You never published your DKIM key in DNS. https://tools.wordtothewise.com/dkim/check/mta5.uits.uconn.edu;/dkim1 <https://tools.wordtothewise.com/dkim/check/mta5.uits.uconn.edu;/dkim1>
So the mail is being signed, but the signature is failing because there’s no public key to use to verify. laura > On 17 Dec 2018, at 18:18, Fazzina, Angelo <[email protected]> wrote: > > Hi, thank you. > Here are the headers of the test email I sent. > I sent it with Thunderbird through mta5 which signed it, and relayed it to > next hop, and it was delivered. > > I think you are saying since I configured the server to both verify and sign > emails, it won’t bother verifying an email the server itself signed, so I > won’t ever get a report ? I think I read something like that in the RFC’s ? > > > Sounds like my testing method may be flawed. L > > > Received: from BYASPR01MB1.namprd05.prod.outlook.com > <http://byaspr01mb1.namprd05.prod.outlook.com/> (2603:10b6:406:80::38) by > BN7PR05MB5859.namprd05.prod.outlook.com > <http://bn7pr05mb5859.namprd05.prod.outlook.com/> with HTTPS via > BN7PR06CA0025.NAMPRD06.PROD.OUTLOOK.COM > <http://bn7pr06ca0025.namprd06.prod.outlook.com/>; Fri, 14 Dec 2018 20:50:45 > +0000 > Received: from CO2PR05CA0064.namprd05.prod.outlook.com > <http://co2pr05ca0064.namprd05.prod.outlook.com/> (2603:10b6:102:2::32) > by BYASPR01MB1.namprd05.prod.outlook.com > <http://byaspr01mb1.namprd05.prod.outlook.com/> (2603:10b6:a02:ce::33) with > Microsoft SMTP Server (version=TLS1_2, > cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1446.9; Fri, 14 Dec > 2018 20:50:44 +0000 > Received: from SN1NAM01FT045.eop-nam01.prod.protection.outlook.com > <http://eop-nam01.prod.protection.outlook.com/> > (2a01:111:f400:7e40::209) by CO2PR05CA0064.outlook.office365.com > <http://co2pr05ca0064.outlook.office365.com/> > (2603:10b6:102:2::32) with Microsoft SMTP Server (version=TLS1_2, > cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1446.10 via Frontend > Transport; Fri, 14 Dec 2018 20:50:43 +0000 > Authentication-Results: spf=none (sender IP is 137.99.25.249) > smtp.mailfrom=appmail.uconn.edu <http://appmail.uconn.edu/>; > uconn.mail.onmicrosoft.com <http://uconn.mail.onmicrosoft.com/>; dkim=fail > (invalid public key) header.d=mta5.uits.uconn.edu > <http://mta5.uits.uconn.edu/>;uconn.mail.onmicrosoft.com > <http://uconn.mail.onmicrosoft.com/>; > dmarc=none action=none header.from=appmail.uconn.edu > <http://appmail.uconn.edu/>;compauth=pass reason=105 > Received-SPF: None (protection.outlook.com <http://protection.outlook.com/>: > appmail.uconn.edu <http://appmail.uconn.edu/> does not > designate permitted sender hosts) > Received: from mta5.uits.uconn.edu <http://mta5.uits.uconn.edu/> > (137.99.25.249) by > SN1NAM01FT045.mail.protection.outlook.com > <http://sn1nam01ft045.mail.protection.outlook.com/> (10.152.65.226) with > Microsoft SMTP > Server id 15.20.1446.11 via Frontend Transport; Fri, 14 Dec 2018 20:50:43 > +0000 > Received: from [137.99.80.129] (angelo.uits.uconn.edu > <http://angelo.uits.uconn.edu/> [137.99.80.129]) > by mta5.uits.uconn.edu <http://mta5.uits.uconn.edu/> > (Postfix) with ESMTP id 088EA3000A2C > for <[email protected] > <mailto:[email protected]>>; Fri, 14 Dec 2018 15:50:43 -0500 (EST) > DKIM-Filter: OpenDKIM Filter v2.11.0 mta5.uits.uconn.edu > <http://mta5.uits.uconn.edu/> 088EA3000A2C > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mta5.uits.uconn.edu > <http://mta5.uits.uconn.edu/>; > s=dkim1; t=1544820643; r=y; > bh=9ZoLOUiYT9ubu7ykLiU305ZLqHeoTNV83po4QgGRepU=; > h=To:From:Subject:Date:From; > > b=uPOMfVq7Ilr0/e2GEwEIiRotuX1gacod2Tmk7c1lfcYUpNTUznjUXPyNidTlbhrLA > > ylDHc1xE1P/B1NBo0awxBN4Qbwjz8UWUC1vQpQsrenWnhr+Rp46g7KKqWWZ2Sjw0O0 > 0RV2EF9aD1UP5bd7qLtuQHQ9gye5cVCBv6uVdM7g= > To: [email protected] <mailto:[email protected]> > From: "Fazzina, Angelo" <[email protected] > <mailto:[email protected]>> > Subject: broken test number 2 > Message-ID: <[email protected] > <mailto:[email protected]>> > Date: Fri, 14 Dec 2018 15:50:42 -0500 > User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 > Thunderbird/60.3.3 > MIME-Version: 1.0 > Content-Type: text/plain; charset="utf-8"; format=flowed > Content-Transfer-Encoding: 7bit > Content-Language: en-US > Return-Path: [email protected] <mailto:[email protected]> > > -ANGELO FAZZINA > > ITS Service Manager: > Spam and Virus Prevention > Mass Mailing > G Suite/Gmail > > [email protected] <mailto:[email protected]> > University of Connecticut, ITS, SSG, Server Systems > 860-486-9075 > > From: Murray S. Kucherawy <[email protected] <mailto:[email protected]>> > Sent: Monday, December 17, 2018 12:03 PM > To: Fazzina, Angelo <[email protected] > <mailto:[email protected]>> > Cc: [email protected] <mailto:[email protected]> > Subject: Re: [Ietf-dkim] Looking for a little help testing DKIM failure > reports, thank you. > > DKIM verifiers are not required to generate reports. It's completely > optional. Does the place you're sending to advertise somehow that they will > be generated? > > On Mon, Dec 17, 2018 at 8:36 AM Fazzina, Angelo <[email protected] > <mailto:[email protected]>> wrote: > Hi, I am trying to test my TXT records for the ability to report failures. > Talking about RFC 6651 > > These are my records > > dkim1._domainkey.mta5.uits.uconn.edu > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdomainkey.mta5.uits.