RE: Problem signing MultipleSignatures from LDAP

From: Murray S. Kucherawy <msk_at_cloudmark.com>
Date: Mon, 21 Nov 2011 10:15:20 -0800

> -----Original Message-----
> From: opendkim-users-bounce_at_lists.opendkim.org [mailto:opendkim-users-bounce_at_lists.opendkim.org] On Behalf Of Patrick Ben Koetter
> Sent: Monday, November 21, 2011 3:27 AM
> To: opendkim-users_at_lists.opendkim.org
> Subject: Problem signing MultipleSignatures from LDAP
>
> I am having trouble with "bad identity" signatures for sender
> signatures, but not for domain level signatures.
> [...]

It sounds like you have something either in your KeyTable or your SigningTable that's causing this. You can replicate the query and results by doing this:

1) "opendkim -Q"

2) At the first prompt, enter the data set name (starting with "ldap:") that you have for the SigningTable.

3) At the second prompt, enter the user_at_host found in the From: of the message you're signing, followed by "/2" (e.g., "user_at_host/2"). This shows you what is returned from the SigningTable query for that address, which can return up to two values. The first of these will be the name of the key to be used for signing.

4) CTRL-D to exit.

5) "opendkim -Q" again.

6) At the first prompt, enter your KeyTable data set name.

7) At the second prompt, enter the key name returned in step 3 above, followed by "/3" (e.g., "samplekey/3"). This will return the signing domain, selector, and key to be used in signature generation.

With that information I can probably reconstruct what's going on in your tests.

-MSK
Received on Mon Nov 21 2011 - 18:15:33 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:21 PST