Hi,
I wanna signing domain fnhk.cz, celer (.ajetaci.cz) is from my own
domain, signing and verifying works well.
When I send email to elandsys, I got:
DKIM Signature validation: fail
DKIM Author Domain Signing Practices: "dkim=all"
If I use command for test adsp on the opendkim signing machine, adsp is ok:
opendkim-testadsp: fnhk.cz:
policy is "all"
policy result code is "author domain policy found"
And opendkim test keys binary don't show any problem message:
opendkim-testkey -d fnhk.cz -k ./mail.private -v -s mail
If I made a mistake for test it again, I got a error message. So I
suppose that no message from opendkim-testkey means no errors (-s mail
-> -s maillll)
For generating opendkim key I used command:
opendkim-genkey -s mail -d fnhk.cz
contains of the file mail.txt is in the fnhk.cz zone record, dig
from celer.ajetaci.cz:
dig +short -t txt mail._domainkey.fnhk.cz
"v=DKIM1\; r=postmaster\; g=*\; k=rsa\;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCe2YTzbZM8cF+o/xmJ3E1szp6hKJJeoO9CF94laBr6/9mBnlDwJLAcA8s3K5WYpvuVm3huEaeBeBpikIwrWsvm4VBwAS2LuzdH9oMVYxR1RID8Zj1HuR9QeJrviWFqJijExI5KHoWR8eKFI8RZVTHfQTvh6BbtVgAIk2eg3jxvgQIDAQAB"
So I'm out of the ideas :-/
I made a few dkims before, without any problems. I missed something :-/
Thanks and best regards
J.K.
Cituji "Murray S. Kucherawy" <msk_at_blackops.org>:
> On Tue, 8 Nov 2011, Josef Karliak wrote:
>> Hi,
>> I've some problems with opendkim with postfix on the opensuse 11.4 64-bit.
>> Email is signed, but verifiers don't accept it. Part of the email's header:
>> Authentication-Results: celer.ajetaci.cz; dkim=hardfail
>> (verification failed) header.i=_at_fnhk.cz; dkim-adsp=fail
>>
>> In the syslog I see:
>> Nov 8 13:22:00 celer dkim-filter[4888]: ED4D1C58FF SSL
>> error:04077068:rsa routines:RSA_verify:bad signature
>> Nov 8 13:22:00 celer dkim-filter[4888]: ED4D1C58FF: bad signature data
>
> You should update celer to opendkim as well, and test again.
>
> If it still fails, read opendkim/README's "DEBUG FEATURES" section
> and try using the tools described there. Let us know if you need
> further assistance.
>
> -MSK
>
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu,
zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and check. If you've problem with sending emails to me, start
using email origin methods mentioned above. Thank you.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Received on Wed Nov 09 2011 - 06:13:53 PST