Milter Reject on Yahoo Mail

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Milter Reject on Yahoo Mail

Chris Babcock-7
Just before the fourth of July weekend, Yahoo made some changes with
their mail configuration. At which point my postscript install started
rejecting Yahoo and BTI mail as follows:

# grep B74659480C9: /var/log/maillog
Jul 12 15:09:23 cl-t090-563cl postfix-ak/smtpd[14148]: B74659480C9: client=web37601.mail.mud.yahoo.com[209.191.87.84]
Jul 12 15:09:23 cl-t090-563cl postfix-ak/cleanup[14153]: B74659480C9: message-id=<[hidden email]>
Jul 12 15:09:23 cl-t090-563cl dkim-filter[1918]: B74659480C9: syntax error: syntax error in policy data
Jul 12 15:09:23 cl-t090-563cl postfix-ak/cleanup[14153]: B74659480C9: milter-reject: END-OF-MESSAGE from web37601.mail.mud.yahoo.com[209.191.87.84]: 5.7.1 Command rejected; from=<[hidden email]> to=<[hidden email]> proto=SMTP helo=<web37601.mail.mud.yahoo.com>


This is my configuration:

# postconf -n -c /etc/postfix-asciiking
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
alternate_config_directories = /etc/postfix-worldmasters /etc/postfix-notaduck /etc/postfix-asciiking /etc/postfix-classicalacupunctureone /etc/postfix
config_directory = /etc/postfix-asciiking
inet_interfaces = 70.38.5.65
milter_default_action = accept
mydestination = localhost.$mydomain localhost
mydomain = asciiking.com
myhostname = $mydomain
mynetworks = 127.0.0.0/8 70.38.5.64/29
myorigin = $mydomain
owner_request_special = no
queue_directory = /var/spool/postfix-asciiking
recipient_delimiter = +
smtpd_banner = $myhostname ESMTP Chris Babcock 602-859-1689
smtpd_client_restrictions = reject_non_fqdn_recipient reject_non_fqdn_sender reject_unknown_sender_domain permit_mynetworks reject_unauth_destination reject_multi_recipient_bounce reject_non_fqdn_hostname reject_invalid_hostname
smtpd_helo_required = yes
syslog_name = postfix-ak
transport_maps = hash:/etc/postfix-asciiking/transport
unknown_local_recipient_reject_code = 450
virtual_alias_domains = asciiking.com, members.asciiking.com
virtual_alias_maps = hash:/etc/postfix-asciiking/virtual

These are commented out of my main.cf to allow Yahoo mail through:
#smtpd_milters = unix:/var/run/dkim-milter/dkim.sock
#non_smtpd_milters = unix:/var/run/dkim-milter/dkim.sock

I need to be sure that "syntax error: syntax error in policy data"
means the policy data the is being supplied by Yahoo, i.e. their public
keys or the syntax of their DKIM record, and that "milter_default_action
= accept" rules out any possibility that a bug in my Postfix or milter
configuration was exposed by the Yahoo changes.

Chris


signature.asc (500 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Milter Reject on Yahoo Mail

Noel Jones-2
Chris Babcock wrote:

