關於 Domainkey
<P>查詢mail server smtp in 紀錄檔,發現以下粗體字可能是對方信件無法寄入原因,我要如何處理 </P><P> </P>
<P>on 2007-09-17 20:43:08: Passing message through Spam Filter (Size: 2473)...<BR>Mon 2007-09-17 20:43:11: * <STRONG>15 MDAEMON_DK_FAIL MDaemon: failed DomainKeys verification</STRONG><BR>Mon 2007-09-17 20:43:11: * 0.0 HTML_MESSAGE BODY: HTML included in message<BR>Mon 2007-09-17 20:43:11: * 0.2 HTML_90_100 BODY: Message is 90% to 100% HTML<BR>Mon 2007-09-17 20:43:11: * 1.8 HTML_SHORT_COMMENT HTML is very short with HTML comments<BR>Mon 2007-09-17 20:43:11: ---- End SpamAssassin results<BR>Mon 2007-09-17 20:43:11: Spam Filter score/req: 17.01/14.0<BR>Mon 2007-09-17 20:43:11: Message refused because spam score is too high<BR>Mon 2007-09-17 20:43:11: --> 554 Sorry, message looks like SPAM to me<BR>Mon 2007-09-17 20:43:16: <-- QUIT<BR>Mon 2007-09-17 20:43:16: --> 221 See ya in cyberspace<BR>Mon 2007-09-17 20:43:16: SMTP session terminated (Bytes in/out: 2622/445)</P> 前往 Security -> SPF & Sender ID....裏面,將 DKIM Verify 的功能關掉。大部份的郵件伺服器都不會設定 DomainKeys,所以會造成問題。
預設關閉功能
<P> 我的 Mdaemin 8.1.3版本</P><P>查了一下cryptographic verification 下有兩個選項</P>
<P>verify signatures created using Domainkeys (DK) 預設為打勾</P>
<P>verify signatures created using Domainkeys Identified Mail (DKIM) 預設為不打勾</P>
<P>我要關閉哪一個ㄚ 謝謝<IMG alt="" src="http://www.suma.tw/forum/images/smilies/default/smile.gif" border=0 smilieid="1"> </P> 除非你確定那些功能在做什麼,否則都把它關了。一般來說可以不必用。
急件---關於Domainkey
<P>Mdaemon 8.1.3版本</P><P>mail server 用了2年多,我的DK一直是預設值,最近有位客戶mail 大部份都收不到,log 所顯示訊息如下因為</P>
<P>DK Fail 所以導致mail server 判別為 spam ,但是其他公司寄郵件時都不會有MDAEMON_DK_FAIL MDaemon: failed DomainKeys verification 訊息,是程式BUG嗎???? 我現在要如何解決呢急件<IMG alt="" src="http://www.suma.tw/forum/images/smilies/default/mad.gif" border=0 smilieid="11"> </P>
<P> </P>
<P> </P>
<P>Thu 2007-09-20 22:29:55: Session 3633; child 8; thread 1856<BR>Thu 2007-09-20 22:29:10: Accepting SMTP connection from <BR>Thu 2007-09-20 22:29:10: Performing PTR lookup (35.56.23.18.IN-ADDR.ARPA)<BR>Thu 2007-09-20 22:29:10: * D=35.56.23.18.IN-ADDR.ARPA TTL=(1440) PTR=<BR>Thu 2007-09-20 22:29:10: * Gathering A records...