* Murray S. Kucherawy <msk_at_cloudmark.com>:
> > -----Original Message-----
> > From: opendkim-users-bounce_at_lists.opendkim.org [mailto:opendkim-users-bounce_at_lists.opendkim.org] On Behalf Of Patrick Ben Koetter
> > Sent: Monday, November 21, 2011 3:27 AM
> > To: opendkim-users_at_lists.opendkim.org
> > Subject: Problem signing MultipleSignatures from LDAP
> >
> > I am having trouble with "bad identity" signatures for sender
> > signatures, but not for domain level signatures.
> > [...]
>
> It sounds like you have something either in your KeyTable or your SigningTable that's causing this. You can replicate the query and results by doing this:
>
> 1) "opendkim -Q"
>
> 2) At the first prompt, enter the data set name (starting with "ldap:") that you have for the SigningTable.
>
> 3) At the second prompt, enter the user_at_host found in the From: of the message you're signing, followed by "/2" (e.g., "user_at_host/2"). This shows you what is returned from the SigningTable query for that address, which can return up to two values. The first of these will be the name of the key to be used for signing.
>
> 4) CTRL-D to exit.
>
> 5) "opendkim -Q" again.
>
> 6) At the first prompt, enter your KeyTable data set name.
>
> 7) At the second prompt, enter the key name returned in step 3 above, followed by "/3" (e.g., "samplekey/3"). This will return the signing domain, selector, and key to be used in signature generation.
>
> With that information I can probably reconstruct what's going on in your tests.
Here it is:
root_at_play:~# opendkim -Q
opendkim: enter data set description
csl:entry1[,entry2[,...]]
file:path
refile:path
db:path
dsn:<backend>://[user[:pwd]_at_][port+]host/dbase[/key=val[?...]]
ldapscheme://host[:port][/dn[?attrs[?scope[?filter[?exts]]]]]
lua:path
> ldap://localhost/ou=people,dc=example,dc=com?DKIMSelector?sub?(DKIMIdentity=$d)
opendkim: enter 'query/n' where 'n' is number of fields to request
> alice_at_play.state-of-mind.de/2
'alice-2011'
<empty>
opendkim: enter 'query/n' where 'n' is number of fields to request
>
root_at_play:~# opendkim -Q
opendkim: enter data set description
csl:entry1[,entry2[,...]]
file:path
refile:path
db:path
dsn:<backend>://[user[:pwd]_at_][port+]host/dbase[/key=val[?...]]
ldapscheme://host[:port][/dn[?attrs[?scope[?filter[?exts]]]]]
lua:path
> ldap://localhost/ou=people,dc=example,dc=com?DKIMIdentity,DKIMSelector,DKIMKey,?sub?(DKIMSelector=$d)
opendkim: enter 'query/n' where 'n' is number of fields to request
> alice-2011/3
'alice_at_play.state-of-mind.de'
'alice-2011'
'-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDraoXQcnJcciaH1hj262XVtIYu5MwCT0uwWc1i/tq1SPOniEpv
UxczS3wtrL7P2WwqSyWzWx7pcxCsj5unB5u9s1Ohu3QRrfyXd5Txzz9ZbUdV8C1V
8m+CtUSu0yKceBn8bHc2B309UJYnZnx6Zq6Xe3PE0E9rzpeHtbHa4pj5uQIDAQAB
AoGBAK7eFIIO0SYcYMSb4zVfC+jfTKD+sQ+yKS3YtvinCHyKsPqsAWaKGPywQJCI
9b/c6DzOTzXYJLESGLulfOBohWTKWv0ee/GW4mKS7VH9f7m/uGBKSsqPzzK9YYiU
5leOCoOLZRvevf0/8YWks4VtoVeyXiJ/AdrBv9dzh1K6FUbRAkEA99lrhhG4xUrb
olN7OfAUeEYt2uJQnvV06+mVp0gjjv9UscIlcGYk23/JpfImWENGLa0P2kYBOOUr
+g3PYMdP7QJBAPMobkpUT7Zc90apIlg8fpG9e2NtQChUh6uUWwN2J4upVkxm7z16
Hgw5baXnbvLaq1xq2SKWPFjMKscNrPVWX30CQQCCAAmU9eCrozsWpqEA37ts5qqQ
n5pX9jlQsGFtr7nu/GApKMNIdFsqwpk7MIsKSqcZuCeTfpqPhC0P6IR4p7J1AkEA
0locp1Kurs1X4Zn5qymSORQZhRcDFKCjyYwK/ECfz1NL48Z8mstk6SBZOdevhIol
Ckso0qHzTMI7E35CLO9upQJAPVAXcka0/1+/EYHZ/tm5MVyS8vzbJ9tyfJM0uWWH
MWw5P/1/uPGZlylrr9JZBOrBja9y8t2VmuoV/MYAMND9yg==
-----END RSA PRIVATE KEY-----'
opendkim: enter 'query/n' where 'n' is number of fields to request
>
p_at_rick
--
state of mind ()
http://www.state-of-mind.de
Franziskanerstraße 15 Telefon +49 89 3090 4664
81669 München Telefax +49 89 3090 4666
Amtsgericht München Partnerschaftsregister PR 563
Received on Mon Nov 21 2011 - 19:34:16 PST