1.com
>
>> 
>> In my maillog.  I did find something a little strange response to an
>outgoing message
>> 
>> 
>> Oct 23 18:26:14 triggerfish opendkim[5845]: E0C34CB4A69: key
>retrieval failed (s=zendesk1, d=lightandmotion.com
>): 'zendesk1._domainkey.lightandmotion.com
>' record not found
>> Oct 24 10:23:10 triggerfish opendkim[5845]: 9B3A8CB4A69:
>s=verifier201208 d=port25.com  SSL 
>> Oct 24 11:02:02 triggerfish opendkim[5845]: 93C75CB4A9A:
>s=verifier201208 d=port25.com  SSL 
>> Oct 24 11:18:43 triggerfish opendkim[5845]: 4AADACB4A99: key
>retrieval failed (s=zendesk1, d=lightandmotion.com
>): 'zendesk1._domainkey.lightandmotion.com
>' record not found
>> 
>> Light and Motion was who the message was going to and has no presence
>in my mail system
>> 
>> 
>> Is this log entry a clue??
>> 
>> 
>>> On Oct 24, 2019, at 10:50 AM, Dominic Raferd
>mailto:domi...@timedicer.co.uk>> wrote:
>>> 
>>> On Thu, 24 Oct 2019 at 15:28, Jason Hirsh > wrote:
 
 I am trying to revive my OpenDKIM installation. I had it working
>but managed to break it when I updated my ports.  It is running but not
>signing outgoing messages
 
 My main.cf configuration relative to OpenDkim is
 
 smtpd_milters =  inet:localhost:8891
 non_smtpd_milters =  $smtpd_milters
 milter_default_action = accept
 
 My OpenDkim.conf is
 
 AutoRestart Yes
 AutoRestartRate 10/1h
 LogWhy  Yes
 Syslog  Yes
 SyslogSuccess   Yes
 Modesv
 Canonicalizationrelaxed/simple
 ExternalIgnoreList  refile:/usr/local/etc/opendkim/TrustedHosts
 InternalHosts   refile:/usr/local/etc/opendkim/TrustedHosts
 KeyTable/usr/local/etc/opendkim/KeyTable
 SigningTablerefile:/usr/local/etc/opendkim/SigningTable
 SignatureAlgorithm  rsa-sha256
 Socket  inet:8891@127.0.0.1 
 UMask   022
 UserID  opendkim:opendkim
 TemporaryDirectory  /var/tmp
 
 As I stated it is running... But not signing from a test site...
 
 Any thoughts would be appreciated
>>> 
>>> Are files /usr/local/etc/opendkim/TrustedHosts, KeyTable and
>>> SigningTable set up correctly? Do you need to use KeyTable and
>>> SigningTable - this is a more complex setup; standard setup uses
>>> parameters Domain, Selector and KeyFile - see
>>> http://www.opendkim.org/opendkim-README
>.
>> 

-- 
Christian Kivalo

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

2019-10-25 Thread Jason Hirsh 
I am trying to get rid of the amount of background

I was pretty sure that OPenDKIM should be doing the hard lifting.The think 
that is throwing me for a loop  is the absence of any indication of it 
operating in conjunction with the outgoing mail in the mallow.  As show else 
where it is involved with INCOMING.

I have verified that ts process is running

opendkim 50261   0.0  0.1  25164  13000  -  Ss   10:45   0:00.23 
/usr/local/sbin/opendkim -l -p inet:8891@localhost -u opendkim:mailnull -P 
/var/run/milteropendkim/pid

Last week I had it running.  I had an issue with BIND which I corrected.. so I 
am 80% sure about the associated tables.

I was kind of hoping it was something simple and obvious.  So much for that idea

Thanks to all for the their time and efforts


> On Oct 25, 2019, at 2:55 PM, Wietse Venema  wrote:
> 
> Jason Hirsh:
>> I have gone over my configuration with a fine tooth comb, but considering I 
>> put them together it is not surprising I can?t spot anything
>> 
>> 
>> O have been trying to locate opendkim action in my log file.  It appears 
>> that that the  mail is being reviewed but now header added
>> 
> 
> I'm not encouraging you to post more logging here, but you might
> want to know that Milter content operations do not happen in smtpd,
> but in the cleanup daemon.
> 
> However, the real work happens in OpenDKIM. Postfix just sits between
> the queue file and OpenDKIM, moving bits fro one to the other and
> vice versa.
> 
>   Wietse

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

2019-10-25 Thread Wietse Venema 
Jason Hirsh:
> I have gone over my configuration with a fine tooth comb, but considering I 
> put them together it is not surprising I can?t spot anything
> 
> 
> O have been trying to locate opendkim action in my log file.  It appears that 
> that the  mail is being reviewed but now header added
> 

I'm not encouraging you to post more logging here, but you might
want to know that Milter content operations do not happen in smtpd,
but in the cleanup daemon.

