[dkim-milter-discuss] Validation problem

[Tony Birnseth, 1st Source IT, LLC]

I have installed the 'sendmail' version of DKIM since I can't find a 
    lib64 binary specifically for postfix.  I made links to get the key 
    locations to resolve and that seems to be working ok.
    I created a regex file to perpend an DKIM Signature: header for every 
    email sent "from" this system whether that be from the system itself or 
    on behalf of an authenticated smtp connection (I.e one of the domains I 
    support)...
    I have this option in the main.cf file:
    smtpd_sender_restrictions = hash:/etc/postfix/sender_access, 
    check_client_access pcre:/etc/postfix/ez-merchant-hosting-dkim-header.re
    which contains:
    /^/ PREPEND DKIM-Signature: v=DKIM1; a=rsa-sha1; t=y; s=ezms1; 
    d=ez-merchant-hosting.com; c=simple; q=dns; 
    
b=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2amdz0mVsDr9mXDOa0eDKKnuhBMHCEXW+7wBniEZejtQ9WLhA21KUchkv8vnJCOotz3/CObPSl7rc2pRHD2GYfBIKH2rq7vsDHzrbszWXIOGMoCDFc4F9tVvOi1DCUs2b0EXO8ewfazggJjXx7G8D+BW6b5UbW57gUYUrPdBTMwIDAQAB
    I sent mail to autorespond+d...@dk.elandsys.com hoping to validate the 
    DKIM installation.
    However, the server responds with:

- Ignored:
    DKIM Signature validation: DKIM-Signature could not be verified
    DKIM Author Domain Signing Practices: no DNS record for 
_adsp._domainkey.1sit.com
    
    DKIM Selector: ezms1
    "v=DKIM1; g=*; k=rsa; 
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2amdz0mVsDr9mXDOa0eDKKnuhBMHCEXW+7wBniEZejtQ9WLhA21KUchkv8vnJCOotz3/CObPSl7rc2pRHD2GYfBIKH2rq7vsDHzrbszWXIOGMoCDFc4F9tVvOi1DCUs2b0EXO8ewfazggJjXx7G8D+BW6b5UbW57gUYUrPdBTMwIDAQAB;
 ----- DKIM"
    
    *I append this header to all emails from verified smtp auth connections 
    vi the smtpd_sender_restrictions directive:
    *DKIM-Signature: v=DKIM1; a=rsa-sha1; s=ezms1; 
    d=ez-merchant-hosting.com; c=simple; q=dns; 
    
b=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2amdz0mVsDr9mXDOa0eDKKnuhBMHCEXW+7wBniEZejtQ9WLhA21KUchkv8vnJCOotz3/CObPSl7rc2pRHD2GYfBIKH2rq7vsDHzrbszWXIOGMoCDFc4F9tVvOi1DCUs2b0EXO8ewfazggJjXx7G8D+BW6b5UbW57gUYUrPdBTMwIDAQAB*
    *
    *I have verified that the DNS returns correct info for 
    _domainkey.ez-merchant-hosting.com as well as 
    _domainkey.ez-merchant-hosting.com and 
    ezms1._domainkey.ez-merchant-hosting.com.
    
    I guess I would expect the "checker" to:
    1) Use the info in the header to check the dkim info  (I.e. 
    ezms1._domainkey.ez-merchant-hosting.com)
    2) Validate against those credentials.
    
    I'm trying to avoid setting up unique dkim info for each client that 
    uses this system.  Maintenance nightmare.  Is that even possible?
    
    What am I doing wrong? My bet is that since the From field does not have 
    the same domain name as the DKIM-Signature that it is trying to find the 
    domain key info based on the From domain.
    
    Headers sent to the autoresponder are:
    *
    
    Original message:
    Received: from ezms1.ez-merchant-hosting.com (ezms1.ez-merchant-hosting.com 
[98.129.216.127] (may be forged))
        by ns1.qubic.net (8.14.4.Alpha0/8.14.4.Alpha0) with ESMTP id 
n21NZnWm028299
        for <autorespond+d...@dk.elandsys.com>; Sun, 1 Mar 2009 15:35:55 -0800 
(PST)
    Authentication-Results: ns1.qubic.net; sender-id=pass 
header.from=to...@1sit.com; spf=pass smtp.mfrom=to...@1sit.com
    DKIM-Signature: a=rsa-sha1; s=ezms1; d=ez-merchant-hosting.com; c=simple; 
q=dns; 
b=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2amdz0mVsDr9mXDOa0eDKKnuhBMHCEXW+7wBniEZejtQ9WLhA21KUchkv8vnJCOotz3/CObPSl7rc2pRHD2GYfBIKH2rq7vsDHzrbszWXIOGMoCDFc4F9tVvOi1DCUs2b0EXO8ewfazggJjXx7G8D+BW6b5UbW57gUYUrPdBTMwIDAQAB
    X-DKIM: Sendmail DKIM Filter v2.5.3 ezms1.ez-merchant-hosting.com 
8886F2D282DF
    Received: from [127.0.0.1] (unknown [206.72.99.10])
        by ezms1.ez-merchant-hosting.com (Postfix) with ESMTP id 8886F2D282DF
        for <autorespond+d...@dk.elandsys.com>; Sun,  1 Mar 2009 15:35:48 -0800 
(PST)
    Message-ID: <49ab1bcf.5090...@1sit.com>
    Date: Sun, 01 Mar 2009 15:35:43 -0800
    From: "Tony Birnseth, 1st Source IT, LLC" <to...@1sit.com>
    Organization: 1st Source IT, LLC
    User-Agent: Thunderbird 2.0.0.19 (Windows/20081209)
    MIME-Version: 1.0
    To: autorespond+d...@dk.elandsys.com
    Subject: dkim test 4
    Content-Type: multipart/alternative;
     boundary="------------060708030600010604090008"
    
    This is a multi-part message in MIME format.
    --------------060708030600010604090008
    Content-Type: text/plain; charset=ISO-8859-1; format=flowed
    Content-Transfer-Encoding: 7bit
    
    



------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
dkim-milter-discuss mailing list
dkim-milter-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss