Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 5648 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Invalid DKIM-Signature

Loganh
Hey all,

I was wondering why my installation of Astaro appears  to be accepting mail from domains which are using invalid  DKIM-Signature.

For instance it accepted mail from this domain.

From funtime@vesseler.info  Sat Oct 30 10:48:11 2010
Return-Path: 
Received: from [69.162.123.138] (port=11580 helo=oci138.vesseler.info)
by *MyServerName* with esmtp (Exim 4.69)
(envelope-from )
id 1PCEb4-00076p-0H
for ***@***.net; Sat, 30 Oct 2010 10:48:08 -0600
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default; d=vesseler.info;
 h=Mime-Version:To[:D]ate:Message-ID:Subject:From:Content-Type:Content-Transfer-Encoding; i=funtime@vesseler.info;
 bh=Ggtmjn7qtgDo3DA9bsc0hrrUjvc=;
 b=dSD0xE+FnX0CxA0o3lB7EvqZm+pIQPVQsALB0zADnNxScjy6pKvSVEFNDvWI4OoCxlcdEsFaoLUx
   IRV6rTYdYuuE6dOGqcb6gy+wPqTrO2sB0lL+u/lc7ikOueGE57aLgr1awO5zmhw/nXypzzyiMZTV
   Knyz9UoNO4f0einiLKs=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=default; d=vesseler.info;
 b=XVsCbtsnSiJ0KCv+/qiLDMWr1UIve0AhAc0fA6jH8NwRAOZfwh5x1+Ww2jBP/ILX4JHTz+F4r/aM
   Q6YS6KK8BCswh1LfsRTJNA4bGBpHPb5OoaKyKN6P84B0MNjWb7FHuMO7JjJxzb+Nv5HcTXeSRfId
   5TrwTRiDLVReCos9AgU=;
Mime-Version: 1.0
To: 
Date: Sat, 30 Oct 2010 12:35:20 -0400
Message-ID: 
Subject: Employee Travel Incentive Program
From: "Hr. Dept." 
X-Mailer: 423949_E6744163440329


This thread was automatically locked due to age.
Parents
  • 0
    You're right -  if I read the logs correctly, Astaro doesn't verify DKIM on received emails.  It would interesting to know if there's an easy way to turn on verification by exim instead of just outbound signing.

    Looking at EXIM Support for DKIM, It appears that this should be possible if acl_smtp_dkim is available.  At least, if the verify_status and verify_reason were added to the email header, one could use a rule in Outlook to delete emails like yours.  So, it sounds like you may have a good suggestion for Astaro Gateway Feature Requests.

    Still, I don't recall seeing an email like that that got past the Astaro's existing anti-spam.  If you're seeing much spam at all, maybe you might want to get feedback from folks here on your configuration.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    well here is what I see in my logs referring to the email in question.
    The line in red verifies that it does check for the record that was presented and finds it invalid. it just doesn't do anything about it.

    As you suggested I think it would be a good Idea if we could add a tagged header so that we could filter with different reasons if we so choose.

