RE: Opendkim domain keys header

From: Murray S. Kucherawy <msk_at_cloudmark.com>
Date: Fri, 18 Jun 2010 10:55:28 -0700

> -----Original Message-----
> From: opendkim-users-bounce_at_lists.opendkim.org [mailto:opendkim-users-
> bounce_at_lists.opendkim.org] On Behalf Of Sharma, Ashish
> Sent: Friday, June 18, 2010 8:13 AM
> To: SM
> Cc: opendkim-users_at_lists.opendkim.org
> Subject: RE: Opendkim domain keys header
>
> SM,
>
> My postfix logs have following logs:
>
> Jun 18 11:03:42 ip-10-194-99-63 lt-opendkim[7564]: (unknown-jobid)
> mail-iw0-f176.google.com [209.85.214.176] not internal
> Jun 18 11:03:42 ip-10-194-99-63 lt-opendkim[7564]: (unknown-jobid) not
> authenticated
> Jun 18 11:03:42 ip-10-194-99-63 lt-opendkim[7564]: 9CB22100293 dk_eom()
> returned status 6: d2i_PUBKEY_bio() failed
> Jun 18 11:03:42 ip-10-194-99-63 lt-opendkim[7564]: 9CB22100293 s=gamma
> d=gmail.com SSL error:0D06B08E:asn1 encoding
> routines:ASN1_D2I_READ_BIO:not enough data
>
> Does this indicates anything for DomainKeys verification not working?

It explains why you're not getting a result. libdk is getting the public key from gmail.com's DNS, but when passed to your libcrypto library (which is where d2i_PUBKEY_bio() lives), that error is being returned. Apparently the key data is malformed, or at least your libcrypto is reporting that the record can't be parsed.

However, it does work for me. The question is why is your side different.

Which version of openssl do you have installed? I compiled against the libdk from dk-milter-1.0.2 and openssl-0.9.7e and I was able to get successful message validation for DK with the very same key from gmail.com.
Received on Fri Jun 18 2010 - 17:55:38 PST