SM schrieb:
>> At first sight, everything looks well. However, there's a log message
>> which is a bit confusing:
>>
>> Jan 3 23:09:26 valmar dkim-filter[952]: 3C9D8342EEEF SSL
>> error:04067069:rsa routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 padding too
>> short
>
> That warning should not occur on successful verification. I'm copying
> this DKIM signed message to you for testing.
Which worked quite well. I have this in the mail headers:
Authentication-Results: mailer.dawnlink.net; dkim=pass (1024-bit key)
[email protected]; dkim-asp=none
And I have proper statistic counters:
# dkim-stats /var/run/dkim-filter/dkim-stats | grep resistor
resistor.net:0/0 1 pass/0 fail, last l=0, a=1, Sun Jan 4 18:24:38 2009
So, apparently, signature verification works fine.
However, I also have this in the logs (again):
Jan 4 18:24:39 mailer dkim-filter[952]: 49CC4342EEEF SSL
error:04067069:rsa routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 padding too short
According to /var/log/mail.log queue id 49CC4342EEEF is the carbon copy
of the mail you have sent me.
As I already have pointed out "padding too short" is the _only_ message
I got. When searching the mailing list archives I found out that in all
other error descriptions this log line was followed by a "bad signature"
error, which is not the case here.
>> Any thoughts about that? Is there something misconfigured?
>
> Which version of OpenSSL are you using?
# dpkg -l | grep ssl
ii libssl0.9.8 0.9.8c-4etch3
SSL shared libraries
ii openssl 0.9.8c-4etch3
Secure Socket Layer (SSL) binary and related
It's an OpenSSL 0.9.8c, but Debian has patched it to include all the
latest security patches.
Thanks for any suggestions.
Regards,
thomas.
------------------------------------------------------------------------------
_______________________________________________
dkim-milter-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
