I think, thay one shouldn't rejecting mail when dkim fails.........?
On 02/17/2012 06:17 PM, David Saez wrote: > Hi > > I'm using Exim 4.77 and have to avoid rejecting any mail when dkim > fails as > we get a lot of "verification failed - signature did not verify" for > domains like > yahoo, google, aol, paypal, ... > >> Hi, >> today i enabled signning with DKIM in Exim 4.76 - here is my route >> config: >> >> remote_smtp: >> driver = smtp >> dkim_domain = aira.cz >> dkim_selector = x >> dkim_private_key= /etc/exim/keys/dkim.private.key >> dkim_canon = relaxed >> >> >> and DNS's RR for domain: >> >> >> x._domainkey.aira.cz. 100 IN TXT "v=DKIM1\; t=y\; k=rsa\; >> p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhANMJ4yzdbmkkz5Ktt >> >> >> Dc0xt79I7Uxf9Raqd3Nvlfw8EB5zoMnYgdcdpTRlhluDJ7wnrYqNV8 >> >> >> S71Zq4Z50jdBNnJtne1xjuYTnfdsQwfr/h3NEdUdFDuNOn1XNNAmmvWwQPwIDAQAB" >> >> >> domainkey.aira.cz. 300 IN TXT "t=y\; o=~\;" >> >> _adsp._domainkey.aira.cz. 300 IN TXT "dkim=unknown" >> >> >> >> When i check DKIM's with send emails on address: >> [email protected] and [email protected], >> about half of emails fail. On the end this mail i atteched two debug >> from return emails from [email protected]. But when I >> tried send emails on my second mail server, so he verified DKIMs for all >> emails successfully. >> >> My OS on server is stable Gentoo x86 with openssl-1.0.0d >> >> Have you same idea, why dkim so often fails? >> >> Thank you, and sorry for my terrible English. >> >> >> >> >> Attached returs email for checker: >> >> Firts email: >> >> ----- Begin Debug Log Output ---- >> a: ['v=1', 'a=rsa-sha256', 'q=dns/txt', 'c=relaxed/relaxed', >> 'd=aira.cz', 's=x', >> 'h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID', >> >> 'bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=', >> 'b=P05WGYppwzu6O2IRkUeNuFGFvrAyZpXONT2G3dLyVgUkRZVxgcaUFTjVktnugoLXAznxnQeZ5MZujCO3LRScm42nf9wAws13Fi2uK/IkcvQgK0OROsvGEwwAFuBOzT53', >> >> ''] >> sig: {'a': 'rsa-sha256', 'c': 'relaxed/relaxed', 'b': >> 'P05WGYppwzu6O2IRkUeNuFGFvrAyZpXONT2G3dLyVgUkRZVxgcaUFTjVktnugoLXAznxnQeZ5MZujCO3LRScm42nf9wAws13Fi2uK/IkcvQgK0OROsvGEwwAFuBOzT53', >> >> 'd': 'aira.cz', 'h': >> 'Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID', >> >> 'bh': '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=', 'q': 'dns/txt', >> 's': 'x', 'v': '1'} >> bh: frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY= >> body hash mismatch (got frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=, >> expected 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=). Your server is >> not signing messages properly or another server may be modifying the >> body of your messages. >> >> ----- End Debug Log Output ---- >> >> >> Second Email: >> >> >> a: ['v=1', 'a=rsa-sha256', 'q=dns/txt', 'c=relaxed/relaxed', >> 'd=aira.cz', 's=x', >> 'h=MIME-Version:Content-Type:Message-ID:Subject:Date:To:From', >> 'bh=Sb8WGoUjJNJtG/FfwmvhQy9uPZoo0vO8ahBE3Rz+wlE=', >> 'b=TMCmawCtQ4LEvies519qMmP96afmNb5esIAqeOzU5zN5bYBL5iVCgf/kYQXCfcEJ65t5xsDFcAF2Br7Us+Gtjh/whZrB8eX6JZgEe+pirbXEVO6u9mB2vWMGcxbaBe6l', >> >> ''] >> sig: {'a': 'rsa-sha256', 'c': 'relaxed/relaxed', 'b': >> 'TMCmawCtQ4LEvies519qMmP96afmNb5esIAqeOzU5zN5bYBL5iVCgf/kYQXCfcEJ65t5xsDFcAF2Br7Us+Gtjh/whZrB8eX6JZgEe+pirbXEVO6u9mB2vWMGcxbaBe6l', >> >> 'd': 'aira.cz', 'h': >> 'MIME-Version:Content-Type:Message-ID:Subject:Date:To:From', 'bh': >> 'Sb8WGoUjJNJtG/FfwmvhQy9uPZoo0vO8ahBE3Rz+wlE=', 'q': 'dns/txt', 's': >> 'x', 'v': '1'} >> bh: Sb8WGoUjJNJtG/FfwmvhQy9uPZoo0vO8ahBE3Rz+wlE= >> modlen: 96 >> include_headers: ['MIME-Version', 'Content-Type', 'Message-ID', >> 'Subject', 'Date', 'To', 'From'] >> verify headers: [('mime-version', '1.0\r\n'), ('content-type', >> 'multipart/alternative; >> boundary="_000_3BE0DEED8863E5429BAE4CAEDF6245650273762DC4FEAIRASRVaira_"\r\n'), >> >> ('message-id', >> '<[email protected]>\r\n'), >> >> ('subject', '\r\n'), ('date', 'Thu, 16 Feb 2012 21:44:05 +0100\r\n'), >> ('to', '"[email protected]" >> <[email protected]>\r\n'), ('from', 'Martin Duspiva >> <[email protected]>\r\n'), ('dkim-signature', 'v=1; a=rsa-sha256; >> q=dns/txt; c=relaxed/relaxed; d=aira.cz; s=x; >> h=MIME-Version:Content-Type:Message-ID:Subject:Date:To:From; >> bh=Sb8WGoUjJNJtG/FfwmvhQy9uPZoo0vO8ahBE3Rz+wlE=; b=;')] >> verify digest: 28 37 44 c4 97 c1 d3 2a e8 e4 92 66 ee f6 1a 56 19 7b 7e >> 23 00 f5 b8 e7 ab a9 25 96 26 2a 78 dd >> dinfo: 30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 28 37 44 >> c4 97 c1 d3 2a e8 e4 92 66 ee f6 1a 56 19 7b 7e 23 00 f5 b8 e7 ab a9 25 >> 96 26 2a 78 dd >> sig2: 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >> ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 30 >> 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 28 37 44 c4 97 c1 >> d3 2a e8 e4 92 66 ee f6 1a 56 19 7b 7e 23 00 f5 b8 e7 ab a9 25 96 26 2a >> 78 dd >> TMCmawCtQ4LEvies519qMmP96afmNb5esIAqeOzU5zN5bYBL5iVCgf/kYQXCfcEJ65t5xsDFcAF2Br7Us+Gtjh/whZrB8eX6JZgEe+pirbXEVO6u9mB2vWMGcxbaBe6l >> >> >> TMCmawCtQ4LEvies519qMmP96afmNb5esIAqeOzU5zN5bYBL5iVCgf/kYQXCfcEJ65t5xsDFcAF2Br7Us+Gtjh/whZrB8eX6JZgEe+pirbXEVO6u9mB2vWMGcxbaBe6l >> >> >> v: 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >> ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 30 31 >> 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 48 7f cc d9 0b c9 b4 >> b3 0b 14 1c 5d 53 e3 a9 6e 0c 60 75 75 c1 67 d3 55 0c 56 f3 20 99 20 >> 3b 6d >> >> >> >> >> >> >> > > -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
