On 24-01-13 20:26, Murray S. Kucherawy wrote:
> In addition to the other advice and comments so far:
>
> On Thu, 24 Jan 2013, L.W. van Braam van Vloten wrote:
>> I have followed the instructions
>> athttp://www.debiantutorials.com/setup-domainkeys-identified-mail-dkim-in-postf
>> ix/, where:
>>
>> My selector is "list"
>> My domain name is "list.ecompass.nl"
>>
>> I have added the following records to my DNS "ecompass.nl" zonefile:
>> _domainkey.list IN TXT "t=n;o=~"
>
> This is an old-style DomainKeys record, both in terms of its name and
> its content.
_at_Lucas: DKIM obsoleted DomainKeys (see 'obsoleted by' statement and
Category: Historic in RFC4870 and 'obsoletes' statement in RFC4871).
> It is not used by DKIM. This leads me to believe the instructions
> and steps you've followed are a bit of a mixture of valid and outdated
> instructions.
>
>> list._domainkey.list IN TXT "g=*;
>> k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRIUfe6fct5L75N0M2SOLVUE16THGX62egUTS
>> j8mzi8uFjO6+ZuI9F8G7sIaHhHQ6RITrqYvH7cNxU2VWhqV9UobEs3ZecCkzThDewdloUmZ0oOkHG
>>
>> mE6zlNnodRcbfP+1VxMNC2KTHhSc8ONk3hlYuI6zyTxkU68Kg7kpajNXjQIDAQAB"
>
> This means you'll be signing mail with a selector of "list" and a
> domain name of "list.<your-domain-here>". Is that correct?
>
>> Mail sent to an _at_yahoo.com address contains the following header:
>> DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=list.ecompass.nl;
>> s=list.private; t=1359040840;
>> bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
>> h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type:
>> Content-Transfer-Encoding;
>> b=aGYNtCgjRv45NOT+lR2r+PpzeBmSthzDKLiG7XIig//N2qpUxFEmUmscOoeYhr7Bm
>> uIxaL5dA0KcArlEheEIL66Yfx+Z5Zggdz5cSBMnjmFXyULgramQExWn1y8sSjdw1Xm
>> zZsr9UHvt2ZQ/O+Xn1yPc8cnXRyOA/fy52xMCaBM=
>
> A verifier looking at this will be trying to find a record at
> list.private._domainkey.lists.ecompass.nl. Is that what you intended?
Minor correction:
s/\.lists\./.list./
>
>> The test at http://dkimcore.org/c/keycheck says: "This is a valid
>> DKIM key
>> record"
>>
>> However this does not work properly:
>> - When I test "list._domainkey.list.ecompass.nl" at
>> http://domainkeys.sourceforge.net/selectorcheck.html gives me the
>> result:
>> "This selector is in error: Tag 'p': Invalid public key has no modulus"
>
> Then your selector configuration is in error (it should just be "list").
>
>> - mail sent from my server to an _at_yahoo.com address contains the header:
>> Authentication-Results: mta1092.mail.ac4.yahoo.com
>> from=list.ecompass.nl;
>> domainkeys=neutral (no sig); from=list.ecompass.nl; dkim=permerror
>> (no key)
>
> That matches what I said above.
Yep.
/rolf
Received on Thu Jan 24 2013 - 20:54:56 PST