Robert,
Thank you so much for all of your help on both of these issues. You
have been a lifesaver for me. I just got a 10/10 score on
mail-tester.com (hooray, finally!). I couldn't have done this without you.
BTW.... re the public key in my DNS.... I regenerated the keys a few
times desperately trying to figure out how to get it working. One
generator assigned its own selector. So the DNS key had a different
selector than the one I had in my earlier post. It's all working now.
Thanks again.
Jerry
On 10/28/2014 3:16 AM, Robert Munn wrote:
I checked your DNS, looks like you removed your DKIM record.
Also, mxtoolbox.com says your SPF record type is deprecated.
I just got jDKIM working on my domain. Looks like another tutorial in the
works. It took a little investigation, but mail-tester.com is happy now. Here
is how you fix your broken sig problem.
<mailet match="All" class="org.apache.james.jdkim.mailets.ConvertTo7Bit"/>
<mailet match="All" class="org.apache.james.jdkim.mailets.DKIMSign">
<signatureTemplate>v=1; s=201410281226.pm; d=legacyavatar.com;
c=relaxed/relaxed; h=Message-ID:Date:Subject:From:To:MIME-Version:Content-Type;
a=rsa-sha256; bh=; b=;</signatureTemplate>
Note my changes to h= and addition of c= in my sig template. I hit the same
error you hit before I made these changes, based on this article:
http://www.gettingemaildelivered.com/dkim-explained-how-to-set-up-and-use-domainkeys-identified-mail-effectively
Make sure these mailers are just before the RemoteDelivery mailet. Looks like
you probably had that right already.
Thanks for making me aware of the sender issue and motivating me to add DKIM.
On Oct 27, 2014, at 3:30 PM, Jerry Malcolm <techst...@malcolms.com> wrote:
With the HELO problem finally resolved and behind me, I'm on to the next issue
that mail-tester.com is yelling at me about. It say my DKIM signature is
invalid. I have tried replacing the public/private keys in my DNS and in the
mailet config. I've tried different syntax options for the DNS record, etc.
Still nothing. Normally, I would assume that it's something I'm doing wrong.
But after the HELO problem, I first want to verify that others are indeed using
jDKIM with James 3 b5 successfully. (BTW... I said last night in a post that
I'm on b4.... incorrect... i'm on b5).
My dns server is ISC BIND. I'm assuming that could make a difference with
defining the dkim public key in the dns record.
Is anyone using this successfully?
Here's the latest report I get from mail-tester.com:
====================================
The DKIM signature of your message is:
v=1;
d=jwmhosting.com;
b=ST3jn85HmyWjjPoIxojUKGMMCvtFzlrgqJiVwZ/bd5bzZuVWK/gviYIBXHFuc1iTZ/0NHdGW0TgRk9E7tRsXXPYM4yOP9zna7WTDC20VrsBu/LQbyktpsINAbRDzJbaNmSGjcLlAUODnaFLJPpwktpNkJu4EbFtKyYT3Exb4mfs=;
s=primary;
a=rsa-sha256;
bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
h=from:to:received:received;
Your public key is:
"k=rsa;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfRF6NEFFahhyOSiy+ufRU6PMvUVzP31wJ16zNaLKG8ipL1S8rIDr7ZjkGiUdwqZ6BjNTddbmcH4AxTupNhANyXvJs+MxyJbMN3mkYHYn1evJGVqT85DrM7XrYMSVPK3Y4dfY4vhokQwATv+BwrW7K8QuwrDgvu8JdxM0muS/7lQIDAQAB"
Key length: 1024bits
Your DKIM signature is not valid
==================================
from my mailet config file:
<mailet match="All" class="org.apache.james.jdkim.mailets.ConvertTo7Bit"/>
<mailet match="All" class="org.apach1e.james.jdkim.mailets.DKIMSign">
<signatureTemplate>v=1; s=primary; d=jwmhosting.com; h=from:to:received:received;
a=rsa-sha256; bh=; b=;</signatureTemplate>
<privateKey>
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDfRF6NEFFahhyOSiy+ufRU6PMvUVzP31wJ16zNaLKG8ipL1S8r
IDr7ZjkGiUdwqZ6BjNTddbmcH4AxTupNhANyXvJs+MxyJbMN3mkYHYn1evJGVqT8
.......etc
.......etc
ASnFebXvbrI3MQzrvgz3AkEAs1Tn0TfzsKmri6zrqJak1EDojHPdbPAjEFCpunt4
+dRCWhtnwEGZ1REeEBiQsk9CM24VNknO0uJOKF3ZYb3lFA==
-----END RSA PRIVATE KEY-----
</privateKey>
</mailet>
Help??
Thx again.
Jerry
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2015.0.5315 / Virus Database: 4189/8469 - Release Date: 10/28/14
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