However, the real work happens in OpenDKIM. Postfix just sits between
the queue file and OpenDKIM, moving bits fro one to the other and
vice versa.

Wietse
> 
> postfix/submission/smtpd[52375]: milter8_send: milter inet:localhost:8891
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
> milter_name = inet:localhost:8891
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
> milter_version = 6
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
> milter_actions = 273
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
> milter_events = 1050370
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
> milter_non_events = 0
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
> milter_state = 4
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
> milter_conn_timeout = 30
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
> milter_cmd_timeout = 30
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
> milter_msg_timeout = 300
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
> milter_action = accept
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
> milter_macro_list = 0
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup 
> socket: wanted attribute: dummy
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute 
> name: dummy
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute 
> value: (end)
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup 
> socket: wanted attribute: (list terminator)
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute 
> name: (end)
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup 
> socket: wanted attribute: dummy
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute 
> name: dummy
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute 
> value: (end)
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup 
> socket: wanted attribute: (list terminator)
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute 
> name: (end)
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup 
> socket: wanted attribute: status
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute 
> name: status
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute 
> value: 0
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup 
> socket: wanted attribute: (list terminator)
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute 
> name: (end)
> Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: > 
> c-73-150-178-106.hsd1.nj.comcast.net[73.150.178.106]: 354 End data with 
> .
> Oct 25 12:45:14 triggerfish postfix/cleanup[52466]: E7D08CB4AA4: 
> message-id=
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: public/cleanup 
> socket: wanted attribute: status
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: input attribute 
> name: status
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: input attribute 
> value: 0
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: public/cleanup 
> socket: wanted attribute: reason
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: input attribute 
> name: reason
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: input attribute 
> value: (end)
> Oct 25 12:45:15 triggerfish postfix/qmgr[52120]: E7D08CB4AA4: 
> from=, size=2250, nrcpt=1 (queue active)
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: public/cleanup 
> socket: wanted attribute: (list terminator)
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: input attribute 
> name: (end)
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: > 
> c-73-150-178-106.hsd1.nj.comcast.net[73.150.178.106]: 250 2.0.0 Ok: queued as 
> E7D08CB4AA4
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: abort all milters
> Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: milter8_abort: 
> abort milter inet:localhost:8891
> 
> The thing that concerns me is the appearance of ?dummy?
> 
> Any thoughts any one/?
> > On Oct 24, 2019, at 11:29 AM,

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

2019-10-25 Thread Jason Hirsh 
Ahh ..  Interesting I had not understood that

But I am still not signing ….

> On Oct 25, 2019, at 2:00 PM, Fazzina, Angelo  > wrote:
> 
> From your original email
>  
> Modesv
>  
>  
> You are verifying and signing so yes that seems to be the case as you 
> describe.
>  
> -ANGELO FAZZINA
>  
> ang...@uconn.edu 
> University of Connecticut,  ITS, SSG, Server Systems
> 860-486-9075
>

RE: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

2019-10-25 Thread Fazzina, Angelo 

From what I can tell the DNS record was not found.


Oct 23 18:26:14 triggerfish opendkim[5845]: E0C34CB4A69: key retrieval failed 
(s=zendesk1, 
d=lightandmotion.com<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flightandmotion.com%2F=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cdc886df7cab64106441908d7596bffc0%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C637076192715416749=gnix4yS%2FeS50NyWsfF6z2Ct5EnWZC17M42TSN%2B1nR5o%3D=0>):
 
'zendesk1._domainkey.lightandmotion.com<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdomainkey.lightandmotion.com%2F=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cdc886df7cab64106441908d7596bffc0%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C637076192715426737=8JOC37aC62%2FsIGMgoVeR02L4p3ZL90cWhIikiuw6Vg8%3D=0>'
 record not found

And I can’t find it…..

