On Wed, Jul 30, 2008 at 09:36:42PM -0500, Jim Hermann - UUN Hostmaster <[EMAIL PROTECTED]> wrote: > Are these _domainkey records correctly formated? My DKIM installation can't > seem to decipher them. > > > _domainkey.mcsv16.net. 85699 IN TXT "t=y\; o-~\;"
That's a DomainKeys policy record. The DKIM spec doesn't support DomainKeys policy, and neither does the dkim-milter. > [the next one has spaces in the middle of the public key, between the cKF > and 6M9, and between the Bgm and E2Q] > > _domainkey.xxxxxx.org. 12597 IN TXT "k=rsa\; > p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhALJZAMpBC6ilsZwTDs3LOvfflc/dw1ojod91u9D9yr > BcKF 6M92uqm1rO7gTKGjzjCwhDDn7DH/BjWdOoFF4tefI > G3IrnXJC6Ksr4cJBKQa6BlbfSFcXSAOTZqBgm E2QIDAQAB\;" > > [this one has one space in the public key, between the vnY and x8n] > > _domainkey.xxxxxx.org. 14027 IN TXT "k=rsa\; > p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOFWhREX4p485tiNcoT1CcF7aDSvnY > x8nOfblHKpiIE/Kqnbj6p4V1luSAAvZ3PDixxYwR5UaUK8HpIw8hli1DuMSGM22aLuSVLaqiOpR6 > 7BbwGHaPin1WtnN6p0oMhnQIDAQAB\;" > > [more public keys with spaces] > > _domainkey.bstock.com. 14400 IN TXT "k=rsa\; > p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOfIFkk2xLlxqnr8vMCLfMSsTh/aNNUz/Sk1yecLJx > ETWNrlD99uyg k5cVQTcfcAY > vYHUWumONgzA1059NyAqxAVR0HvfW0b1TlLOT1Wy3IiymNC2GzHpVIg7NewAOrQIDAQAB\;" Aside from the spaces in the key (which would certainly break it), all of these are incorrect by virtue of being at _domainkey.<domain>. Each key must have a selector name attached, and that selector should be the first part of the DNS label. For example, I'm currently using the selector "mail", so my DKIM key is in DNS as such: mail._domainkey.markley.org IN TXT "v=DKIM1\; k=rsa\; t=y\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY8qM22+BZVHexjzQUufK/E1TIZbJgRt98MeMiK8CI0W01mJ/C71Ysh2EyK8CHw2wWKqij9ewHIj/Oj/+diW0SIc0B4rfBPw1rAYaXvqX725/NSVVbKOhjujLk4cDec5NclR0D8t0dwwrk9rbfIIjPrlpfXGPgTbfaDP0tvR9XPwIDAQAB" Regarding your other questions for the list: The first issue looks like an OpenSSL error, possibly caused by a broken key being published; you should check and see if the messages causing those errors are coming from a consistent sending domain or small set of sending domains. Also, 2.7.0 is the current stable release of dkim-milter. There was a beta release of it previously available, which may be the source of your confusion. I believe that was labelled as such in the version number. -- Mike Markley <[EMAIL PROTECTED]> ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
