Struggling with DKIM signing

[Nick Howitt]

On 05/11/2024 17:31, Damian wrote:
>> I don't see any SPF or DMARC checking in the headers on inbound email 
>> and I am currently researching it.
>
> Amavis does not check SPF or DMARC itself, but SpamAssassin will do 
> it, if configured.
Odd one this. It may be doing the checks as I see the X-Virus-Scanned 
header "Debian amavis at mail-www.howitts.co.uk".

Previously in ClearOS (based on Centos7), I would see in the mail log 
something like:

    Nov  4 08:42:04 server amavis[1874]: (01874-15) size: 105876, TIMING
    [total 2285 ms] - SMTP greeting: 1.4 (0%)0, SMTP EHLO: 0.7 (0%)0,
    SMTP pre-MAIL: 0.6 (0%)0, SMTP MAIL: 0.8 (0%)0, SMTP pre-DATA-flush:
    1.0 (0%)0, SMTP DATA: 40 (2%)2, check_init: 0.3 (0%)2, digest_hdr:
    1.4 (0%)2, digest_body_dkim: 7 (0%)2, collect_info: 4.1 (0%)3,
    mime_decode: 10 (0%)3, get-file-type1: 10 (0%)3, parts_decode: 0.1
    (0%)3, check_header: 0.2 (0%)3, AV-scan-1: 162 (7%)10, spam-wb-list:
    0.2 (0%)10, SA msg read: 0.3 (0%)11, SA parse: 3.0 (0%)11, SA check:
    1945 (85%)96, decide_mail_destiny: 4.5 (0%)96, notif-quar: 0.2
    (0%)96, fwd-connect: 38 (2%)98, fwd-mail-pip: 4.3 (0%)98,
    fwd-rcpt-pip: 0.2 (0%)98, fwd-data-chkpnt: 0.0 (0%)98, write-header:
    0.5 (0%)98, fwd-data-contents: 2.2 (0%)98, fwd-end-chkpnt: 41
    (2%)100, prepare-dsn: 0.7 (0%)100, report: 1.1 (0%)100,
    main_log_entry: 2.9 (0%)100, update_snmp: 0.9 (0%)100, SMTP
    pre-response: 0.2 (0%)100, SMTP response: 0.1 (0%)100,
    unlink-2-files: 0.2 (0%)100, rundown: 0.4 (0%)100
    Nov  4 08:42:04 server amavis[16349]: (16349-18) ESMTP :10024
    /var/lib/amavis/tmp/amavis-20241103T141640-16349-3pL0YovS:
    <ebay at ebay.co.uk> -> <user at howitts.co.uk> SIZE=108333 Received: from
    mailserver.howitts.co.uk ([127.0.0.1]) by localhost
    (server.howitts.co.uk [127.0.0.1]) (amavisd-new, port 10024) with
    ESMTP for <user at howitts.co.uk>; Mon,  4 Nov 2024 08:42:04 +0000 (GMT)
    Nov  4 08:42:04 server mailfilter: starting up
    (sender=ebay at ebay.co.uk, recipients=user at howitts.co.uk,
    client_address=127.0.0.1)
    Nov  4 08:42:04 server amavis[27659]: (27659-12) spam-tag,
    <ebay at ebay.co.uk> -> <user at howitts.co.uk>, No, score=-7.488
    tagged_above=-99 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
    DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1,
    SPF_HELO_NONE=0.001, T_REMOTE_IMAGE=0.01, USER_IN_DEF_DKIM_WL=-7.5]
    autolearn=ham autolearn_force=no

So spamassassin must be communicating with amavis somehow. I'll keep 
digging.


>
>> 2024-11-05T16:50:43.961525+00:00 mail-www amavis[3676918]: 
>> (3676918-01) Passed CLEAN {RelayedOpenRelay}, [34.209.113.130]:51018 
>> [34.209.113.130] <auth-results at verifier.port25.com> -> 
>> <nick at howitts.co.uk>, ...
> You need to declare howitts.co.uk as one of yours (on Debian see 
> conf.d/05-domain_id) to get rid of OpenRelay.
Fixed by setting /etc/mailname correctly, thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.amavis.org/pipermail/amavis-users/attachments/20241105/6dc59654/attachment.htm>