Hello all,
I’m pulling my hair out with DKIM in ASSP and not sure where else I can look.
Inbound DKIM works fine. Mail validates and passes.
Outbound mail is a different story.
In /usr/local/assp/dkim/dkimconfig.txt I have the following for my domain
<XXXX.com>
<dkim>
Algorithm=rsa-sha1
Method=relaxed/relaxed
Headers=From:Subject:To
KeyFile=/usr/local/assp/certs/dkim-dkim-XXXX.com.key
Mode=DKIM
</dkim>
</semperen.com>
The key is 2048 bits and is generated by
https://easydmarc.com/tools/dkim-record-generator
<https://easydmarc.com/tools/dkim-record-generator>. I trimmed down the
Headers to just From, Subject and To which shouldn’t be calculated or change at
all.
I know it’s picking up the key because when it’s in place, it generates a “bad
RSA signature” in https://dkimvalidator.com/results
<https://dkimvalidator.com/results>. If I remove the private key file, no sig
is generated in the headers at all. Google also shows only the SPF header as
matching and completely skips over the DKIM status when the key file is
missing. DMARC passes because the policy is set to SPF or DKIM need to pass,
not both. rsa-sha1 is listed in the DKIM sig and k=rsa is in the public key.
My public key is published in the DNS for XXXX.com <http://xxxx.com/>. I’ve
verified it’s there by doing a "dig @nameserver dkim._domainkey.XXXX.com
<http://domainkey.xxxx.com/> +short". It matches what is in the DKIM generator.
I know the DKIM generator is generating valid sigs because it outputs the
public and private keys in PEM format also. I’m able to sign a file and decode
it with the public and private keys just fine.
So, I’m at wits end. Is there a way to mimic what Mail:DKIM is doing? Is it
as simple as extracting the headers to From, Subject and To in that order then
trying to sign them from the command line.
Any other debugging advice?
Thanks in advance for any advice.
Eric
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
