Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 24th May 2013, 17:25
allnyguy allnyguy is offline
Junior Member
 
Join Date: May 2013
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default CentOS/Sendmail/Majordomo/OpenDKIM Question

Boy that was a mouthful…

Ok, I will provide any additional information that you guys will require, but here is the "weird" issue I am seeing.

Have an established network for a major company, Exchange server, 2 Sendmail servers handling inbound/outbound mail traffic. OpenDKIM running on both servers, verifying and signing inbound/outbound mail. Have one maillist server, Sendmail/Majordomo running on Solaris 10 server. It is old, but functioning properly, but becoming old and failing occasionally. So, I went ahead and built a new CentOS 6.0 server, with Sendmail and Majordomo configured. The server is obviously a different name than it predecessor, but will be renamed when put into service.

My issue is a weird one: the "new" maillist server functions fine, it accepts emails sent to test@server.domain.org and distributes them accordingly. Everything seems fine except that upon inspection of the headers of the sent emails, the DOMAINKEY-SIGNATURE is missing. Yahoo.com shows it as a bad SIG and it is, because when viewing the outbound mail log, that portion of the process is just skipped for this server. Now the twist. If I use Mailx from the same server, sending to test@server.domain.org, Sendmail/Majordomo distribute the emails and the outbound mailserver signs the emails fine, OpenDKIM and DOMAINKEY-Signature and Yahoo is happy. The emails I am testing with are sent internally from my Outlook, attached to an Exchange mail server.

Mail flow:
Outlook -> mailserver1 -> OLD maillistserver/sendmail -> mailserver2 -> the world. PASS

Outlook -> mailserver1 -> NEW maillistserver/sendmail -> mailserver2 -> the world. FAIL

NEW maillistserver/Sendmail -> mailserver2 -> the world. PASS

Now I have checked every setting possible, comparing the old maillist server to the new. There are some small differences because of the versions of software used, but I have matched almost everything perfectly. I have combed through the incoming/outgoing mailservers for any mention of the old mailserver or some rule that would explain this.

I have looked at the OpenDKIM config files and local-host-names file on both mail servers and everything is fine.


All I can think of is that either:

1.) The new maillist server should be stripping the original DKIM authorization off or parsing the headers before passing it on to mailserver2 (but I have looked at the Sendmail/Majordomo config files every which way and see no differences between old and new)

2.) the outgoing mailserver2 (that is doing the final DKIM signature) is handling the emails differently from the old list server.

Quick example:

Same "new" maillist server. Log file from outgoing mail server. Sent from Outlook account to test@server.domain.org
Code:
Code:
May 23 10:42:39 mail sendmail[8157]: r4NEgc0n008157: Milter insert (1): header: X-DKIM:  OpenDKIM Filter v2.4.2 mail.domain.org r4NEgc0n008157
May 23 10:42:39 mail sendmail[8157]: r4NEgc0n008157: milter=dk-domain, action=eoh, accepted
May 23 10:42:39 mail sendmail[8157]: r4NEgc0n008157: milter=dk-domain2, action=eoh, accepted
May 23 10:42:39 mail sendmail[8157]: r4NEgc0n008157: milter=dk-domain3, action=eoh, accepted
Passed right by dk-domain and never applied the domainkey-signature.
Sent using Mailx from server.domain.org to test@server.domain.org.
Code:
Code:
May 23 11:14:18 mail sendmail[9657]: r4NFEGmH009657: Milter insert (1): header: X-DKIM:  OpenDKIM Filter v2.4.2 mail.domain.org r4NFEGmH009657
May 23 11:14:18 mail sendmail[9657]: r4NFEGmH009657: Milter insert (1): header: DomainKey-Signature:  a=rsa-sha1; s=mail; d=domain.org; c=nofws; q=dns;\n\th=x-dkim: from:date:to:subject:user-agent:content-type:content-transfer-encodingbla bla bla bla bla
May 23 11:14:18 mail sendmail[9657]: r4NFEGmH009657: milter=dk-domain2, action=eoh, accepted
May 23 11:14:18 mail sendmail[9657]: r4NFEGmH009657: milter=dk-domain3, action=eoh, accepted
I would appreciate anyone's thoughts or ideas on what to look into for this. Like I have said, I have been staring at this for a week now and nothing is obvious. I know it probably has to do with the headers applied once it leaves Outlook/Exchange and them needing to be parsed or cleaned up, but there is nothing obvious on either mail server nor the old maillist server that is handling this.

Thanks.
Reply With Quote
Sponsored Links
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Debian Perfect Server Partitioning Question diago HOWTO-Related Questions 1 25th November 2012 14:20
Networking: Routing / subnet question paulievox HOWTO-Related Questions 1 15th February 2010 23:45
Dumb Virtualhost Question DantePasquale Server Operation 1 16th December 2009 07:43
Question with email jdamron General 1 20th May 2009 10:33
Hostname question, and DNS question andrewfashion General 1 20th April 2009 13:30


All times are GMT +2. The time now is 21:52.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.