> Just before the fourth of July weekend, Yahoo made some changes with
> their mail configuration. At which point my postscript install started
> rejecting Yahoo and BTI mail as follows:
>
> # grep B74659480C9: /var/log/maillog
> Jul 12 15:09:23 cl-t090-563cl postfix-ak/smtpd[14148]: B74659480C9: client=web37601.mail.mud.yahoo.com[209.191.87.84]
> Jul 12 15:09:23 cl-t090-563cl postfix-ak/cleanup[14153]: B74659480C9: message-id=<[hidden email]>
> Jul 12 15:09:23 cl-t090-563cl dkim-filter[1918]: B74659480C9: syntax error: syntax error in policy data
> Jul 12 15:09:23 cl-t090-563cl postfix-ak/cleanup[14153]: B74659480C9: milter-reject: END-OF-MESSAGE from web37601.mail.mud.yahoo.com[209.191.87.84]: 5.7.1 Command rejected; from=<[hidden email]> to=<[hidden email]> proto=SMTP helo=<web37601.mail.mud.yahoo.com>
>
>
> This is my configuration:
>
> # postconf -n -c /etc/postfix-asciiking
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> alternate_config_directories = /etc/postfix-worldmasters /etc/postfix-notaduck /etc/postfix-asciiking /etc/postfix-classicalacupunctureone /etc/postfix
> config_directory = /etc/postfix-asciiking
> inet_interfaces = 70.38.5.65
> milter_default_action = accept
> mydestination = localhost.$mydomain localhost
> mydomain = asciiking.com
> myhostname = $mydomain
> mynetworks = 127.0.0.0/8 70.38.5.64/29
> myorigin = $mydomain
> owner_request_special = no
> queue_directory = /var/spool/postfix-asciiking
> recipient_delimiter = +
> smtpd_banner = $myhostname ESMTP Chris Babcock 602-859-1689
> smtpd_client_restrictions = reject_non_fqdn_recipient reject_non_fqdn_sender reject_unknown_sender_domain permit_mynetworks reject_unauth_destination reject_multi_recipient_bounce reject_non_fqdn_hostname reject_invalid_hostname
> smtpd_helo_required = yes
> syslog_name = postfix-ak
> transport_maps = hash:/etc/postfix-asciiking/transport
> unknown_local_recipient_reject_code = 450
> virtual_alias_domains = asciiking.com, members.asciiking.com
> virtual_alias_maps = hash:/etc/postfix-asciiking/virtual
>
> These are commented out of my main.cf to allow Yahoo mail through:
> #smtpd_milters = unix:/var/run/dkim-milter/dkim.sock
> #non_smtpd_milters = unix:/var/run/dkim-milter/dkim.sock
>
> I need to be sure that "syntax error: syntax error in policy data"
> means the policy data the is being supplied by Yahoo, i.e. their public
> keys or the syntax of their DKIM record, and that "milter_default_action
> = accept" rules out any possibility that a bug in my Postfix or milter
> configuration was exposed by the Yahoo changes.
>
> Chris
>

Yes, the message was rejected by your DKIM policy action.  The
postfix default_milter_action only triggers when the milter
cannot be contacted.  If you want to accept mail that fails
DKIM, see the dkim-filter documentation.


   -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Milter Reject on Yahoo Mail

Sahil Tandon
In reply to this post by Chris Babcock-7
On Sun, 12 Jul 2009, Chris Babcock wrote:

> Just before the fourth of July weekend, Yahoo made some changes with
> their mail configuration. At which point my postscript install started
> rejecting Yahoo and BTI mail as follows:
>
> # grep B74659480C9: /var/log/maillog
> Jul 12 15:09:23 cl-t090-563cl postfix-ak/smtpd[14148]: B74659480C9: client=web37601.mail.mud.yahoo.com[209.191.87.84]
> Jul 12 15:09:23 cl-t090-563cl postfix-ak/cleanup[14153]: B74659480C9: message-id=<[hidden email]>
> Jul 12 15:09:23 cl-t090-563cl dkim-filter[1918]: B74659480C9: syntax error: syntax error in policy data
> Jul 12 15:09:23 cl-t090-563cl postfix-ak/cleanup[14153]: B74659480C9: milter-reject: END-OF-MESSAGE from web37601.mail.mud.yahoo.com[209.191.87.84]: 5.7.1 Command rejected; from=<[hidden email]> to=<[hidden email]> proto=SMTP helo=<web37601.mail.mud.yahoo.com>
>
> I need to be sure that "syntax error: syntax error in policy data"
> means the policy data the is being supplied by Yahoo, i.e. their public
> keys or the syntax of their DKIM record, and that "milter_default_action
> = accept" rules out any possibility that a bug in my Postfix or milter
> configuration was exposed by the Yahoo changes.

I suspect your errors have nothing to do with Postfix.  And FWIW, my server
has received multiple mails from yahoo.com since July 4th that all verified
with DKIM.  You might have better luck asking for help on the dkim-milter
list and reading docs/dkim_policy_syntax.html and docs/dkim_stat.html; see
in particular the explanation of DKIM_STAT_SYNTAX return value:

DKIM_STAT_SYNTAX is returned to indicate required data could not be extracted
from the arriving message to be signed or verified, or if a selector (public
key) record returned from a DNS query could not be parsed (e.g. corrupted,
wrong format, etc.).

--
Sahil Tandon <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

SOLVED (Probably) Re: Milter Reject on Yahoo Mail

Chris Babcock-7
In reply to this post by Noel Jones-2
On Sun, 12 Jul 2009 15:12:24 -0500
Noel Jones <[hidden email]> wrote:

> Yes, the message was rejected by your DKIM policy action.  The
> postfix default_milter_action only triggers when the milter
> cannot be contacted.  If you want to accept mail that fails
> DKIM, see the dkim-filter documentation.

I sent a message to a verifier, which provided this helpful clue:

        Please note that the DKIM filter signing this reply message
        conforms to the latest IETF draft version, and thus may not be
        successfully verified by older implementations.

Thank you all,
Chris


signature.asc (500 bytes) Download Attachment