    2010:10:30-10:48:00 firestorm exim[4845]: 2010-10-30 10:48:00 SMTP connection from [69.162.123.138]:11580 (TCP/IP connection count = 1)
    2010:10:30-10:48:01 firestorm exim[27331]: 2010-10-30 10:48:01 [69.162.123.138] F= R= Verifying recipient address with callout
    2010:10:30-10:48:08 firestorm exim[27331]: 2010-10-30 10:48:08 1PCEb4-00076p-0H DKIM: d=vesseler.info s=default c=relaxed/relaxed a=rsa-sha1 i=funtime@vesseler.info [invalid - public key record (currently?) unavailable]
    2010:10:30-10:48:08 firestorm exim[27331]: 2010-10-30 10:48:08 1PCEb4-00076p-0H Greylisting: 69.162.123.138 is a known retry host
    2010:10:30-10:48:08 firestorm exim[27331]: 2010-10-30 10:48:08 1PCEb4-00076p-0H funtime@vesseler.info H=(oci138.vesseler.info) [69.162.123.138]:11580 P=esmtp S=38288 id=4071360539572683003.565871490.JavaMail.java@oci138.vesseler.info
    2010:10:30-10:48:08 firestorm exim[27331]: 2010-10-30 10:48:08 SMTP connection from (oci138.vesseler.info) [69.162.123.138]:11580 closed by QUIT
    2010:10:30-10:48:10 firestorm smtpd[4830]: QMGR[4830]: 1PCEb4-00076p-0H moved to work queue
    2010:10:30-10:48:10 firestorm smtpd[27337]: SCANNER[27337]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="69.162.123.138" from="funtime@vesseler.info" to="***@***.net" subject="Employee Travel Incentive Program" queueid="13byuC-00076p-01" size="36940"
    2010:10:30-10:48:11 firestorm exim[27340]: 2010-10-30 10:48:11 13byuC-00076p-01 => ***@***.net P= R=static_route_hostlist T=static_smtp H=***.***.***.*** [***.***.***.***]:25
    2010:10:30-10:48:11 firestorm exim[27340]: 2010-10-30 10:48:11 13byuC-00076p-01 Completed
    2010:10:30-10:48:39 firestorm smtpd[27337]: SCANNER[27337]: Nothing to do, exiting.
Reply
  • 0 in reply to BAlfson
    well here is what I see in my logs referring to the email in question.
    The line in red verifies that it does check for the record that was presented and finds it invalid. it just doesn't do anything about it.

    As you suggested I think it would be a good Idea if we could add a tagged header so that we could filter with different reasons if we so choose.

    2010:10:30-10:48:00 firestorm exim[4845]: 2010-10-30 10:48:00 SMTP connection from [69.162.123.138]:11580 (TCP/IP connection count = 1)
    2010:10:30-10:48:01 firestorm exim[27331]: 2010-10-30 10:48:01 [69.162.123.138] F= R= Verifying recipient address with callout
    2010:10:30-10:48:08 firestorm exim[27331]: 2010-10-30 10:48:08 1PCEb4-00076p-0H DKIM: d=vesseler.info s=default c=relaxed/relaxed a=rsa-sha1 i=funtime@vesseler.info [invalid - public key record (currently?) unavailable]
    2010:10:30-10:48:08 firestorm exim[27331]: 2010-10-30 10:48:08 1PCEb4-00076p-0H Greylisting: 69.162.123.138 is a known retry host
    2010:10:30-10:48:08 firestorm exim[27331]: 2010-10-30 10:48:08 1PCEb4-00076p-0H funtime@vesseler.info H=(oci138.vesseler.info) [69.162.123.138]:11580 P=esmtp S=38288 id=4071360539572683003.565871490.JavaMail.java@oci138.vesseler.info
    2010:10:30-10:48:08 firestorm exim[27331]: 2010-10-30 10:48:08 SMTP connection from (oci138.vesseler.info) [69.162.123.138]:11580 closed by QUIT
    2010:10:30-10:48:10 firestorm smtpd[4830]: QMGR[4830]: 1PCEb4-00076p-0H moved to work queue
    2010:10:30-10:48:10 firestorm smtpd[27337]: SCANNER[27337]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="69.162.123.138" from="funtime@vesseler.info" to="***@***.net" subject="Employee Travel Incentive Program" queueid="13byuC-00076p-01" size="36940"
    2010:10:30-10:48:11 firestorm exim[27340]: 2010-10-30 10:48:11 13byuC-00076p-01 => ***@***.net P= R=static_route_hostlist T=static_smtp H=***.***.***.*** [***.***.***.***]:25
    2010:10:30-10:48:11 firestorm exim[27340]: 2010-10-30 10:48:11 13byuC-00076p-01 Completed
    2010:10:30-10:48:39 firestorm smtpd[27337]: SCANNER[27337]: Nothing to do, exiting.
Children
No Data
Cookie Information Banner