<BR>Thu 2007-09-20 22:29:10: * D=dgate1.xxxxx.com TTL=(1338) A=<BR>Thu 2007-09-20 22:29:10: ---- End PTR results<BR>Thu 2007-09-20 22:29:10: --> 220 aaa.bbb.com ESMTP MDaemon 8.1.3; Thu, 20 Sep 2007 22:29:10 +0800<BR>Thu 2007-09-20 22:29:11: <-- EHLO dgate1.xxxxx.com<BR>Thu 2007-09-20 22:29:11: Performing IP lookup (dgate1.xxxxx.com)<BR>Thu 2007-09-20 22:29:12: * D=dgate1.xxxxx.com TTL=(1440) A=<BR>Thu 2007-09-20 22:29:12: ---- End IP lookup results<BR>Thu 2007-09-20 22:29:12: --> 250-aaa.bbb.com Hello dgate1.xxxxx.com, pleased to meet you<BR>Thu 2007-09-20 22:29:12: --> 250-ETRN<BR>Thu 2007-09-20 22:29:12: --> 250-AUTH=LOGIN<BR>Thu 2007-09-20 22:29:12: --> 250-AUTH LOGIN CRAM-MD5<BR>Thu 2007-09-20 22:29:12: --> 250-8BITMIME<BR>Thu 2007-09-20 22:29:12: --> 250 SIZE 11000000<BR>Thu 2007-09-20 22:29:12: <-- MAIL FROM:<<A href="mailto:[email protected]">[email protected]</A>> SIZE=20758<BR>Thu 2007-09-20 22:29:12: Performing IP lookup (xxxxx.com)<BR>Thu 2007-09-20 22:29:13: * D=xxxxx.com TTL=(1440) A=<BR>Thu 2007-09-20 22:29:14: * P=020 D=xxxxx.com TTL=(60) MX= {65.33.22.232}<BR>Thu 2007-09-20 22:29:14: * P=010 D=xxxxx.com TTL=(60) MX= {18.23.56.36}<BR>Thu 2007-09-20 22:29:14: * P=010 D=xxxxx.com TTL=(60) MX= {18.23.56.35}<BR>Thu 2007-09-20 22:29:14: ---- End IP lookup results<BR>Thu 2007-09-20 22:29:14: --> 250 <<A href="mailto:[email protected]">[email protected]</A>>, Sender ok<BR>Thu 2007-09-20 22:29:14: <-- RCPT TO:<<A href="mailto:[email protected]">[email protected]</A>><BR>Thu 2007-09-20 22:29:14: Performing DNS-BL lookup (18.23.56.35 - connecting IP)<BR>Thu 2007-09-20 22:29:14: * sbl-xbl.spamhaus.org - passed<BR>Thu 2007-09-20 22:29:34: * opm.blitzed.org - timed out (10 second wait)<BR>Thu 2007-09-20 22:29:44: * relays.ordb.org - timed out (10 second wait)<BR>Thu 2007-09-20 22:29:44: * bl.spamcop.net - passed<BR>Thu 2007-09-20 22:29:44: ---- End DNS-BL results<BR>Thu 2007-09-20 22:29:44: --> 250 <<A href="mailto:[email protected]">[email protected]</A>>, Recipient ok<BR>Thu 2007-09-20 22:29:45: <-- RCPT TO:<<A href="mailto:[email protected]">[email protected]</A>><BR>Thu 2007-09-20 22:29:45: --> 250 <<A href="mailto:[email protected]">[email protected]</A>>, Recipient ok<BR>Thu 2007-09-20 22:29:45: <-- DATA<BR>Thu 2007-09-20 22:29:45: Creating temp file (SMTP): c:\mdaemon\queues\temp\md50000826337.tmp<BR>Thu 2007-09-20 22:29:45: --> 354 Enter mail, end with <CRLF>.<CRLF><BR>Thu 2007-09-20 22:29:46: Message size: 21494 bytes<BR>Thu 2007-09-20 22:29:46: Performing DomainKeys lookup (Sender: <A href="mailto:[email protected]">[email protected]</A>)<BR>Thu 2007-09-20 22:29:46: * Message-ID: <A href="mailto:[email protected]">[email protected]</A><BR>Thu 2007-09-20 22:29:46: * <STRONG>Signature (1): s=s768; d=xxxxx.com; c=nofws; q=dns; h=Received:X-SBRSScore:X-IronPort-AV:Received:Received: From:To:CC:Date:Subject:Thread-Topic:Thread-Index: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:<BR></STRONG>Thu 2007-09-20 22:29:46: * Querying: s768._domainkey.xxxxx.com ...