Postfix DKIM error without DKIM enabled?

Discussion in 'Server Operation' started by Goodstuff, Nov 23, 2014.

  1. Goodstuff

    Goodstuff New Member

    Hi!

    I´ve just launched my new debian wheezy mailserver with postfix virtual domains (using mariadb) and mailman. It´s config is based on ISPmail tutorial for Debian Wheezy found at workaround.org and howtos found here.
    Everything is working fine except that some mail sent to mailing lists get to the server but then gets stuck outbound to the mailinglist members.

    The message seems to be DKIM related but I havn´t done any DKIM or SPF configs whaterver. On the old mail server which also has virtual domains (using plain files) and the same mailinglist this never happends. The only thing that i can think of is the new server har TLS enabled and the old one doesn´t.

    Here is an example, any one got an idea what is wrong?

    Nov 23 19:47:52 mailserv1 postfix/smtp[15007]: 7A58A1BD: to=<[email protected]>, relay=mailout.comhem.se[80.76.149.166]:25, delay=4397, delays=4018/0.03/0.08/378, dsn=4.0.0, status=deferred (host mailout.comhem.se[80.76.149.166] said: 451 Cannot verify DKIM signature: pubkey_unavailable (in reply to end of DATA command))

    It could be that the problem occur when users with gmail accounts sends to the mailing list but I´m not 100% sure.
     
  2. Nap

    Nap Member

    I'm about to setup DKIM on my server, so I thought I'ld have a look.
    From: http://www.postfix.org/postconf.5.html#smtp_tls_security_level

    always_add_missing_headers (default: no)

    Always add (Resent-) From:, To:, Date: or Message-ID: headers when not present. Postfix 2.6 and later add these headers only when clients match the local_header_rewrite_clients parameter setting. Earlier Postfix versions always add these headers; this may break DKIM signatures that cover non-existent headers.


    Not sure if this is relevant.

    Cheers,
    Nap
     
    Goodstuff likes this.
  3. Goodstuff

    Goodstuff New Member

    Hi Nap!
    The always_add_missing_headers (default: no) itself didn´t solve my problem, but it got me looking in a new direction. I found out that the problem was indeed mailman and DKIM signed mail. So a little tweaking of mailman solved the problem. But I hadn´t found it without your suggestion so thank you very much!

    //Goody
     
    Nap likes this.

Share This Page