Re: dkim permerror: verification error: syntax error in key data
Yes, It was fixed with the help from Randy. After removing the beginning and
trailing double quotes in DNS TXT value, it is working perperly. Thanks a
lot for all the help from Murray, Steven and Randy. This is a very helpful
list.
On Sat, Feb 5, 2011 at 8:53 PM, Murray S. Kucherawy <msk_at_blackops.org>wrote:
> The port25.com verifier is complaining that there's an ASCII 0x22 (34
> decimal, or quote mark) character inside the base64 form of the key data.
> Typical base64 consists only of letters, numbers, "=", "+", and "/" with
> whitespace usually allowed in between for line breaks, so it's not a
> surprise that it would consider this an error.
>
> The sendmail.net autoresponder, which runs dkim-milter (OpenDKIM's
> antecedent) probably has your test messages quarantined because of the key
> format problem, which might be why you didn't get an answer. It might also
> be temp-failing for that reason; check your outbound queues.
>
> However, I don't see any bad characters or bad format when I looked just
> now at default._domainkey.xplist.com. Maybe it's been fixed since this
> thread started.
>
> The error from elandsys.com is more current OpenDKIM code, which ignores
> characters in base64 that aren't part of the standard base64 alphabet (which
> is what RFC4871 and RFC2045 say to do). The "syntax error in key data"
> means there was actually a syntax error in the overall key, and not
> necessarily in the base64 data. But again, the record looks fine to me now
> so maybe it's been fixed.
>
> The references to base64 and base32 are confusing. A key encoded with
> base32 will be garbage to a DKIM verifier, because they all expect base64.
> The base32 encoding scheme is used with ATPS, which is an experimental
> add-on to DKIM that you probably aren't using to begin with. But base32 is
> so rare (openssl doesn't support it, for example) that I have some doubts
> you're actually trying a base32 key. If you're referring to 32-bit builds
> vs 64-bit builds of the package, this has no effect on key encodings.
>
> A key generated by opendkim-genkey should work when copied directly into
> any BIND-style zone file. If it produced something that doesn't actually
> work, please do let us know so we can fix it.
>
> If you're still having trouble, try sending mail with your current settings
> to root_at_opendkim.org and I'll see what it looks like and, if it fails to
> verify, try to track down your problem.
>
> -MSK
>
Received on Sun Feb 06 2011 - 02:39:24 PST
This archive was generated by hypermail 2.3.0
: Mon Oct 29 2012 - 23:20:16 PST