[exim] Exim DKIM fails to import some keys?

Fri, 19 Apr 2019 02:03:10 -0700

I have just discovered that Exim DKIM appears to fail to parse some DKIM keys that other systems claim are okay:
19 00:50:18 RCPT: SPF Result2=pass (Partnersresponse.dell.com / mail04.response.dell.com [142.0.168.187]) 
19 00:50:19 1hHGnL-0002nj-0r PDKIM: d=dell.com s=dk2016 [failed key import]
19 00:50:19 1hHGnL-0002nj-0r DKIM START: domain=Partnersresponse.dell.com possible_signer=dell.com status=invalid (reason=pubkey_dns_syntax) 19 00:50:19 1hHGnL-0002nj-0r no IP address found for host localhost.localdomain 19 00:50:19 1hHGnL-0002nj-0r DKIM DEFER: domain=Partnersresponse.dell.com cannot obtain public key 


Running Exim 4.92, compiled from source on Devuan Beowulf with GCC8.3 
... everything compile clean and works.



We have a strict DKIM policy that is "you sign it - we check and enforce 
it", for failed keys ('pub_key_unavailable' and 'failed_key_import') we 
defer with a 421 and appropriate message in the hope that the other 
party will fix their problem(s).


The problem is that ProtoDave.com says 'Success' when parsing Dell's key:

SELECTOR

Selectors <http://www.dkim.org/info/dkim-faq.html#technical>enable a 
single domain to have multiple keys. Some domains, like Twitter and 
eBay, use “*dkim*”. Google Apps domains typically use “*google*”. Others 
simply use “*default*”. Enter yours here. (Note: Do not include 
“_domainkey”)


DOMAIN

Base Domain Name. (e.g. example.com)


DNS QUERY:dk2016._domainkey.dell.com
QUERY STATUS:Success
TXT RECORD:

"v=DKIM1; h=sha256; 
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDn7EiK3r/vRRde/oD9XAsACz44UTrt2j+hGKdqQ093/QBbPZS99TKxBkcKeWEnu+TzV+WigS8eD424pZVNP2Y4Ta5qbWdtJa+jtoc9953m7WOkTYMM4/iiDxPzhg2yxWdxu3VvuyiZBLhPXzX54mj8rXaTyXXWry2+CRQqDds9pwIDAQAB\\;
 t=s"

KEY LENGTH (BITS):1024
VERSION:DKIM1
KEY TYPE:
GRANULARITY:
HASHES:sha256
SERVICE TYPE:
FLAGS:
NOTES:
PUBLIC KEY:

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDn7EiK3r/vRRde/oD9XAsACz44
UTrt2j+hGKdqQ093/QBbPZS99TKxBkcKeWEnu+TzV+WigS8eD424pZVNP2Y4Ta5q
bWdtJa+jtoc9953m7WOkTYMM4/iiDxPzhg2yxWdxu3VvuyiZBLhPXzX54mj8rXaT
yXXWry2+CRQqDds9pwIDAQAB
-----END PUBLIC KEY-----


How to fix?


Mike



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/






















					Reply via email to