Using any of the amavisd-new-2.11.0 packages will actually prevent the DKIM signing of massages based on $policy_bank assignment to local messages. amavisd config (relevant part) same config worked with 2.10 : $enable_dkim_verification = 1; # enable DKIM signatures verification $enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key dkim_key('xxx', 'main', 'xxx'); $inet_socket_port = [10024,10026]; # listen on multiple TCP ports $interface_policy{'10026'} = 'SUBMISSION'; $policy_bank{'SUBMISSION'} = { originating => 1, } The result is : (23155-01) Passed CLEAN {RelayedOpenRelay}, SUBMISSION [XXX]:25832 [XXX] <aaa@bbb> -> <ccc@ddd>, Queue-ID: 8F23A18020E, Message-ID: <9912709B-2372-40FF-9D0A-0AC7508B01FD@bbb>, mail_id: 732K2Zxn38dJ, Hits: -2.899, size: 7856, queued_as: D53B1181FA3, 200 ms Instead of: (24730-01) Passed CLEAN {RelayedOutbound}, SUBMISSION LOCAL [xxx]:34941 [xxx] <aaa@bbbt> -> <ccc@ddd>, Queue-ID: 4281C18020E, Message-ID: <5DB29AC6-A487-48FB-91AB-0BD88C572497@bbb>, mail_id: qXqj3D31-FBN, Hits: -2.899, size: 7856, queued_as: 89204181FA9, dkim_new=main:bbb, 193 ms
Fix is available here: https://lists.amavis.org/pipermail/amavis-users/2016-July/004428.html After patching amavisd 2.11.0-r3 everything works as expected.
I've also experienced this bug. After the update from 2.10.1-x, amavisd-new stops DKIM signing without any real error output (on production log level), so this is quite hard to detect and to debug. The mentioned patch below also fixed the issue for me. (In reply to Marcel Pennewiß from comment #1) > Fix is available here: > https://lists.amavis.org/pipermail/amavis-users/2016-July/004428.html > > After patching amavisd 2.11.0-r3 everything works as expected.
Can we get this patch in portage? I just spent an hour trying to figure out why I wasn't able to set up DKIM signing with amavisd-new until I found the above patch.
(In reply to Marcel Pennewiß from comment #1) > Fix is available here: > https://lists.amavis.org/pipermail/amavis-users/2016-July/004428.html > > After patching amavisd 2.11.0-r3 everything works as expected. Agreed. After patching amavisd 2.11.0-r3 per the link above, DKIM signing of mail tagged as originating via a policy bank works as it was previously.
(In reply to Marcel Pennewiß from comment #1) > Fix is available here: > https://lists.amavis.org/pipermail/amavis-users/2016-July/004428.html > > After patching amavisd 2.11.0-r3 everything works as expected. Same here! I also spent about one hour to find out why Amavis isn't DKIM signing any more. The above patch fixed my problem with amavisd-new-2.11.0-r3. So if there is anybody responsible, it would be fine if this patch would find its way into the portage tree :)
I have also patched amavisd-new locally due to this bug, and I would appreciate having a patch integrated in a Gentoo ebuild, especially given that the last official release of amavisd-new was almost two years ago and I don't remember hearing from Mark Martinec ever since.
Same problem here. Local patch works but finding the bug and patch takes quite some time so please include the patch in the ebuild.
Created attachment 549204 [details, diff] dkim.patch All you guys only spent one hour to solve this issue? I must admit that I needed at least two hours - or was it three? At the end I put the attached patch into the directory /etc/portage/patches/mail-filter/amavisd-new-2.11.0-r3/ Having this in the portage tree would be very helpful!
I created a pull request for an updated ebuild that contains the patch.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c056ed59671c776f39ce1360a6a1b0fb0f16b900 commit c056ed59671c776f39ce1360a6a1b0fb0f16b900 Author: Ralph Seichter <github@seichter.de> AuthorDate: 2018-10-05 04:23:32 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-10-05 04:23:32 +0000 mail-filter/amavisd-new: DKIM signing bugfix amavisd-new version 2.11.0 introduced a bug which breaks DKIM signing for outbound mail. This ebuild adds a patch which fixes the issue. Closes: https://bugs.gentoo.org/603582 Signed-off-by: Ralph Seichter <gentoo@seichter.de> Closes: https://github.com/gentoo/gentoo/pull/10058 Package-Manager: Portage-2.3.49, Repoman-2.3.10 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> .../amavisd-new/amavisd-new-2.11.0-r4.ebuild | 184 +++++++++++++++++++++ .../amavisd-new/files/amavisd-2.11.0-dkim.patch | 12 ++ 2 files changed, 196 insertions(+)
The new ebuild is now available in the stable branch. To use it, you need to add "mail-filter/amavisd-new ~amd64" to your package masks.