[dkim-milter-discuss] [SPAM] Help would be appreciated bad sig + hardfail ?!

[alforreca_2...@yahoo.com]

I'm running ubuntu 10.04 with postfix and dkim-filter.
All my configuration checks out ok...or at least I think so. But dkim sig is 
not 
being accepted by yahoo and gmail servers.
My postfix main.cf
# DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

My /etc/default/dkim-filter
SOCKET="inet:8...@localhost" # Ubuntu default - listen on loopback on port 8891

My /etc/dkim-filter.conf
Syslog                  yes
LogWhy                  True
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
#UMask                  002

# Sign for example.com with key in /etc/mail/dkim.key using
# selector '2007' (e.g. 2007._domainkey.example.com)
Domain                  example.com
KeyFile         /etc/mail/mail.key
Selector                mail
InternalHosts           /etc/mail/hosts

# Common settings. See dkim-filter.conf(5) for more information.
AutoRestart             yes
Background              yes
Canonicalization        relaxed/relaxed
DNSTimeout              5
Mode                    sv
SignatureAlgorithm      rsa-sha256
SubDomains              yes
#ADSPDiscard            no
#Version                rfc4871
X-Header                no
###############################################
# Other (less-standard) configuration options #
###############################################

My InternalHosts file /etc/mail/hosts
127.0.0.1/8
192.168.1.0/24
localhost
example.com
www.example.com
mail.example.com
cerebrus.example.com
umongus.example.com

My Bind9 Dns entries for the example domain
mail._domainkey                 IN      TXT "k=rsa; 
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBcAtF+RCk9wpagy3b3Y8566FWZ354fMjlz7ZmYYJzg+GT1ruGl/lvwXZkQTzMyvpGgBM5ShUmopVswN3Cv/+M1UTU8lto1fnTFJb2bu$


_domainkey                      IN      TXT "t=y; o=-"

My Maddog domain dns entries:
 mail._domainkey v=DKIM1; g=*; k=rsa; t=y; 
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdVfaH7HsphCUPCmEiAB 
Gx96PvDMrqC0ZQ324gZ5ND3btqtZnVglPlLVicg3LjAzMFmPiuYs7log4xQ2 
705G/gicNRlbP4ZjPTL2yqshKy1DNRfw4vSgUpMRfQVfcPeag32geSayoVEm 
u+MvAy136jphNnAxr18AUEKJDBycf7iQIDAQAB 1 Hour  

 _domainkey t=y; o=- 1 Hour  


Tests DONE:
mail.log shows 
Sep 26 23:51:48 hostname dkim-filter[6880]: 7440A1C72EFF mode select: signing

tests online:
http://domainkeys.sourceforge.net/policycheck.html
Testing example.com 
 Policy TXT=t=y; o=-
This policy record appears valid.

http://domainkeys.sourceforge.net/selectorcheck.html
mail._domainkey.example.com 
 TXT Record length = 230
k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdVfaH7HsphCUPCmEiABGx96PvDM
...rqC0ZQ324gZ5ND3btqtZnVglPlLVicg3LjAzMFmPiuYs7log4xQ2705G/gicNRlbP4ZjPTL2yqshKy1D

...NRfw4vSgUpMRfQVfcPeag32geSayoVEmu+MvAy136jphNnAxr18AUEKJDBycf7iQIDAQAB
This selector appears valid.
Tag
Value
Explanation
k rsa The public key algorithm used to verify the signature 
p MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQCdVfaH7HsphCUPCmEi... Modulus Size=1024
Exponent=65537 
t y This Selector is in test mode 


EMAIL RESPONSES FROM YAHOO HEADERS:
Received-SPF: pass (mta1259.mail.ac4.yahoo.com: domain of exam...@example.com 
designates "MY IP" as permitted sender)
X-YMailISG: c.gT32wcZAq6BhWv1Ruvg855nFbd_y5ko.Kp_udqSapMrJKA
 _49jz8gJqUMIJbLm7CB1JrGSYyus_6sTpfVpBb_Eamd3vwqlgv2.mcBfIQhn
 IHf9p9h26.gUl4Mg8qVCm1sWDZz4ZsFzTul5hOI9MDKEwuKH7PNx_NfppAfE
 T5yYi9rUFe8Un5RdTeTj0ExUnwD1t9YG._qzYUX9o.MDd2JawZ.Vxy9.uHYa
 fj.ss65SfUrVBJ1myXnc8XQBbCPi6wUV_HgmiTsUyxaLEo3woAP_fPVtuz4C
 OqC5sB_Qc9FOzuNnnxYKbUa7lXPLDy.9ALT6BpRt7CeCL0LhJOSwM02g4ikf
 4K9sZ2eFGS3uQ_IFJxEt_asaa2lOaFkwooP6YdqAtWwAOjDoDRnE1ecv6MUf
 bVhVJGgMksYXb.faMi0EriW1vkBqFu3hcwwQUSbi75TTCWN3ScBbSb1njm5X
 2dmWhYkox602qDW4pzXoZIQ2gmNB
X-Originating-IP: [MY IP]
Authentication-Results: mta1259.mail.ac4.yahoo.com  from=example.com; 
domainkeys=neutral (no sig);  from=example.com; dkim=permerror (bad sig)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=zaaam.com; s=mail;
t=1285544437; bh=+RXOTVB28eXhx0k/tu8av/BLmD8wZpkVU5Pa6hB6w4I=;
h=To:Date:Subject:Message-ID:From:MIME-Version:Content-Type;
b=bu3Eqt4KXl2um8ivT6+BHKDLYTibUHK6eTAmYMPW9vDVVyg2lqfzntL06n5bBe4AK
BagYp+tKc8dtY+q+uH4uFHUOHwV03ZrUdcCNMjaFkR+jTUuC8yCrr0kTZSc9GhsVUr
v9MaeaOKra20C9+dgeXhjfTUDvGI1bniquZA/ITc=


EMAIL RESPONSES FROM GMAIL HEADERS:
Authentication-Results: mx.google.com; spf=pass (google.com: domain of 
em...@example.com designates "MY IP" as permitted sender) 
smtp.mail=em...@example.com; dkim=hardfail (test mode) header...@example.com 
Received: from host.example.com (host.example.com [LAN IP])     by 
host.example.com 
(Postfix) with ESMTP id 9C8431C72F00    for <em...@gmail.com>; Sun, 26 Sep 2010 
23:51:48 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; 
d=zaaam.com; s=mail;    t=1285545108; 
bh=p8pafqTNhtsModsSazJmcokGeAFPfXlSGnULI/Z7QDU=; 
        h=To:Date:Subject:Message-ID:From:MIME-Version:Content-Type; 
        b=UlDd4VZo826VxOkDdNR5ER+3jGjMRiPQoB5lEdPWKSUvbibdqTGQmL5PrIKoZpIqX     
 
c7DGlc504Y1FCQb/pW8M2bYNtrt5nRfJ9XqlfdE9as9ECb44KoqJZCldvBEvCZSCYo       
hQEMUT2LeDezo+EtEpgXAmO87pWN8QaxbKY2a9J0=

I'm out of ideas... full day trying and testing this?!?!?! What can be wrong?


      
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
dkim-milter-discuss mailing list
dkim-milter-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss