I got it all working. Thanks so much to Mike Markley for his time and
patience.
It seems to now be working as I'd like (and it should). It took:
1) creating a file to list the domains I wanted the system to sign for.
2) Adding the _domainkey and <selector>._domainkey entries to each of
those domain's DNS records.
thanks again,
tony
SM wrote:
At 17:08 01-03-2009, Tony Birnseth, 1st Source IT, LLC wrote:
I have installed the 'sendmail' version of DKIM since I can't find a
lib64 binary specifically for postfix. I made links to get the key
locations to resolve and that seems to be working ok.
I created a regex file to perpend an DKIM Signature: header for every
email sent "from" this system whether that be from the system itself or
on behalf of an authenticated smtp connection (I.e one of the domains I
support)...
I have this option in the main.cf file:
smtpd_sender_restrictions = hash:/etc/postfix/sender_access,
check_client_access pcre:/etc/postfix/ez-merchant-hosting-dkim-header.re
which contains:
/^/ PREPEND DKIM-Signature: v=DKIM1; a=rsa-sha1; t=y; s=ezms1;
d=ez-merchant-hosting.com; c=simple; q=dns;
b=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2amdz0mVsDr9mXDOa0eDKKnuhBMHCEXW+7wBniEZejtQ9WLhA21KUchkv8vnJCOotz3/CObPSl7rc2pRHD2GYfBIKH2rq7vsDHzrbszWXIOGMoCDFc4F9tVvOi1DCUs2b0EXO8ewfazggJjXx7G8D+BW6b5UbW57gUYUrPdBTMwIDAQAB
I sent mail to [email protected] hoping to validate the
DKIM installation.
However, the server responds with:
- Ignored:
DKIM Signature validation: DKIM-Signature could not be verified
DKIM Author Domain Signing Practices: no DNS record for
_adsp._domainkey.1sit.com
DKIM Selector: ezms1
"v=DKIM1; g=*; k=rsa;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2amdz0mVsDr9mXDOa0eDKKnuhBMHCEXW+7wBniEZejtQ9WLhA21KUchkv8vnJCOotz3/CObPSl7rc2pRHD2GYfBIKH2rq7vsDHzrbszWXIOGMoCDFc4F9tVvOi1DCUs2b0EXO8ewfazggJjXx7G8D+BW6b5UbW57gUYUrPdBTMwIDAQAB;
----- DKIM"
The public key in DNS is incorrect. That part should be:
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2amdz0mVsDr9mXDOa0eDKKnuhBMHCEXW+7wBniEZejtQ9WLhA21KUchkv8vnJCOotz3/CObPSl7rc2pRHD2GYfBIKH2rq7vsDHzrbszWXIOGMoCDFc4F9tVvOi1DCUs2b0EXO8ewfazggJjXx7G8D+BW6b5UbW57gUYUrPdBTMwIDAQAB
*I append this header to all emails from verified smtp auth connections
vi the smtpd_sender_restrictions directive:
*DKIM-Signature: v=DKIM1; a=rsa-sha1; s=ezms1;
d=ez-merchant-hosting.com; c=simple; q=dns;
b=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2amdz0mVsDr9mXDOa0eDKKnuhBMHCEXW+7wBniEZejtQ9WLhA21KUchkv8vnJCOotz3/CObPSl7rc2pRHD2GYfBIKH2rq7vsDHzrbszWXIOGMoCDFc4F9tVvOi1DCUs2b0EXO8ewfazggJjXx7G8D+BW6b5UbW57gUYUrPdBTMwIDAQAB*
You are appending the public key instead of having dkim-milter sign
the message.
I guess I would expect the "checker" to:
1) Use the info in the header to check the dkim info (I.e.
ezms1._domainkey.ez-merchant-hosting.com)
2) Validate against those credentials.
That's what it does.
I'm trying to avoid setting up unique dkim info for each client that
uses this system. Maintenance nightmare. Is that even possible?
Yes, that is possible.
What am I doing wrong? My bet is that since the From field does not have
the same domain name as the DKIM-Signature that it is trying to find the
domain key info based on the From domain.
Headers sent to the autoresponder are:
[snip]
DKIM-Signature: a=rsa-sha1; s=ezms1; d=ez-merchant-hosting.com;
c=simple; q=dns;
b=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2amdz0mVsDr9mXDOa0eDKKnuhBMHCEXW+7wBniEZejtQ9WLhA21KUchkv8vnJCOotz3/CObPSl7rc2pRHD2GYfBIKH2rq7vsDHzrbszWXIOGMoCDFc4F9tVvOi1DCUs2b0EXO8ewfazggJjXx7G8D+BW6b5UbW57gUYUrPdBTMwIDAQAB
See above comments about how to sign the message. Ignoring the
"DKIM-Signature:" part, that header looks like a DomainKeys signature.
Regards,
-sm
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
dkim-milter-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
dkim-milter-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
