[dkim-ops] No signature on incoming mail

Ernie Grossmann ernieg92 at hotmail.com
Sun Apr 11 22:50:54 PDT 2010


> From: msk at cloudmark.com
> To: ernieg92 at hotmail.com; dkim-ops at mipassoc.org
> Date: Sat, 10 Apr 2010 21:24:47 -0700
> Subject: RE: [dkim-ops] No signature on incoming mail
> 
> > -----Original Message-----
> > From: dkim-ops-bounces at mipassoc.org [mailto:dkim-ops-
> > bounces at mipassoc.org] On Behalf Of Ernie Grossmann
> > Sent: Saturday, April 10, 2010 1:33 PM
> > To: dkim-ops at mipassoc.org
> > Subject: [dkim-ops] No signature on incoming mail
> > 
> > I'm using a basic Ubuntu Server 9.10 x64 installation with
> > Postfix/Amavis/DKIM setup. My outgoing mail is signed fine. However,
> > the incoming mail doesn't appear to be.
> > 
> > 99.9% of the mail comes in with this in the mail log:
> > <code>
> > dkim-filter[1626]: 07CF5134C5: no signature data
> > </code>
> 
> Most of your incoming mail is still unsigned. This isn't an error, just an observation in the log.
> 
> > I did have one come in with this in the log:
> > <code>
> > dkim-filter[1626]: CD2CCD95 ADSP query: syntax error in policy data
> > dkim-filter[1626]: CD2CCD95: no signature data
> > </code>
> 
> Probably either a malformed ADSP record in the sending domain's DNS, or a wildcard record that causes the ADSP record to point at something like an SPF record. And the message was unsigned.
> 
> > and another one with this one (and this is the one that makes me wonder
> > about DNS resolution):
> > <code>
> > dkim-filter[1626]: 7E6FDD95 ADSP query: timeout DNS query for
> > `d49.org'
> > dkim-filter[1626]: 7E6FDD95: no signature data
> > </code>
> 
> DNS timeouts aren't all that unusual.
> 
> > This error comes from the header of an email from gmail user:
> > <code>
> > domainkeys=softfail (invalid, public key: DNS query timeout for
> > gamma._domainkey.gmail.com)
> > </code>
> > 
> > Do most senders *NOT* use DK or DKIM signatures? Do I have a problem
> > with my DNS? How can I troubleshoot/fix?
> 
> It looks like it's operating normally to me.
> 
> DKIM is supplanting DK, but still both together don't have as much traction as we'd like (yet).
> 
> That error doesn't look like something dkim-filter generated. Are you pasting or typing those manually? You might look at using something like OpenDKIM. The dkim-filter package is unmaintained.

 

Thanks -- you were very helpful.

 

The error messages were cut-n-paste.  The last one (which doesn't look like dkim-filter) may be dk-filter or may be amavis-new (which checks dk/dkim signatures).

 

I've changed the DNS servers in my resolv.conf so hopefully I'll get better DNS replies.  But your answers gave me a good 'sanity check' that things appear to be working normally.

 

Thanks again.

Ernie Grossmann


 
 		 	   		  
_________________________________________________________________
Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mipassoc.org/pipermail/dkim-ops/attachments/20100411/76876040/attachment.html 


More information about the dkim-ops mailing list