[qmailtoaster] Re: Domainkeys Problems

Eric Shubert
Thu, 04 Feb 2010 08:32:01 -0800

The domainkeys code in QMT is known to be a bit buggy, but that has onlybeen on checking, not signing ttbomk. Is there something perhaps in thecontent of your test that is triggering a malfunction? IOW, how simpleis the content in your test message? If it's trivial text, then I'dsuspect that your configuration has an issue. Perhaps your pub/privatekeys got mixed up somehow?

You might want to generate a new key pair and reinstall them to be sure.Or, I believe there's a way to validate that the keys you're usingbelong together. I'm not that familiar with openssl off hand to tell youhow to do that.


John Raley wrote:

I just ran these again today and they failed on Domainkeys test. I set this
up about a month ago so DNS should have updated already.

I used sa-t...@sendmail.net with the following results:

Authentication System:       DomainKeys Identified Mail

Result: (no result present)Reporting host:More information: http://mipassoc.org/dkim/

   Sendmail milter:          https://sourceforge.net/projects/dkim-milter/

Authentication System: Domain KeysResult: DK signature confirmed BAD

   Description:              Signature verification failed, message may have
been tampered with or corrupted

Reporting host: sendmail.netMore information: http://antispam.yahoo.com/domainkeys

   Sendmail milter:
https://sourceforge.net/projects/domainkeys-milter/

Authentication System: Sender IDResult: SID data confirmed GOOD

   Description:              Sending host is authorized for sending domain

Reporting host: sendmail.netMore information: http://www.microsoft.com/senderid

   Sendmail milter:          https://sourceforge.net/projects/sid-milter/

Authentication System:       Sender Permitted From (SPF)
   Result:                   SPF data confirmed GOOD
   Description:              Sending host is authorized for sending domain

Reporting host: sendmail.netMore information: http://spf.pobox.com/


And I also used email-t...@qmailtoaster.com with the results:

Here are the spamassassin headers from this server:

No, score=0.6 required=5.0 tests=AWL,DK_POLICY_SIGNALL,
DK_SIGNED,HTML_MESSAGE,RDNS_NONE autolearn=no version=3.2.5

Return path was: "John Raley" <j...@fmcfinance.net>

Original test request was sent using:

SPF Record:     PASS

Sent from a valid domain:     PASS

DomainKey:      FAIL

Odd. In that case, what services did you test with that did not work?
And when did you enable Domainkeys? Is it possible that your updated
DNS information had not yet spread and that those services were using
cached (and therefor wrong) DNS information. E.g. they might not have
been able to see the selector or policy record...

--
"Corporation. An ingenious device for obtaining individual profit
without individual responsibility."

Bierce, Ambrose




---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
    Vickers Consulting Group offers Qmailtoaster support and installations.
      If you need professional help with your setup, contact them today!



--
-Eric 'shubes'


---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

    For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Reply via email to