Discussion:
[dkim-milter-discuss] [Q] dkim-filter[ ]: 0F40884146: key retrieval failed
J4K
2011-02-09 14:34:55 UTC
Permalink
Hi there,

I realised that I sent my original Email to the wrong list (dkim-ops),
so I have posted here as well. Apologies for those of you who get to
read it twice.

Here is the message:-

The DKIM-Filter I run occasionally returns these key retrieval failure
messages, and then rejects the email. The milter time out for postfix
is 30 seconds which exceeds the dkim-filter default time out.
Additionally, The time stamps in the message below are the same.

the reject has not happened once, but 112 times since the 6th February.

I am trying to work out whether this is,
a misconfiguration problem with the sender's DKIM entry in DNS,
a time-out from my server to the DNS
a misconfiguration on my server.


Some messages from the postfix log follows:-

Feb 9 14:08:05 srv1 dkim-filter[6967]: 0F40884146: key retrieval failed
Feb 9 14:08:05 srv1 postfix/cleanup[19030]: 0F40884146: milter-reject:
END-OF-MESSAGE from smtp143.junkemailfilter.com[69.50.231.143]: 4.7.1
Service unavailable - try again later; from=<***@couchsurfing.org>
to=<***@klunky.co.uk> proto=ESMTP helo=<junkemailfilter.com>


Does anyone know where I could start looking?

Best wishes, S
Todd Lyons
2011-02-09 20:39:39 UTC
Permalink
       The DKIM-Filter I run occasionally returns these key retrieval failure
I just wanted to point out that this project was forked in Jul 2009
(now called opendkim) and continuing development has been going on
there. It is also on sourceforge.
messages, and then rejects the email.  The milter time out for postfix
is 30 seconds which exceeds the dkim-filter default time out.
Additionally, The time stamps in the message below are the same.
There are also some dns resolver issues in that older version IIRC.
Are you using your system resolver or libar? I can't remember that
far back, is unbound also supported in dkim-filter?
I am trying to work out whether this is,
       a misconfiguration problem with the sender's DKIM entry in DNS,
       a time-out from my server to the DNS
       a misconfiguration on my server.
Likely the sender's DNS, however your dkim software should, IMHO,
handle it a little more gracefully and not cause undue duress on your
MTA.
Some messages from the postfix log follows:-
Feb  9 14:08:05 srv1 dkim-filter[6967]: 0F40884146: key retrieval failed
END-OF-MESSAGE from smtp143.junkemailfilter.com[69.50.231.143]: 4.7.1
Is there anything that says what key it was trying to retreive? Can
you get ahold of the message that was queued as 0F40884146 ?
--
Regards...      Todd
I seek the truth...it is only persistence in self-delusion and
ignorance that does harm.  -- Marcus Aurealius
J4K
2011-02-10 10:46:41 UTC
Permalink
Post by Todd Lyons
Post by J4K
The DKIM-Filter I run occasionally returns these key retrieval failure
I just wanted to point out that this project was forked in Jul 2009
(now called opendkim) and continuing development has been going on
there. It is also on sourceforge.
Post by J4K
messages, and then rejects the email. The milter time out for postfix
is 30 seconds which exceeds the dkim-filter default time out.
Additionally, The time stamps in the message below are the same.
There are also some dns resolver issues in that older version IIRC.
Are you using your system resolver or libar? I can't remember that
far back, is unbound also supported in dkim-filter?
Post by J4K
I am trying to work out whether this is,
a misconfiguration problem with the sender's DKIM entry in DNS,
a time-out from my server to the DNS
a misconfiguration on my server.
Likely the sender's DNS, however your dkim software should, IMHO,
handle it a little more gracefully and not cause undue duress on your
MTA.
Post by J4K
Some messages from the postfix log follows:-
Feb 9 14:08:05 srv1 dkim-filter[6967]: 0F40884146: key retrieval failed
END-OF-MESSAGE from smtp143.junkemailfilter.com[69.50.231.143]: 4.7.1
Is there anything that says what key it was trying to retreive? Can
you get ahold of the message that was queued as 0F40884146 ?
I am not sure how to get the message as it was cleaned up:
Feb 9 14:07:57 logout postfix/cleanup[19030]: 0F40884146:
message-id=<***@messaging.couchsurfing.com>

I just installed opendkim via aptitude on Debian Squeeze, started it,
and all inbound delivery stopped!
I had not even configured it as a milter in Postfix.
I removed it (aptitude remove opendkim), and deliver started.
This does not make any sense.
Todd Lyons
2011-02-11 18:02:30 UTC
Permalink
If you were lucky, it would have been a local delivery that the user
had not deleted the message yet. It was a shot in the dark :-)
I just installed opendkim via aptitude on Debian Squeeze, started it, and
all inbound delivery stopped!
I had not even configured it as a milter in Postfix.
I removed it (aptitude remove opendkim), and deliver started.
This does not make any sense.
Agreed that is odd. I know little about Debian configuration systems,
but I do not think that it would automatically insert opendkim into
your postfix configuration before you have configured it. I am not
sure what is happening in that regard.
--
Regards...      Todd
I seek the truth...it is only persistence in self-delusion and
ignorance that does harm.  -- Marcus Aurealius
Loading...