Created attachment 1188215 [details] Patch file from https://lists.amavis.org/pipermail/amavis-users/2016-July/004428.html Description of problem: Hello, after updating to the latest amavisd-new package I noticed that DKIM signing no longer works with existing configs. Running amavisd-new in debug mode, I can confirm that locally generated mail (in this example sent from root to another local user) is getting routed to the corrected port for the ORIGINATING policy bank (10026): Aug 6 18:36:05.865 cipixia.com /usr/sbin/amavisd[2709]: (02709-01) LMTP :10026 /var/spool/amavisd/tmp/amavis-20160806T183605-02709-mYQagKcY: <root> -> <matt> Received: from cipixia.com ([127.0.0.1]) by localhost (cipixia.com [127.0.0.1]) (amavisd-new, port 10026) with LMTP for <matt>; Sat, 6 Aug 2016 18:36:05 +0200 (CEST) but then a little bit later it decides that the mail is not considered originating (relevant bits pasted from log): Aug 6 18:36:05.905 cipixia.com /usr/sbin/amavisd[2709]: (02709-01) Checking: wVqqBSZuYzR0 ORIGINATING [127.0.0.1] <root> -> <matt> ... ... Aug 6 18:36:05.906 cipixia.com /usr/sbin/amavisd[2709]: (02709-01) Open relay? Nonlocal recips but not originating: matt ... ... Aug 6 18:36:05.931 cipixia.com /usr/sbin/amavisd[2709]: (02709-01) dkim: not signing mail which is not originating from our site I Googled around and found this relevant post on the amavisd-new mailing list, which actually solved my problem: https://lists.amavis.org/pipermail/amavis-users/2016-July/004428.html In the related message, Giovanni provides a simple patch for /usr/sbin/amavisd that restores expected functionality. I tested this patch against my current amavisd-new install by applying it like so: patch -b /usr/sbin/amavisd < /tmp/amavisd_dkim_fix.patch I then reran the the same test as before by sending an email from root to another localhost user with amavisd-new in debug mode, and the output now shows the expected behavior: Aug 6 18:44:48.246 cipixia.com /usr/sbin/amavisd[2882]: (02882-01) LMTP :10026 /var/spool/amavisd/tmp/amavis-20160806T184448-02882-LhR01zY9: <root> -> <matt> Received: from cipixia.com ([127.0.0.1]) by localhost (cipixia.com [127.0.0.1]) (amavisd-new, port 10026) with LMTP for <matt>; Sat, 6 Aug 2016 18:44:48 +0200 (CEST) ... ... Aug 6 18:44:48.286 cipixia.com /usr/sbin/amavisd[2882]: (02882-01) Checking: r89s629QBf_0 ORIGINATING [127.0.0.1] <root> -> <matt> ... ... Aug 6 18:44:48.309 cipixia.com /usr/sbin/amavisd[2882]: (02882-01) dkim: candidate originators: From:<root> .. .. Aug 6 18:44:48.310 cipixia.com /usr/sbin/amavisd[2882]: (02882-01) dkim: signing (author), From: <root> (From:<root>), KEY.key_ind=>0, a=>rsa-sha256, c=>relaxed/simple, d=>cipixia.com, s=>dkimkey, ttl=>1814400, x=>1472316289 and so on. I am not subscribed to the amavisd user's mailing list so I'm not sure if the upstream developers have responded to or acknowledged Giovanni's message, but his patch worked for me and solved the issue. Version-Release number of selected component (if applicable): amavisd-new-2.11.0-3.fc24.noarch How reproducible: Always Steps to Reproduce: 1. Setup dkim signing for the originating policy bank 2. Verify in the logs that your test mail is being routed to the correct port 3. Observe that dkim signing is not performed and the message is not considered "local", despite being in the right policy bank Actual results: No dkim signing, log messages indicate local mail is not considered as originating. Expected results: Dkim signing performed and triggered by ORIGINATING mail Additional info: I've attached the patch from the mailing list to this bug, for convenience
amavisd-new-2.11.0-4.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ff4ff1572
amavisd-new-2.11.0-4.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-e2ac9d7455
amavisd-new-2.11.0-4.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-6c44ba32a8
amavisd-new-2.11.0-4.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ff4ff1572
amavisd-new-2.11.0-4.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-6c44ba32a8
amavisd-new-2.11.0-4.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-e2ac9d7455
Hello, I just upgraded to amavisd-new-2.11.0-4.fc24.noarch via the updates-testing repo and verified that I was able to verify that dkim signing works again for ORIGINATING mail. This issue is fixed for me - thank you!
amavisd-new-2.11.0-4.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
amavisd-new-2.11.0-4.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
amavisd-new-2.11.0-4.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.