leeyc0 wrote:
>
>> I changed to use 1024 bit RSA key, and seems the email passed DKIM
>> validation. Seems that my perl installation at iwtek.net somehow cannot
>> validate 2048 bit RSA DKIM signatures. Does anyone have some clue?
>
> That is possible too, the DNS packet is probably larger than 512 bytes,
> and perhaps your DNS resolver does not fallback to TCP or EDNS0, or
> you have TCP on port 53 blocked at a firewall.
>
> Mark
>
>
Turns out the problem is here is the classic problem of "I got a old (or
broken?) system". I tried to use Mail::DKIM library directly to debug the
problem, and got this error message when a email with RSA 2048 bit signature
is fed into.
verify result: invalid (public key: Bad arg length for
Socket::unpack_sockaddr_in, length is 4095, should be 16 at
/usr/local/lib/perl5/5.8.6/i686-linux/Socket.pm line 370, <STDIN> line 41.)
Feeding a email with RSA 1024 bit signature doesn't have any problem.
After some struggle and tracing every bit of code (including tracing
installing cpan packages!), apparently it is a bug in the latest
Net::DNS::Packet::Resolver::Base send_tcp function call...
--
View this message in context:
http://old.nabble.com/the-dkim-sigature-is-valid%2C-but-still-triggered-T_DKIM_INVALID-in-mail-server-tp28178215p28186774.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
