Re: Opendkim on Linux-Debain with ispCP Omega

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Sun, 28 Aug 2011 09:55:04 -0700 (PDT)

On Sun, 28 Aug 2011, Subscribe wrote:
>> dkim=permerror (verification error: signature timestamp in the future)
>>
>> Verify the time is correct on the computer where the message is DKIM
>> signed.
>
> I live in Canada and my server is in Dallas, Texas so I have the sever
> time set to match my time over here because I connect a audio encoder
> from here to Dallas but if I have to I will change back to Dallas time.

DKIM implementations standardize on a reference time, namely the number of
seconds since midnight, January 1, 1970, UTC. So since they all basically
operate in a single time zone, it doesn't really matter where you're
located.

The complaint from the software is that the clock on the machine doing the
signing is substantially in the future from what the receiver thinks the
time is.

At a guess, your machine in Dallas is configured for the Central time
zone, but you have the actual time set to Eastern. You'll have to fix one
or the other.

> From the CONFIGURING OPENDKIM in the readme file "opendkim-testkey -d
> DOMAIN -s SELECTOR -k" I test: ~# opendkim-testkey -d cakafete.com -s
> mail -k /etc/mail/opendkim/keys/cakafete.com/mail and the result is:
> opendkim-testkey: empty key record, but I do have a key in "mail" which
> is my chosen selector.

As SM showed, it looks like that key is not present in your DNS. This
prevents verification, because the verifier can't get your public key.

-MSK
Received on Sun Aug 28 2011 - 16:55:20 PST