amavis-user March 2012 archive
Main Archive Page > Month Archives  > amavis-user archives
amavis-user: Re: Problem with DNS and DKIM

Re: Problem with DNS and DKIM

From: Mark Martinec <Mark.Martinec+amavis_at_nospam>
Date: Thu Mar 29 2012 - 16:31:32 GMT
To: amavis-users@amavis.org

Danny,

>What is the version of Mail::DKIM::Verifier ?

My Version is 0.39

Good.

> Here ist he correct log:
> [...]
> Mar 27 11:27:37 mx01b amavis[9668]: (09668-09) dkim: VALID [...]
> Mar 27 11:46:09 mx01b amavis[12868]: (12868-16) dkim: VALID [...]
> Mar 27 15:30:08 mx01b amavis[18135]: (18135-17) dkim: FAILED [...]
> [...] (public key: DNS query timeout for ...)
> Mar 27 16:19:00 mx01b amavis[26045]: (26045-18) dkim: FAILED [...]
> Mar 27 17:29:42 mx01b amavis[29770]: (29770-17) dkim: FAILED [...]
> Mar 27 17:44:39 mx01b amavis[23253]: (23253-15) dkim: FAILED [...]
> Mar 27 17:49:39 mx01b amavis[1607]: (01607-05) dkim: VALID [...]

>RES_OPTIONS="debug" perl -MMail::DKIM::Verifier -ne '
> BEGIN{$dkim=Mail::DKIM::Verifier->new_object};
> s/\r?\n\z/\015\012/; $dkim->PRINT($_); END{$dkim->CLOSE;
> printf("%s\n",$_->result_detail) for $dkim->signatures}' 0.msg

> Here is an Output from today:
> [...]
> ;; rcode = NOERROR
> pass

Good.

Looks like resolving of the same domain name sometimes succeeds
and sometimes times out. Are you using a local DSN resolver?
Does it use forwarding to some other server, or is it independent?

> Is it possible to add such Output to the running amavisd with
> an custom hook or something else.

Just set the shell environment variable RES_OPTIONS to "debug"
in the process which is starting amavisd, and make sure to
capture stderr.

If there is not too much traffic you may be able to run
amavisd from a terminal window with its logging on stdout:

$DO_SYSLOG = undef;
$LOGFILE = undef;

# RES_OPTIONS="debug" amavisd -d 2 foreground 2>&1 | tee 0.log

Otherwise you'll need to capture stderr separately,
with some timestamping arranged so that you can correlate
the logs. It must not be daemonized or the stderr will be
redirected to /dev/null. Something like the following could
work, while keeping the normal logging on syslog:

# RES_OPTIONS="debug" amavisd foreground 2>&1 | timestamp

where the 'timestamp' could be something like what I have
in my .bashrc:

function timestamp()
{ perl -MPOSIX -MTime::HiRes -n -e '
    BEGIN {$|=1; $dp=0; $t0=Time::HiRes::time};
    $t=Time::HiRes::time; $dt=$t-$t0; printf("%s%06.3f %4.3f %4.3f %s",
      POSIX::strftime("%H:%M:",localtime($t)), $t-int($t/60)*60,
      $dt, $dt-$dp, $_); $dp=$dt' $*
}

Mark