<BR>Thu 2007-09-20 22:29:46: * Key record (cached): t=y; k=rsa; p=<not logged><BR>Thu 2007-09-20 22:29:46: * Verification result: bad - (testing)<BR>Thu 2007-09-20 22:29:46: * Querying for policy: xxxxx.com<BR>Thu 2007-09-20 22:29:46: * Querying: _domainkey.xxxxx.com ...<BR>Thu 2007-09-20 22:29:47: * DNS: Name server has no records of the requested type for that domain<BR>Thu 2007-09-20 22:29:47: * Result: pass<BR>Thu 2007-09-20 22:29:47: ---- End DomainKeys results<BR>Thu 2007-09-20 22:29:47: Passing message through AntiVirus (Size: 21494)...<BR>Thu 2007-09-20 22:29:47: * Message is clean (no viruses found)<BR>Thu 2007-09-20 22:29:47: ---- End AntiVirus results<BR>Thu 2007-09-20 22:29:47: Passing message through Spam Filter (Size: 21494)...<BR><STRONG>Thu 2007-09-20 22:29:50: * 15 MDAEMON_DK_FAIL MDaemon: failed DomainKeys verification</STRONG><BR>Thu 2007-09-20 22:29:50: * 0.0 HTML_60_70 BODY: Message is 60% to 70% HTML<BR>Thu 2007-09-20 22:29:50: * 0.0 HTML_MESSAGE BODY: HTML included in message<BR>Thu 2007-09-20 22:29:50: * 0.1 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding<BR>Thu 2007-09-20 22:29:50: ---- End SpamAssassin results<BR>Thu 2007-09-20 22:29:50: Spam Filter score/req: 15.14/14.0<BR><STRONG>Thu 2007-09-20 22:29:50: Message refused because spam score is too high<BR>Thu 2007-09-20 22:29:50: --> 554 Sorry, message looks like SPAM to me<BR></STRONG>Thu 2007-09-20 22:29:55: <-- QUIT<BR>Thu 2007-09-20 22:29:55: --> 221 See ya in cyberspace<BR>Thu 2007-09-20 22:29:55: SMTP session terminated (Bytes in/out: 21683/493)<BR>Thu 2007-09-20 22:29:55: ----------<BR></P> 已經告訴你囉!DomainKeys 一般來說目前的習慣還用不到,請不要開啟檢查 DomainKeys 的功能,對方的信就可以寄進來了。 <P>補充說明,以前行不代表永遠都行!對方設定的 <STRONG><FONT color=#006699>Domainkey</FONT></STRONG> 網域金鑰會因為某些原因造成金鑰過期或失效,這時候你又對它進行檢查,一旦檢查不過當然就不放行。問題是哪有那麼多時間去向對方解釋說他們的 <FONT color=#006699>Domainkey 已經失效或過期。最好的辦法就是將你這邊的檢查關閉。</FONT></P>
<P><FONT color=#006699></FONT> </P>
<P><FONT color=#006699>說真的 Domainkey 這種東西還不是很風行,大部份的郵件伺服器都不會去設定 Domainkey,所以你開啟檢查其實沒有什麼太大作用。</FONT></P> Mdaemon 用了2年多,第一次碰到此問題,yahoo 也有使用到此DomainKey機制,但是收發都正常,目前維獨那一家客戶mail 寄不進來,也許是你所說的過期/失效問題,那只好關閉它吧 :( <P>你可能有點誤會我的意思。</P>
<P> </P>
<P>我建議的是「關閉 DomainKey 的檢查」而不是「關閉你自己的 DomainKey」。你可以不檢查別人的 DomainKey,但還是可以開啟自己的 DomainKey 讓別人去檢查 (比方 Yahoo)。像我們也是這樣做。</P>
頁:
[1]