At 10:30 05-01-2009, Thomas Bader wrote: >And I have proper statistic counters: > ># dkim-stats /var/run/dkim-filter/dkim-stats | grep resistor >resistor.net:0/0 1 pass/0 fail, last l=0, a=1, Sun Jan 4 18:24:38 2009 > >So, apparently, signature verification works fine. > >However, I also have this in the logs (again): > >Jan 4 18:24:39 mailer dkim-filter[952]: 49CC4342EEEF SSL >error:04067069:rsa routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 padding too short
According to my reading of the OpenSSL code, the above should lead to a failed verification. That error occurs if the key used for DKIM is too short of if the signature is not padded correctly. >As I already have pointed out "padding too short" is the _only_ message >I got. When searching the mailing list archives I found out that in all >other error descriptions this log line was followed by a "bad signature" >error, which is not the case here. Yes. I don't think that the problem is with the key I am using to DKIM sign this message as I would get the padding too short error then. ># dpkg -l | grep ssl >ii libssl0.9.8 0.9.8c-4etch3 >SSL shared libraries >ii openssl 0.9.8c-4etch3 >Secure Socket Layer (SSL) binary and related > >It's an OpenSSL 0.9.8c, but Debian has patched it to include all the >latest security patches. You can compile a recent version of OpenSSL library and use it for dkim-milter. That can help identify whether the error you are seeing is depdendent on the version of OpenSSL library you are using. Regards, -sm ------------------------------------------------------------------------------ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
