[dkim-milter-discuss] Can't get DKIM signed emails to verify (reward offered for help)

[Steve Johnson (email)]

Greetings,

 

I'm going crazy trying to get DKIM to work with dkim-milter and sendmail.
No matter what I do, I get errors from various verification services saying
that my email's signature cannot be verified.  I've tried different recipes
off the net and different settings in my /etc/dkim.conf file, but the
results are always the same.  I've tried using the "OmitHeaders" option to
the filter to get the list of signed headers down to the bare minimum.  Even
with just "From:" and "Subject:" in the signature, I get the same
verification errors.

 

The most precise information (if you want to call it that) that I've gotten
from any verifier is from the Mail::DKIM::Verifier Perl module.  That tool
produces the message "fail (message has been altered)".  I guess that might
mean that my mailer is modifying the email headers after the email has been
signed.  I don't, however, know enough to know either why this would be the
case or how to fix it.

 

The setup seems very straightforward.  When I had sendmail signing my
emails, I thought I'd be all set.  But I can't get the receivers to like my
emails.

 

If someone can help me figure out how to get this working, I'd greatly
appreciate it.  I'll send you a free copy of Debabelizer, our desktop media
processing product, if you can get me going.

 

Below is all the info I can think to provide on my setup.

 

TIA for any help.

 

Steve

(steve --at-- equilibrium --dot-- com)

 

 

@@@@@@@@@@@@@@@@@@@ versions @@@@@@@@@@@@@@@@@@@

 

Centos 5.X

dkim-milter-2.8.3

sendmail-8.13.8-2.el5

sendmail-cf-8.13.8-2.el5

openssl-0.9.8e-7.el5

openssl-devel-0.9.8e-7.el5

 

@@@@@@@@@@@@@@@@@@@ /etc/dkim.conf (I've tried SignatureAlgorithm=rsa-sha1,
Mode=sv, X-Header=Yes, but none of that helped) @@@@@@@@@@@@@@@@@@@@@

 

Canonicalization simple

Domain eqnetwork.com

KeyFile /var/db/dkim/mikey.key.pem

MTA MSA

Selector mikey

Socket inet:8...@localhost

SignatureAlgorithm rsa-sha256

Syslog Yes

Userid dkim

X-Header No

Mode s

InternalHosts /etc/dkim-internal-hosts

 

@@@@@@@@@@@@@@@@@@@ /var/db/dkim/mikey.key.pem @@@@@@@@@@@@@@@@@@@@@

 

-----BEGIN RSA PRIVATE KEY-----

MIICXQIBAAKBgQDRN3Rlwlk1VcxFrjQpQAl506dSe1b5wUCaAdu9DAQ27WW5e7CM

....

kGmYNbq4JD7Edc+VlJw/5A5m8tRkeMUyEQiIpVFcnYcZ

-----END RSA PRIVATE KEY-----

 

@@@@@@@@@@@@@@@@@@@ /var/db/dkim/mikey.publickey.pem @@@@@@@@@@@@@@@@@@@@@

 

-----BEGIN PUBLIC KEY-----

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRN3Rlwlk1VcxFrjQpQAl506dS

e1b5wUCaAdu9DAQ27WW5e7CMCmyU2xxVTIstYdIU2aOrMArFnQ4dCE7H36CCCo3V

NLjH36PXE+XKirr9m5MUJPkLMoTt00/VQyMKQQj4pzPHJiCdsene/lfiCLhBJ9z6

rkvme58z2/njfMiLMQIDAQAB

-----END PUBLIC KEY-----

 

@@@@@@@@@@@@@@@@@@@ /var/mail/sendmail.cf @@@@@@@@@@@@@@@@@@@@@

 

 

divert(-1)dnl

dnl #

dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the dnl #
/etc/mail/sendmail.cf file by confirming that the sendmail-cf package is dnl
# installed and then performing a dnl #

dnl #     make -C /etc/mail

dnl #

....

INPUT_MAIL_FILTER(`dkim-filter', `S=inet:8...@localhost')

 

@@@@@@@@@@@@@@@@@@@ Here's how I start/restart the mail system after making
changes (dkim.sh) @@@@@@@@@@@@@@@@@@@@@

 

#!/bin/sh

sudo pkill dkim-filter

sudo -u dkim /usr/sbin/dkim-filter -W -D -l -x /etc/dkim.conf

sudo /etc/init.d/sendmail restart

 

