Ok, I will provide any additional information that you guys will require, but here is the "weird" issue I am seeing.
Have an established network for a major company, Exchange server, 2 Sendmail servers handling inbound/outbound mail traffic. OpenDKIM running on both servers, verifying and signing inbound/outbound mail. Have one maillist server, Sendmail/Majordomo running on Solaris 10 server. It is old, but functioning properly, but becoming old and failing occasionally. So, I went ahead and built a new CentOS 6.0 server, with Sendmail and Majordomo configured. The server is obviously a different name than it predecessor, but will be renamed when put into service.
My issue is a weird one: the "new" maillist server functions fine, it accepts emails sent to test@server.domain.org and distributes them accordingly. Everything seems fine except that upon inspection of the headers of the sent emails, the DOMAINKEY-SIGNATURE is missing. Yahoo.com shows it as a bad SIG and it is, because when viewing the outbound mail log, that portion of the process is just skipped for this server. Now the twist. If I use Mailx from the same server, sending to test@server.domain.org, Sendmail/Majordomo distribute the emails and the outbound mailserver signs the emails fine, OpenDKIM and DOMAINKEY-Signature and Yahoo is happy. The emails I am testing with are sent internally from my Outlook, attached to an Exchange mail server.
Mail flow:
Outlook -> mailserver1 -> OLD maillistserver/sendmail -> mailserver2 -> the world. PASS
Outlook -> mailserver1 -> NEW maillistserver/sendmail -> mailserver2 -> the world. FAIL
NEW maillistserver/Sendmail -> mailserver2 -> the world. PASS
Now I have checked every setting possible, comparing the old maillist server to the new. There are some small differences because of the versions of software used, but I have matched almost everything perfectly. I have combed through the incoming/outgoing mailservers for any mention of the old mailserver or some rule that would explain this.
I have looked at the OpenDKIM config files and local-host-names file on both mail servers and everything is fine.
All I can think of is that either:
Quick example:
Same "new" maillist server. Log file from outgoing mail server. Sent from Outlook account to test@server.domain.org
Passed right by dk-domain and never applied the domainkey-signature.
Sent using Mailx from server.domain.org to test@server.domain.org.
I would appreciate anyone's thoughts or ideas on what to look into for this. Like I have said, I have been staring at this for a week now and nothing is obvious. I know it probably has to do with the headers applied once it leaves Outlook/Exchange and them needing to be parsed or cleaned up, but there is nothing obvious on either mail server nor the old maillist server that is handling this.
Thanks.
(PS: The server is not named server nor is the domain domain.org, just cleaning it up for security, LOL, but I guess you knew that.)
Have an established network for a major company, Exchange server, 2 Sendmail servers handling inbound/outbound mail traffic. OpenDKIM running on both servers, verifying and signing inbound/outbound mail. Have one maillist server, Sendmail/Majordomo running on Solaris 10 server. It is old, but functioning properly, but becoming old and failing occasionally. So, I went ahead and built a new CentOS 6.0 server, with Sendmail and Majordomo configured. The server is obviously a different name than it predecessor, but will be renamed when put into service.
My issue is a weird one: the "new" maillist server functions fine, it accepts emails sent to test@server.domain.org and distributes them accordingly. Everything seems fine except that upon inspection of the headers of the sent emails, the DOMAINKEY-SIGNATURE is missing. Yahoo.com shows it as a bad SIG and it is, because when viewing the outbound mail log, that portion of the process is just skipped for this server. Now the twist. If I use Mailx from the same server, sending to test@server.domain.org, Sendmail/Majordomo distribute the emails and the outbound mailserver signs the emails fine, OpenDKIM and DOMAINKEY-Signature and Yahoo is happy. The emails I am testing with are sent internally from my Outlook, attached to an Exchange mail server.
Mail flow:
Outlook -> mailserver1 -> OLD maillistserver/sendmail -> mailserver2 -> the world. PASS
Outlook -> mailserver1 -> NEW maillistserver/sendmail -> mailserver2 -> the world. FAIL
NEW maillistserver/Sendmail -> mailserver2 -> the world. PASS
Now I have checked every setting possible, comparing the old maillist server to the new. There are some small differences because of the versions of software used, but I have matched almost everything perfectly. I have combed through the incoming/outgoing mailservers for any mention of the old mailserver or some rule that would explain this.
I have looked at the OpenDKIM config files and local-host-names file on both mail servers and everything is fine.
All I can think of is that either:
- the new maillist server should be stripping the original DKIM authorization off or parsing the headers before passing it on to mailserver2 (but I have looked at the Sendmail/Majordomo config files every which way and see no differences between old and new);
- the incoming mailserver1 is doing something to the headers for the emails being sent to the old maillist server.
Quick example:
Same "new" maillist server. Log file from outgoing mail server. Sent from Outlook account to test@server.domain.org
Code:
May 23 10:42:39 mail sendmail[8157]: r4NEgc0n008157: Milter insert (1): header: X-DKIM: OpenDKIM Filter v2.4.2 mail.domain.org r4NEgc0n008157
[B][color="red"]May 23 10:42:39 mail sendmail[8157]: r4NEgc0n008157: milter=dk-domain, action=eoh, accepted[/color][/B]
May 23 10:42:39 mail sendmail[8157]: r4NEgc0n008157: milter=dk-domain2, action=eoh, accepted
May 23 10:42:39 mail sendmail[8157]: r4NEgc0n008157: milter=dk-domain3, action=eoh, acceptedSent using Mailx from server.domain.org to test@server.domain.org.
Code:
May 23 11:14:18 mail sendmail[9657]: r4NFEGmH009657: Milter insert (1): header: X-DKIM: OpenDKIM Filter v2.4.2 mail.domain.org r4NFEGmH009657
[B][color="Red"]May 23 11:14:18 mail sendmail[9657]: r4NFEGmH009657: Milter insert (1): header: DomainKey-Signature: a=rsa-sha1; s=mail; d=domain.org; c=nofws; q=dns;\n\th=x-dkim: from:date:to:subject:user-agent:content-type:content-transfer-encodingbla bla bla bla bla[/color][/B]
May 23 11:14:18 mail sendmail[9657]: r4NFEGmH009657: milter=dk-domain2, action=eoh, accepted
May 23 11:14:18 mail sendmail[9657]: r4NFEGmH009657: milter=dk-domain3, action=eoh, acceptedI would appreciate anyone's thoughts or ideas on what to look into for this. Like I have said, I have been staring at this for a week now and nothing is obvious. I know it probably has to do with the headers applied once it leaves Outlook/Exchange and them needing to be parsed or cleaned up, but there is nothing obvious on either mail server nor the old maillist server that is handling this.
Thanks.
(PS: The server is not named server nor is the domain domain.org, just cleaning it up for security, LOL, but I guess you knew that.)
