All,
we are sitting on a test setup and have problems verifying DKIM signatures.
Our testdomains are subdomains of example.com.
Retrieving the public key using dig works as expected:
# dig -t TXT 201208._domainkey.gregor.example.com +short
"v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFT9T5GxWQhD57KcNEKs/NPeNvjhUcywGs+SGIgf5bIuqVRYi49ojWsTVubm2BUq+rfHPvhJ/koWiuvu8jzwdy12It0FeeoRauF68ELiH4PfzjlXzYrritzNoGdmCNfeqBg+28q6kc4dAaNL0/xuGuIovI3N3EZ/WsPjQyfDQOTwIDAQAB"
However opendkim-testkey reports 'empty key record'. The same goes for
messages that should be verified. The Authentication-Results:-header reports a
verification error:
Authentication-Results: patrick.example.com; dkim=permerror
(verification error: empty key record; insecure key)
header.i=_at_gregor.example.com; dkim-adsp=nxdomain
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gregor.example.com;
s=201208; t=1343917115;
bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=;
h=From:To:Date:Subject;
b=wsq+gwxTInaTUwjlXosao7hlnRuPYP40LKIAUyCdHjFIHwuLrgTgalRMJHUVGjizz
7mfr2VX3oiX8cF3gvRgfBeOlVrvkHMkYVNNuggKyJ7yoSpunjjtFd2Bu6XUHIzKGlP
Y7+5I7caHbWgUh1mqFrNLVQQOQ+BxbQ/PROkGI/g=
Is it because opendkim uses its own resolver library and ignores settings in
resolv.conf?
p_at_rick
--
state of mind ()
http://www.state-of-mind.de
Franziskanerstraße 15 Telefon +49 89 3090 4664
81669 München Telefax +49 89 3090 4666
Amtsgericht München Partnerschaftsregister PR 563
Received on Thu Aug 02 2012 - 14:37:27 PST