RE: Added SMTP-AUTH / TLS now mail doesn't sign

From: Steve Jenkins <steve_at_stevejenkins.com>
Date: Tue, 9 Nov 2010 15:47:24 -0800

Crap - I didn't change the selector name... :( I didn't even think about
in-transit messages.

-----Original Message-----
From: opendkim-users-bounce_at_lists.opendkim.org
[mailto:opendkim-users-bounce_at_lists.opendkim.org] On Behalf Of Murray S.
Kucherawy
Sent: Tuesday, November 09, 2010 3:41 PM
To: opendkim-users_at_lists.opendkim.org
Subject: RE: Added SMTP-AUTH / TLS now mail doesn't sign

> -----Original Message-----
> From: opendkim-users-bounce_at_lists.opendkim.org
[mailto:opendkim-users-bounce_at_lists.opendkim.org] On Behalf Of Steve Jenkins
> Sent: Tuesday, November 09, 2010 3:20 PM
> To: opendkim-users_at_lists.opendkim.org
> Subject: Added SMTP-AUTH / TLS now mail doesn't sign
>
> I don't know if it's correlated at all or not, but my outgoing mail
> stopped signing today. I'm now getting:
>
> result = fail
> Details: bad RSA signature
>
> When I send a test message to Brandon Chekett's test site.
>
> The only thing I did was add SMTP-AUTH and TLS to the mail server today,
to
> allow me to send signed mail from Outlook through the server. But that
> shouldn't have had anything to do with the DKIM keys, right?

Right, it should make no difference unless it causes one of the signed
fields to be altered post-signing. Using Diagnostics might help to spot
what's being changed.

> Just to be safe, I rebuilt the keys and re-pasted it into my DNS records,
> but I'm still not validating. Here's the output:

Uh oh... unless you changed the selector name you're using old messages in
transit will now fail because the keys don't match. This will confound
debugging efforts.
Received on Tue Nov 09 2010 - 23:47:33 PST