DKIM Signature Failing - DNS record lookup is incorrect
I believe [email protected] is broken. That appears to be the problem. Unless it gets fixed, just don't use it. Use the others.
Our DKIM is passing:
- Brandon Checketts Email Validator - http://www.brandonchecketts.com/emailtest.php
- Send a signed email to: [email protected]
- Send a signed email to: [email protected]
The only test it is failing is:
- Send a signed email to: [email protected]
Related videos on Youtube
09 : 19
04 : 01
12 : 43
02 : 24
21 : 13
Aspartame_Xu
Updated on September 18, 2022Comments
-
Aspartame_Xu over 1 year
I am running Ubuntu 12.04 on a Linode with Postfix and opendkim.
My DKIM signature is validating/passing when I test at http://www.brandonchecketts.com/emailtest.php but it is failing when I test with [email protected].
The problem is related to looking up the DNS record correctly. The elandsys test is looking up the DNS record incorrectly. I assume this is a problem with my configuration and I would like to know how to fix it.
The test at brandonchecketts.com looks up the DNS record correctly using:
Building DNS Query for list._domainkey.my_example.commonThe test at elandsys looks up the record incorrectly using:
no DNS record for _domainkey.list.my_example.comMy opendkim SigningTable includes this entry:
*@list.my_example.com list._domainkey.my_example.commonMy opendkim KeyTable includes this entry:
list._domainkey.my_example.com list.my_example.com:list:/etc/opendkim/list.privateI'll post the two tests in detail below. The first one shows DKIM validating correctly. The second shows the problem as reported by elandsys.
brandonchecketts.com DKIM Signature - PASS
Message contains this DKIM Signature: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=my_example.com; s=list; t=1336xx239; bh=cS8QYxxxsPwl7ZB=; h=Subject:From:To:Date:List-Id; b=VYpXM...rBHWA+ Signature Information: v= Version: 1 a= Algorithm: rsa-sha256 c= Method: relaxed/simple d= Domain: my_example.com s= Selector: list q= Protocol: bh= aS8QYiOQ..sPwl8ZE+ h= Signed Headers: Subject:From:To:Date:List-Id b= Data: VYpXM...rBHWA+ Public Key DNS Lookup Building DNS Query for list._domainkey.my_example.com Retrieved this publickey from DNS: v=DKIM1;k=rsa; t=y; p=TIGfMA..AQAC Validating Signature result = passelandsys DKIM Signature - FAIL
Date: Sat, 11 May 2012 11:45:05 -0700 (PDT) Message-Id: <[email protected]> From: [email protected] To: [email protected]_example.com Subject: Auto-response from dk.elandsys.com Sender: [email protected] Auto-Submitted: auto-replied This is an automatic response. Replies to this message will not generate an automatic response. Do not reply to this message except for reporting a problem. The results are as follows: DKIM Signature validation: DKIM-Signature could not be verified DomainKeys Signature validation: not available DomainKeys Policy: no DNS record for _domainkey.list.my_example.com DKIM Author Domain Signing Practices: no DNS record for _adsp._domainkey.list.my_example.com ADSP is not required for DKIM signature validation. Note: The authentication results are not available as there was no signature header or the signature could not be verifiedHere's some version info:
opendkim -V opendkim: OpenDKIM Filter v2.5.2 Compiled with OpenSSL 1.0.1 14 Mar 2012 SMFI_VERSION 0x1000001 libmilter version 1.0.1 Supported signing algorithms: rsa-sha1 rsa-sha256 Supported canonicalization algorithms: relaxed simple Active code options: USE_DB USE_LUA USE_UNBOUND _FFR_REPLACE_RULES _FFR_SELECTOR_HEADER _FFR_STATS libopendkim 2.5.2: dpkg -s postfix Package: postfix Status: install ok installed Priority: extra Section: mail Installed-Size: 3353 Maintainer: LaMont Jones <[email protected]> Architecture: amd64 Version: 2.9.1-4 Replaces: mail-transport-agent Provides: default-mta, mail-transport-agent Depends: libc6 (>= 2.14), libdb5.1, libsasl2-2, libsqlite3-0 (>= 3.5.9), libssl1.0.0 (>= 1.0.0), debconf (>= 0.5) | debconf-2.0, netbase, adduser (>= 3.48), dpkg (>= 1.8.3), lsb-base (>= 3.0-6), ssl-cert, cpio Recommends: python Suggests: procmail, postfix-mysql, postfix-pgsql, postfix-ldap, postfix-pcre, sasl2-bin, libsasl2-modules, dovecot-common, resolvconf, postfix-cdb, mail-reader, ufw Conflicts: libnss-db (<< 2.2-3), mail-transport-agent, smail Conffiles: /etc/init.d/postfix 4af3a2532cddca3e6d0bc5f7b4fc2f75 /etc/insserv.conf.d/postfix 7fe2d086ff4822fc9fe13adab1090dce /etc/ppp/ip-up.d/postfix fccc53fc4eeeab46941ebcc95a71e766 /etc/ppp/ip-down.d/postfix 52275dc23864f3bfca412c7558e28fe6 /etc/network/if-up.d/postfix fccc53fc4eeeab46941ebcc95a71e766 /etc/network/if-down.d/postfix 52275dc23864f3bfca412c7558e28fe6 /etc/postfix/postfix-script 0d01860b2f0778cf41951c801f538b30 /etc/postfix/post-install 4e9b37279a95246a5fe68afdbbbfd035 /etc/postfix/postfix-files ad34dcc8c31d057f6f20268b0aa16f29 /etc/rsyslog.d/postfix.conf d8a09827fff2a22311e4dd4a83e95c83 /etc/ufw/applications.d/postfix 5c7e746dc9255e750b8f50460de11a32 /etc/resolvconf/update-libc.d/postfix cfdfa512e14e80ab89cac7cc44b3a521 Description: High-performance mail transport agent Postfix is Wietse Venema's mail transport agent that started life as an alternative to the widely-used Sendmail program. Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different.