[root@exa02dbadm01 ~]# dig -t txt zendesk1._domainkey.lightandmotion.com

; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 <<>> -t txt 
zendesk1._domainkey.lightandmotion.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33283
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;zendesk1._domainkey.lightandmotion.com.IN TXT

;; AUTHORITY SECTION:
lightandmotion.com. 10800   IN  SOA dns042.a.register.com. 
root.register.com. 2019021518 28800 7200 604800 14400

;; Query time: 65 msec
;; SERVER: 137.99.25.14#53(137.99.25.14)
;; WHEN: Fri Oct 25 13:12:38 EDT 2019
;; MSG SIZE  rcvd: 126



-ANGELO FAZZINA

ang...@uconn.edu
University of Connecticut,  ITS, SSG, Server Systems
860-486-9075

From: owner-postfix-us...@postfix.org  On 
Behalf Of Jason Hirsh
Sent: Friday, October 25, 2019 12:53 PM
To: Dominic Raferd ; postfix-users@postfix.org
Subject: Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

I have gone over my configuration with a fine tooth comb, but considering I put 
them together it is not surprising I can’t spot anything


O have been trying to locate opendkim action in my log file.  It appears that 
that the  mail is being reviewed but now header added




Any thoughts any one/?
On Oct 24, 2019, at 11:29 AM, Jason Hirsh 
mailto:kasd...@mac.com>> wrote:

Thank you  for the quick response


I am 99% certain they are…I had the OpenDkim running for about a week and did 
not change those (I think0

Trusted Hosts

127.0.0.1
localhost
example.com<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fexample.com%2F=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cdc886df7cab64106441908d7596bffc0%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C637076192715386759=rErzRyGrqzauAzVucYkuPdJNkmxXrnDP8s97szEMWxs%3D=0>
example1.com<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fexample1.com%2F=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cdc886df7cab64106441908d7596bffc0%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C637076192715386759=hBqM1R2YRhLB22PQpTqG3NQ1DkapmVb2Szf8Uhnl5%2Fs%3D=0>



KeyTable

default._domainkey.example.com<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdomainkey.example.com%2F=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cdc886df7cab64106441908d7596bffc0%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C637076192715396756=DftPdGi7TbEM%2Bn9XXuZmDsUjiFOBIvNm9oKih728fz4%3D=0>:default:/usr/local/etc/opendkim/keys/example.com.com/default.private<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fexample.com.com%2Fdefault.private=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cdc886df7cab64106441908d7596bffc0%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C637076192715396756=wqKMyeA%2F%2FQdbNCLXUW%2FiWnfTpx%2BaohzEUChdQZTt0%2Fo%3D=0>
default._domainkey.example1.com<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdomainkey.example1.com%2F=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cdc886df7cab64106441908d7596bffc0%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C637076192715396756=UO8JqXMKMk%2BpY9pbhQgkePsTyYGbAxq2J0tPGQgq50Q%3D=0>:default:/usr/local/etc/opendkim/keys/example1.com/default.private<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fexample1.com%2Fdefault.private=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cdc886df7cab64106441908d7596bffc0%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C637076192715406753=tUhYMskFN72F2Imv1spwIfIMrCEqzH%2FtTOvYiCKJJhg%3D=0>

SigningTable

*@example.com<mailto:*@example.com> 
default._domainkey.example.com<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdomainkey.example.com%2F=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cdc886df7cab64106441908d7596bffc0%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C637076192715406753=qjHEBkFgqjKqwqxS2mYj2tDodMiDHgO6pitK0tV0M9Q%3D=0>
*@example1.com<mailto:*@example1.com> 
default._domainkey.example1.com<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdomainkey.example1.com%2F=02%

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

2019-10-25 Thread Jason Hirsh 
I have gone over my configuration with a fine tooth comb, but considering I put 
them together it is not surprising I can’t spot anything


O have been trying to locate opendkim action in my log file.  It appears that 
that the  mail is being reviewed but now header added



postfix/submission/smtpd[52375]: milter8_send: milter inet:localhost:8891
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
milter_name = inet:localhost:8891
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
milter_version = 6
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
milter_actions = 273
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
milter_events = 1050370
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
milter_non_events = 0
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
milter_state = 4
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
milter_conn_timeout = 30
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
milter_cmd_timeout = 30
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
milter_msg_timeout = 300
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
milter_action = accept
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: send attr 
milter_macro_list = 0
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup 
socket: wanted attribute: dummy
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute 
name: dummy
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute 
value: (end)
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup 
socket: wanted attribute: (list terminator)
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute 
name: (end)
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup 
socket: wanted attribute: dummy
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute 
name: dummy
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute 
value: (end)
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup 
socket: wanted attribute: (list terminator)
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute 
name: (end)
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup 
socket: wanted attribute: status
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute 
name: status
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute 
value: 0
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: public/cleanup 
socket: wanted attribute: (list terminator)
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: input attribute 
name: (end)
Oct 25 12:45:14 triggerfish postfix/submission/smtpd[52375]: > 
c-73-150-178-106.hsd1.nj.comcast.net[73.150.178.106]: 354 End data with 
.
Oct 25 12:45:14 triggerfish postfix/cleanup[52466]: E7D08CB4AA4: 
message-id=
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: public/cleanup 
socket: wanted attribute: status
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: input attribute 
name: status
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: input attribute 
value: 0
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: public/cleanup 
socket: wanted attribute: reason
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: input attribute 
name: reason
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: input attribute 
value: (end)
Oct 25 12:45:15 triggerfish postfix/qmgr[52120]: E7D08CB4AA4: 
from=, size=2250, nrcpt=1 (queue active)
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: public/cleanup 
socket: wanted attribute: (list terminator)
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: input attribute 
name: (end)
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: > 
c-73-150-178-106.hsd1.nj.comcast.net[73.150.178.106]: 250 2.0.0 Ok: queued as 
E7D08CB4AA4
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: abort all milters
Oct 25 12:45:15 triggerfish postfix/submission/smtpd[52375]: milter8_abort: 
abort milter inet:localhost:8891

