Hi,
I removed the g= bit and added v=DKIM1 from my DNS. The old error went
away, but when I send an email to autoresponder
at [EMAIL PROTECTED] I now get a new failure message:
Result: DKIM signature NOT confirmed
Description: Signature verification failed; signature
is missing or key could not be found
Authentication-Results:
sendmail.net [EMAIL PROTECTED]<[EMAIL PROTECTED]>;
sender-id=neutral;
spf=neutral
Below is the dkim.conf (configuration file) that I am runing against
"dkim-filter -x dkim.conf":
Canonicalization relaxed/relaxed
Mode s
X-Header True
SubDomains True
Domain prog.devbms.com
#ExternalIgnoreList ftp.example.com
KeyFile /etc/mail/brandmail/keys/prog.devbms.com.priv.pem
Selector 9999
SignatureAlgorithm rsa-sha1
Socket inet:[EMAIL PROTECTED]
Syslog Yes
Userid mailnull
Thanks.
On 8/15/07, Murray S. Kucherawy <[EMAIL PROTECTED]> wrote:
>
> Andy's one step ahead of what I was about to do. My own comments are
> inline.
>
> On Wed, 15 Aug 2007, Andy Fiddaman wrote:
> > So, it seems that your DKIM key as published in the DNS is incorrectly
> > formatted. Here it is (I've replaced the public key with ... for
> brevity)
> >
> > 889459772._domainkey.prog.devbms.com.
> > "g=\; k=rsa\; t=y\; p=..."
> >
> > The g=<empty string> will make that key match no addresses, that's
> > probably your problem. Although the milter does recognise this
> > internally as a granularity mismatch, it then converts that to a generic
> > DNS syntax error..
>
> Yes, that's the problem. I walked it through the code to make sure.
>
> I'll see about improving the error reporting out from that case.
>
> > I'd remove the g= bit from your DNS (or replace with g=*).
>
> That should solve the problem.
>
> > It's also probably a good idea to add v=DKIM1 in there (although that
> > shouldn't be causing your problem).
>
> The spec says this is recommended, but not necessary.
>
> -MSK
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems? Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> dkim-milter-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
dkim-milter-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
