opendkim signed messages 'fail' spamassassin-based DKIM signature verification with 'OPENSSL ERROR: DATA TOO LARGE FOR KEY SIZE' ?

From: <dchilton_at_bestmail.us>
Date: Thu, 14 Apr 2011 23:05:13 -0700

hi,

i'm in the process of securing a new postfix server, and have set up
OpenDkim v2.3.1 as a postfix milter for use in signing outbound mail.

i've checked outbound email with port25.com's DKIM verifier, and it
reports a 'neutral', caliming the message is NOT signed,

   ----------------------------------------------------------
   DKIM check details:
   ----------------------------------------------------------
   Result: neutral (message not signed)
   ID(s) verified:


checking further by receiving at another of my own servers, the rec'd
message sure looks to be signed, but FAILs an inbound Spamassassin DKIM
test. The message's headers include:

...
 X-Spam-Report:
         * -0.0 BAYES_20 BODY: Bayes spam probability is 5 to 20%
         * [score: 0.1540]
         * 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not
         valid
 X-Spam-Checker-Version: SpamAssassin 3.3.0
 Received: from [1.2.3.4] (HELO mydomain1.com)
   by mail.mydomain2.com (SMTP 4)
   with ESMTP-TLS id 7730256 for dchil_at_mydomain2.com; Thu, 14 Apr 2011
   22:05:28 -0700
 Received: from mydomain1.com (localhost [127.0.0.1])
         (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
         (No client certificate requested)
         by submit.mydomain1.com (submit.mydomain1.com) with ESMTPSA id
         046702BE81
         for <dchil_at_mydomain2.com>; Thu, 14 Apr 2011 22:04:21 -0700
         (PDT)
 X-DKIM: OpenDKIM Filter v2.3.1 submit.mydomain1.com 046702BE81
 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
         d=mydomain1.com; s=key1.mydomain1; t=1302843928;
         bh=ziDRZu6L4pppDdxZfoTWiCKctnXcJu+3txAkk95Dc0I=;
         h=From:To:Subject;
         z=From:=20test=20<test_at_mydomain1.com>|To:=20D=20Chil=20<dch
          il_at_mydomain2.com>|Subject:=20TEST;
         b=IzMja8RqXBUdSsOYKELpQPXZdo7N56Eso1KuXs7KchO84pUheiKxzj3sMCwoIrhLT
          GvIxLwgEq9dbRZZHl/wdhmgKrR+CU5XWP912zxGieE/BqPclXA8TaJ9+GbKjRU/99x
          dh4Qtcoq1reahaoxlbHSpubNSJxPUHyFwNER6+8Q=
...

looking at Spamassassin's logs, i see,

        Apr 14 22:19:24.817 [12200] dbg: dkim: signature verification
        result: FAIL (OPENSSL ERROR: DATA TOO LARGE FOR KEY SIZE)

searching, i'm not having much luck tracking this down, but suspect it's
a misconfiguration of my opendkim.conf

my dkim keys were simply generated using openssl,

 openssl genrsa -out dkim.mydomain1.com.pem 1024
 openssl rsa -in dkim.mydomain1.com.pem -out
 dkim.mydomain1.com.pubkey.pem -pubout -outform PEM

any suggestions as to what to do about this?

thanks,

DCh
Received on Fri Apr 15 2011 - 06:05:26 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:17 PST