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916294577&sdata=vM9oIARyakkvr%2B0MEePmLHTRA4O2thX57KWW4mgR9cI%3D&reserved=0> > text = "v=DKIM1\; k=rsa\; > p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/YIuJIABa9M7Ox5AXs6CP6z26d/i9JDrHW58YU/OzfsEr6yADboIOydCaiiVaNuwtkbx > catzd6/iutxWbAiY51rRAvVdBs2YIoGO6Glzeev66ft8IfMnHgxND438KIsdOjUmJZuglFJUWGzCYDSC1eq/zqDVncFwTxWkKW/qtxQIDAQAB" > > _report._domainkey.mta5.uits.uconn.edu > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdomainkey.mta5.uits.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916304590&sdata=MGqgIykiwGftuN%2BEBOF2PGI73WCTf5zqzWaX4ywI7T4%3D&reserved=0> > text = "ra=dkim-errors\; rp=100\; rr=all" > > > Here is a test email sig header > v=1; a=rsa-sha256; c=relaxed/simple; d=mta5.uits.uconn.edu > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmta5.uits.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916304590&sdata=Tnts9TCcl5Ew4iUUBm%2BgarAzWkfEoFiKADMaIh4UI%2Fc%3D&reserved=0>; > s=dkim1; t=1544820643; r=y; bh=9ZoLOUiYT9ubu7ykLiU305ZLqHeoTNV83po4QgGRepU=; > h=To:From:Subject:Date:From; > b=uPOMfVq7Ilr0/e2GEwEIiRotuX1gacod2Tmk7c1lfcYUpNTUznjUXPyNidTlbhrLA > ylDHc1xE1P/B1NBo0awxBN4Qbwjz8UWUC1vQpQsrenWnhr+Rp46g7KKqWWZ2Sjw0O0 > 0RV2EF9aD1UP5bd7qLtuQHQ9gye5cVCBv6uVdM7g= > > Here is a test email result header > spf=none (sender IP is 137.99.25.249) smtp.mailfrom=appmail.uconn.edu > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fappmail..uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916314590&sdata=fETLZXDMtAavWtbHlB6CWVCDniKTTLV3nLM8KFgHEVw%3D&reserved=0>;uconn.mail.onmicrosoft.com > > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fuconn.mail.onmicrosoft.com&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916314590&sdata=1LzykOrAlxDAmmIkkmYGWS0SaVqdAZ3kZT0VJlhcQQA%3D&reserved=0>; > dkim=fail (invalid public key) header.d=mta5.uits.uconn.edu > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmta5.uits.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916324595&sdata=3r180lJRsbT%2F4rvsbeDbOMfhYbsE3%2BJgwIbkYvu5o3Y%3D&reserved=0>;uconn.mail.onmicrosoft.com > > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fuconn.mail.onmicrosoft.com&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916324595&sdata=mlL9WGOqI2meDT0NW9nIYUFSD1HKYgswQW286lF5XkY%3D&reserved=0>; > dmarc=none action=none header.from=appmail.uconn.edu > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fappmail..uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916334604&sdata=CPfOWrDlnuTeyjcfrYfk6xhMmXVzwFIwtdL14Ou9m2Y%3D&reserved=0>;compauth=pass > reason=105 > > > So I can simulate a failure, but cannot seem to get a report emailed to > [email protected] <mailto:[email protected]> ? > > I made sure account exists on server: > [root@mta5 home]# ls -l /home/|grep dkim > drwx------. 2 dkim-errors dkim-errors 78 Dec 10 16:21 > dkim-errors > > > > How often are the failure reports generated ? did not see that mentioned in > the RFC’s ? > > Does anyone see anything obvious that I am doing wrong ? > Thank you. > > > -ANGELO FAZZINA > > ITS Service Manager: > Spam and Virus Prevention > Mass Mailing > G Suite/Gmail > > [email protected] <mailto:[email protected]> > University of Connecticut, ITS, SSG, Server Systems > 860-486-9075 > > _______________________________________________ > Ietf-dkim mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/ietf-dkim > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fietf-dkim&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916334604&sdata=oYg%2BrdpATbemNnI6afrabJYGmtuvJJZ6gSAbr%2Bd2Yeo%3D&reserved=0>_______________________________________________ > Ietf-dkim mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/ietf-dkim > <https://www.ietf.org/mailman/listinfo/ietf-dkim> -- Having an Email Crisis? We can help! 800 823-9674 Laura Atkins Word to the Wise [email protected] (650) 437-0741 Email Delivery Blog: https://wordtothewise.com/blog
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
