5

A question if this is normal DKIM behaviour. When sending an email from mydomain it adds it with a signature, and it looks good. But when receiving an email from outside, say outlook.com, i get below:

Is "not authenticated" normal behaviour? It does say DKIM verification successful, but i'm slightly worried about the messages preceding it.

Aug 13 09:39:37 www opendkim[13789]: 50CDC63F63: mail-
oln040092065020.outbound.protection.outlook.com [40.92.65.20] not internal
Aug 13 09:39:37 www opendkim[13789]: 50CDC63F63: not authenticated
Aug 13 09:39:37 www opendkim[13789]: 50CDC63F63: failed to parse 
authentication-results: header field
Aug 13 09:39:37 www opendkim[13789]: 50CDC63F63: DKIM verification successful
Aug 13 09:39:37 www postfix/qmgr[14386]: 50CDC63F63: from=
<me@outlook.com>, size=5304, nrcpt=1 (queue active)
sebix
  • 4,313
  • 2
  • 29
  • 47
user431710
  • 71
  • 1
  • 5

1 Answers1

8

The message seems to come from here in OpenDIM

authtype = dkimf_getsymval(ctx, "{auth_type}");

...

if (authtype == NULL || authtype[0] == '\0')
{
    syslog(LOG_INFO, "%s: not authenticated",
           dfc->mctx_jobid);
}

I'm not 100% on where {auth_type} comes from, but I did find the following in Postfix milter docs 

{auth_type} MAIL, DATA, EOH, EOM    SASL login method

All in all it seems there is a good chance it's just logging whether the client is authenticated against the SMTP server, which is unlikely (and expected) for inbound mail.

USD Matt
  • 5,381
  • 15
  • 23
  • So we're saying that it's unlikely for inbound mail from outlook to authenticate so authtype will be 0. That makes sense i guess. DKIM verification succesful is meant for the inbound mail received from outlook correct, so it does seem to work ok. – user431710 Aug 18 '17 at 12:38
  • 3rd party servers will not authenticate against your server when delivering you email (so yes `auth_type` will be empty or null). Authentication is normally used by end users who want to relay out through your server. `verification successful` means the message was DKIM signed and the signature was valid. – USD Matt Aug 18 '17 at 12:42
  • I can confirm that this is not logged for mails from authenticated clients. – sebix Aug 18 '17 at 13:24