關於 Domainkey

yhenhen · 發表於 2007-9-20 13:47:40

馬上註冊，結交更多好友，享用更多功能，讓你輕鬆瀏覽論壇。

你需要登入才可以下載或檢視，沒有帳號？我要註冊

x

查詢mail server smtp in 紀錄檔,發現以下粗體字可能是對方信件無法寄入原因,我要如何處理

on 2007-09-17 20:43:08: Passing message through Spam Filter (Size: 2473)...
Mon 2007-09-17 20:43:11: * 15 MDAEMON_DK_FAIL MDaemon: failed DomainKeys verification
Mon 2007-09-17 20:43:11: * 0.0 HTML_MESSAGE BODY: HTML included in message
Mon 2007-09-17 20:43:11: * 0.2 HTML_90_100 BODY: Message is 90% to 100% HTML
Mon 2007-09-17 20:43:11: * 1.8 HTML_SHORT_COMMENT HTML is very short with HTML comments
Mon 2007-09-17 20:43:11: ---- End SpamAssassin results
Mon 2007-09-17 20:43:11: Spam Filter score/req: 17.01/14.0
Mon 2007-09-17 20:43:11: Message refused because spam score is too high
Mon 2007-09-17 20:43:11: --> 554 Sorry, message looks like SPAM to me
Mon 2007-09-17 20:43:16: <-- QUIT
Mon 2007-09-17 20:43:16: --> 221 See ya in cyberspace
Mon 2007-09-17 20:43:16: SMTP session terminated (Bytes in/out: 2622/445)

MarchFun · 發表於 2007-9-20 13:56:26

前往 Security -> SPF & Sender ID....裏面，將 DKIM Verify 的功能關掉。大部份的郵件伺服器都不會設定 DomainKeys，所以會造成問題。

yhenhen · 發表於 2007-9-20 14:32:02

我的 Mdaemin 8.1.3版本

查了一下cryptographic verification 下有兩個選項

verify signatures created using Domainkeys (DK) 預設為打勾

verify signatures created using Domainkeys Identified Mail (DKIM) 預設為不打勾

我要關閉哪一個ㄚ謝謝

MarchFun · 發表於 2007-9-20 14:37:11

除非你確定那些功能在做什麼，否則都把它關了。一般來說可以不必用。

yhenhen · 發表於 2007-9-21 10:29:28

Mdaemon 8.1.3版本

mail server 用了2年多,我的DK一直是預設值,最近有位客戶mail 大部份都收不到,log 所顯示訊息如下因為

DK Fail 所以導致mail server 判別為 spam ,但是其他公司寄郵件時都不會有MDAEMON_DK_FAIL MDaemon: failed DomainKeys verification 訊息,是程式BUG嗎???? 我現在要如何解決呢急件