The thing that concerns me is the appearance of “dummy”

Any thoughts any one/?
> On Oct 24, 2019, at 11:29 AM, Jason Hirsh  wrote:
> 
> Thank you  for the quick response
> 
> 
> I am 99% certain they are…I had the OpenDkim running for about a week and did 
> not change those (I think0
> 
> Trusted Hosts
> 
> 127.0.0.1
> localhost
> example.com 
> example1.com 
> 
> 
> 
> KeyTable
> 
> default._domainkey.example.com 
> :default:/usr/local/etc/opendkim/keys/example.com.com/default.private
>  
>

Re: OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

2019-10-24 Thread Dominic Raferd 
On Thu, 24 Oct 2019 at 15:28, Jason Hirsh  wrote:
>
> I am trying to revive my OpenDKIM installation. I had it working but managed 
> to break it when I updated my ports.  It is running but not signing outgoing 
> messages
>
> My main.cf configuration relative to OpenDkim is
>
> smtpd_milters =  inet:localhost:8891
> non_smtpd_milters =  $smtpd_milters
> milter_default_action = accept
>
> My OpenDkim.conf is
>
> AutoRestart Yes
> AutoRestartRate 10/1h
> LogWhy  Yes
> Syslog  Yes
> SyslogSuccess   Yes
> Modesv
> Canonicalizationrelaxed/simple
> ExternalIgnoreList  refile:/usr/local/etc/opendkim/TrustedHosts
> InternalHosts   refile:/usr/local/etc/opendkim/TrustedHosts
> KeyTable/usr/local/etc/opendkim/KeyTable
> SigningTablerefile:/usr/local/etc/opendkim/SigningTable
> SignatureAlgorithm  rsa-sha256
> Socket  inet:8891@127.0.0.1
> UMask   022
> UserID  opendkim:opendkim
> TemporaryDirectory  /var/tmp
>
> As I stated it is running... But not signing from a test site...
>
> Any thoughts would be appreciated

Are files /usr/local/etc/opendkim/TrustedHosts, KeyTable and
SigningTable set up correctly? Do you need to use KeyTable and
SigningTable - this is a more complex setup; standard setup uses
parameters Domain, Selector and KeyFile - see
http://www.opendkim.org/opendkim-README.

OpenDKIM , Postfix , SpamAssassin, Amavisd-New, SPF and FreeBSD

2019-10-24 Thread Jason Hirsh 
I am trying to revive my OpenDKIM installation. I had it working but managed to 
break it when I updated my ports.  It is running but not signing outgoing 
messages



My main.cf configuration relative to OpenDkim is

smtpd_milters =  inet:localhost:8891
non_smtpd_milters =  $smtpd_milters
milter_default_action = accept


My OpenDkim.conf is


AutoRestart Yes
AutoRestartRate 10/1h
LogWhy  Yes
Syslog  Yes
SyslogSuccess   Yes
Modesv
Canonicalizationrelaxed/simple
ExternalIgnoreList  refile:/usr/local/etc/opendkim/TrustedHosts
InternalHosts   refile:/usr/local/etc/opendkim/TrustedHosts
KeyTable/usr/local/etc/opendkim/KeyTable
SigningTablerefile:/usr/local/etc/opendkim/SigningTable
SignatureAlgorithm  rsa-sha256
Socket  inet:8891@127.0.0.1
UMask   022
UserID  opendkim:opendkim
TemporaryDirectory  /var/tmp

A I stated it is running 

opendkim  5845   0.0  0.1  23120  11940  -  Ss   13:18   0:00.74 
/usr/local/sbin/opendkim -l -p inet:8891@localhost -u opendkim:mailnull -P 
/var/run/milteropendkim/pid


But not signing from a test site

--
DKIM check details:
--
Result: none (message not signed)
ID(s) verified: 


Any thoughts would be appreciated