@@@@@@@@@@@@@@@@@@ Here's my DNS TXT entry @@@@@@@@@@@@@@@@@@

 

mikey._domainkey.eqnetwork.com. TXT 1800 "k=rsa\; t=y\;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRN3Rlwlk1VcxFrjQpQAl506dSe1b5wUCaAd
u9DAQ27WW5e7CMCmyU2xxVTIstYdIU2aOrMArFnQ4dCE7H36CCCo3VNLjH36PXE+XKirr9m5MUJP
kLMoTt00/VQyMKQQj4pzPHJiCdsene/lfiCLhBJ9z6rkvme58z2/njfMiLMQIDAQAB"

 

@@@@@@@@@@@@@@@@@@ Here's what one of my emails looks like (sent from the
sendmail machine to st...@localhost) @@@@@@@@@@@@@@@@@@

 

>From st...@eqnetwork.com  Fri Dec 11 08:07:09 2009

Return-Path: <st...@eqnetwork.com>

Received: from apvmail.eqnetwork.com (localhost.localdomain [127.0.0.1])

                by apvmail.eqnetwork.com (8.13.8/8.13.8) with ESMTP id
nBBG78gi004140

                for <st...@apvmail.eqnetwork.com>; Fri, 11 Dec 2009 08:07:09
-0800

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=eqnetwork.com;

                s=mikey; t=1260547629; i...@eqnetwork.com;

                bh=ohJJaB4M4iQyuge6YXkWUd/7aON3nTvTwbA0gDXyMyg=;

                h=Date:From:Message-Id:To:Subject;

 
b=x+QIepaVmOy46FrQK6UgXtkfEZbjNafDa48ckiY2ElI4MhTRCg9KDr0Io1iomjO1E

 
QRh8HRGKpV8KYJypsxpQh2JEC5626P/3nnd9HXziv5xgy7ibphBjP6Dq6jeHvmPzTl

                 HT3uc/u4i7DmRf0CSymrxgKOF/BoIpvj/ek27Db8=

Received: (from st...@localhost)

                by apvmail.eqnetwork.com (8.13.8/8.13.8/Submit) id
nBBG78e1004139

                for st...@localhost; Fri, 11 Dec 2009 08:07:08 -0800

Date: Fri, 11 Dec 2009 08:07:08 -0800

From: Steve <st...@eqnetwork.com>

Message-Id: <200912111607.nbbg78e1004...@apvmail.eqnetwork.com>

To: st...@apvmail.eqnetwork.com

Subject: whatever

Status: R

 

a

b

c

 

@@@@@@@@@@@@@@@@@@ Here's what I get if I test this email with dkim-filter
@@@@@@@@@@@@@@@@@@

 

dkim-filter: test.txt: mlfi_connect() returned SMFIS_CONTINUE

dkim-filter: test.txt: mlfi_envfrom() returned SMFIS_CONTINUE

dkim-filter: test.txt: mlfi_envrcpt() returned SMFIS_CONTINUE

dkim-filter: test.txt: line 1: mlfi_header() returned SMFIS_CONTINUE

dkim-filter: test.txt: line 2: mlfi_header() returned SMFIS_CONTINUE

dkim-filter: test.txt: line 3: mlfi_header() returned SMFIS_CONTINUE

dkim-filter: test.txt: line 6: mlfi_header() returned SMFIS_CONTINUE

dkim-filter: test.txt: line 13: mlfi_header() returned SMFIS_CONTINUE

dkim-filter: test.txt: line 16: mlfi_header() returned SMFIS_CONTINUE

dkim-filter: test.txt: line 17: mlfi_header() returned SMFIS_CONTINUE

dkim-filter: test.txt: line 18: mlfi_header() returned SMFIS_CONTINUE

dkim-filter: test.txt: line 19: mlfi_header() returned SMFIS_CONTINUE

dkim-filter: test.txt: line 20: mlfi_header() returned SMFIS_CONTINUE

dkim-filter: test.txt: line 21: mlfi_header() returned SMFIS_CONTINUE

dkim-filter: test.txt: mlfi_eoh() returned SMFIS_CONTINUE

dkim-filter: test.txt: mlfi_body() returned SMFIS_CONTINUE

dkim-filter: test.txt: mlfi_eom() returned SMFIS_ACCEPT

dkim-filter: test.txt: mlfi_close() returned SMFIS_CONTINUE ### INSHEADER:
idx=1 hname=`Authentication-Results' hvalue=`DEBUG-j; dkim=neutral
(verification failed)

                header...@eqnetwork.com; x-dkim-adsp=none'

dkim-filter: test.txt: verification (s=mikey d=eqnetwork.com, 1024-bit key)
failed: signature verification failed

 


------------------------------------------------------------------------------
Return on Information:
Google Enterprise Search pays you back
Get the facts.
http://p.sf.net/sfu/google-dev2dev

_______________________________________________
dkim-milter-discuss mailing list
dkim-milter-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss