RE: Added SMTP-AUTH / TLS now mail doesn't sign

From: Murray S. Kucherawy <msk_at_cloudmark.com>
Date: Tue, 9 Nov 2010 15:40:37 -0800

> -----Original Message-----
> From: opendkim-users-bounce_at_lists.opendkim.org [mailto:opendkim-users-bounce_at_lists.opendkim.org] On Behalf Of Steve Jenkins
> Sent: Tuesday, November 09, 2010 3:20 PM
> To: opendkim-users_at_lists.opendkim.org
> Subject: Added SMTP-AUTH / TLS now mail doesn't sign
>
> I don't know if it's correlated at all or not, but my outgoing mail
> stopped signing today. I'm now getting:
>
> result = fail
> Details: bad RSA signature
>
> When I send a test message to Brandon Chekett's test site.
>
> The only thing I did was add SMTP-AUTH and TLS to the mail server today, to
> allow me to send signed mail from Outlook through the server. But that
> shouldn't have had anything to do with the DKIM keys, right?

Right, it should make no difference unless it causes one of the signed fields to be altered post-signing. Using Diagnostics might help to spot what's being changed.

> Just to be safe, I rebuilt the keys and re-pasted it into my DNS records,
> but I'm still not validating. Here's the output:

Uh oh... unless you changed the selector name you're using old messages in transit will now fail because the keys don't match. This will confound debugging efforts.
Received on Tue Nov 09 2010 - 23:40:45 PST