Thu 2007-09-20 22:29:55: Session 3633; child 8; thread 1856
Thu 2007-09-20 22:29:10: Accepting SMTP connection from [18.23.56.35 : 48659]
Thu 2007-09-20 22:29:10: Performing PTR lookup (35.56.23.18.IN-ADDR.ARPA)
Thu 2007-09-20 22:29:10: * D=35.56.23.18.IN-ADDR.ARPA TTL=(1440) PTR=[dgate1.xxxxx.com]
Thu 2007-09-20 22:29:10: * Gathering A records...
Thu 2007-09-20 22:29:10: * D=dgate1.xxxxx.com TTL=(1338) A=[18.23.56.35]
Thu 2007-09-20 22:29:10: ---- End PTR results
Thu 2007-09-20 22:29:10: --> 220 aaa.bbb.com ESMTP MDaemon 8.1.3; Thu, 20 Sep 2007 22:29:10 +0800
Thu 2007-09-20 22:29:11: <-- EHLO dgate1.xxxxx.com
Thu 2007-09-20 22:29:11: Performing IP lookup (dgate1.xxxxx.com)
Thu 2007-09-20 22:29:12: * D=dgate1.xxxxx.com TTL=(1440) A=[18.23.56.35]
Thu 2007-09-20 22:29:12: ---- End IP lookup results
Thu 2007-09-20 22:29:12: --> 250-aaa.bbb.com Hello dgate1.xxxxx.com, pleased to meet you
Thu 2007-09-20 22:29:12: --> 250-ETRN
Thu 2007-09-20 22:29:12: --> 250-AUTH=LOGIN
Thu 2007-09-20 22:29:12: --> 250-AUTH LOGIN CRAM-MD5
Thu 2007-09-20 22:29:12: --> 250-8BITMIME
Thu 2007-09-20 22:29:12: --> 250 SIZE 11000000
Thu 2007-09-20 22:29:12: <-- MAIL FROM:<[email protected]> SIZE=20758
Thu 2007-09-20 22:29:12: Performing IP lookup (xxxxx.com)
Thu 2007-09-20 22:29:13: * D=xxxxx.com TTL=(1440) A=[18.23.56.11]
Thu 2007-09-20 22:29:14: * P=020 D=xxxxx.com TTL=(60) MX=[ugate1.xxxxx.com] {65.33.22.232}
Thu 2007-09-20 22:29:14: * P=010 D=xxxxx.com TTL=(60) MX=[dgate2.xxxxx.com] {18.23.56.36}
Thu 2007-09-20 22:29:14: * P=010 D=xxxxx.com TTL=(60) MX=[dgate1.xxxxx.com] {18.23.56.35}
Thu 2007-09-20 22:29:14: ---- End IP lookup results
Thu 2007-09-20 22:29:14: --> 250 <[email protected]>, Sender ok
Thu 2007-09-20 22:29:14: <-- RCPT TO:<[email protected]>
Thu 2007-09-20 22:29:14: Performing DNS-BL lookup (18.23.56.35 - connecting IP)
Thu 2007-09-20 22:29:14: * sbl-xbl.spamhaus.org - passed
Thu 2007-09-20 22:29:34: * opm.blitzed.org - timed out (10 second wait)
Thu 2007-09-20 22:29:44: * relays.ordb.org - timed out (10 second wait)
Thu 2007-09-20 22:29:44: * bl.spamcop.net - passed
Thu 2007-09-20 22:29:44: ---- End DNS-BL results
Thu 2007-09-20 22:29:44: --> 250 <[email protected]>, Recipient ok
Thu 2007-09-20 22:29:45: <-- RCPT TO:<[email protected]>
Thu 2007-09-20 22:29:45: --> 250 <[email protected]>, Recipient ok
Thu 2007-09-20 22:29:45: <-- DATA
Thu 2007-09-20 22:29:45: Creating temp file (SMTP): c:\mdaemon\queues\temp\md50000826337.tmp
Thu 2007-09-20 22:29:45: --> 354 Enter mail, end with <CRLF>.<CRLF>
Thu 2007-09-20 22:29:46: Message size: 21494 bytes
Thu 2007-09-20 22:29:46: Performing DomainKeys lookup (Sender: [email protected])
Thu 2007-09-20 22:29:46: * Message-ID: [email protected]
Thu 2007-09-20 22:29:46: * Signature (1): s=s768; d=xxxxx.com; c=nofws; q=dns; h=Received:X-SBRSScore:X-IronPort-AV:Received:Received: From:To:CCate:Subject:Thread-Topic:Thread-Index: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:
Thu 2007-09-20 22:29:46: *    Querying: s768._domainkey.xxxxx.com ...
Thu 2007-09-20 22:29:46: *    Key record (cached): t=y; k=rsa; p=<not logged>
Thu 2007-09-20 22:29:46: *    Verification result: [1] bad - (testing)
Thu 2007-09-20 22:29:46: * Querying for policy: xxxxx.com
Thu 2007-09-20 22:29:46: *    Querying: _domainkey.xxxxx.com ...
Thu 2007-09-20 22:29:47: *    DNS: Name server has no records of the requested type for that domain
Thu 2007-09-20 22:29:47: * Result: pass
Thu 2007-09-20 22:29:47: ---- End DomainKeys results
Thu 2007-09-20 22:29:47: Passing message through AntiVirus (Size: 21494)...
Thu 2007-09-20 22:29:47: * Message is clean (no viruses found)
Thu 2007-09-20 22:29:47: ---- End AntiVirus results
Thu 2007-09-20 22:29:47: Passing message through Spam Filter (Size: 21494)...
Thu 2007-09-20 22:29:50: *   15 MDAEMON_DK_FAIL MDaemon: failed DomainKeys verification
Thu 2007-09-20 22:29:50: * 0.0 HTML_60_70 BODY: Message is 60% to 70% HTML
Thu 2007-09-20 22:29:50: * 0.0 HTML_MESSAGE BODY: HTML included in message
Thu 2007-09-20 22:29:50: * 0.1 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
Thu 2007-09-20 22:29:50: ---- End SpamAssassin results
Thu 2007-09-20 22:29:50: Spam Filter score/req: 15.14/14.0
Thu 2007-09-20 22:29:50: Message refused because spam score is too high
Thu 2007-09-20 22:29:50: --> 554 Sorry, message looks like SPAM to me
Thu 2007-09-20 22:29:55: <-- QUIT
Thu 2007-09-20 22:29:55: --> 221 See ya in cyberspace
Thu 2007-09-20 22:29:55: SMTP session terminated (Bytes in/out: 21683/493)
Thu 2007-09-20 22:29:55: ----------

MarchFun · 發表於 2007-9-21 11:06:49

已經告訴你囉！DomainKeys 一般來說目前的習慣還用不到，請不要開啟檢查 DomainKeys 的功能，對方的信就可以寄進來了。

MarchFun · 發表於 2007-9-21 11:21:22

補充說明，以前行不代表永遠都行！對方設定的 Domainkey 網域金鑰會因為某些原因造成金鑰過期或失效，這時候你又對它進行檢查，一旦檢查不過當然就不放行。問題是哪有那麼多時間去向對方解釋說他們的 Domainkey 已經失效或過期。最好的辦法就是將你這邊的檢查關閉。

說真的 Domainkey 這種東西還不是很風行，大部份的郵件伺服器都不會去設定 Domainkey，所以你開啟檢查其實沒有什麼太大作用。

yhenhen · 發表於 2007-9-21 12:29:11

Mdaemon 用了2年多, 第一次碰到此問題,yahoo 也有使用到此DomainKey機制,但是收發都正常,目前維獨那一家客戶mail 寄不進來,也許是你所說的過期/失效問題,那只好關閉它吧

MarchFun · 發表於 2007-9-21 12:52:32

你可能有點誤會我的意思。

我建議的是「關閉 DomainKey 的檢查」而不是「關閉你自己的 DomainKey」。你可以不檢查別人的 DomainKey，但還是可以開啟自己的 DomainKey 讓別人去檢查 (比方 Yahoo)。像我們也是這樣做。

		自動登入	取回密碼
密碼			我要註冊

[已解決] 關於 Domainkey

馬上註冊，結交更多好友，享用更多功能，讓你輕鬆瀏覽論壇。

預設關閉功能

急件---關於Domainkey