Hi all,
I’ve just set up a mail server using Postfix and Dovecot, and I’ve set up OpenDKIM following various guides online. As far as I can tell it’s working correctly, except that whenever I mail validation services they always tell me that the signature doesn’t verify. I’ve attached the DKIM section of the report from the port25.com verifier below. The record from my DNS is correct and the canonicalised headers match the headers in the mail in my sent box, so I don’t think the headers have been modified in transit.
Am I missing something obvious? How should I go about debugging this?
Thanks for any guidance,
Colin
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: fail (signature doesn't verify)
ID(s) verified:
Canonicalized Headers:
date:Sat,'20'29'20'Mar'20'2014'20'00:28:08'20'+1300'0D''0A'
from:Cursive'20'<cursive_at_cursiveclojure.com>'0D''0A'
to:check-auth_at_verifier.port25.com'0D''0A'
subject:Check'20'me'20'please!'0D''0A'
dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/relaxed;'20'd=cursiveclojure.com;'20's=default;'20't=1396006125;'20'bh=vkxIhoVRhDarVvk5O//gWAjHR3ZY7ENhdzbqdNI641A=;'20'h=Date:From:To:Subject;'20'b=
Canonicalized Body:
--53355ce6_625558ec_9ca3'0D''0A'
Content-Type:'20'text/plain;'20'charset="utf-8"'0D''0A'
Content-Transfer-Encoding:'20'7bit'0D''0A'
Content-Disposition:'20'inline'0D''0A'
'0D''0A'
'0D''0A'
'0D''0A'
'0D''0A'
--53355ce6_625558ec_9ca3'0D''0A'
Content-Type:'20'text/html;'20'charset="utf-8"'0D''0A'
Content-Transfer-Encoding:'20'quoted-printable'0D''0A'
Content-Disposition:'20'inline'0D''0A'
'0D''0A'
<html><head><style>body=7Bfont-family:Helvetica,Arial;font-size:13px=7D</='0D''0A'
style></head><body'20'style=3D=22word-wrap:'20'break-word;'20'-webkit-nbsp-mode:'20's='0D''0A'
pace;'20'-webkit-line-break:'20'after-white-space;=22><div'20'id=3D=22bloop=5Fcust='0D''0A'
omfont=22'20'style=3D=22font-family:Helvetica,Arial;font-size:13px;'20'color:'20'r='0D''0A'
gba(0,0,0,1.0);'20'margin:'20'0px;'20'line-height:'20'auto;=22><br></div><br><div'20'id=3D='0D''0A'
=22bloop=5Fsign=5F1396006074855885056=22'20'class=3D=22bloop=5Fsign=22></div='0D''0A'
></body></html>'0D''0A'
--53355ce6_625558ec_9ca3--'0D''0A'
DNS record(s):
default._domainkey.cursiveclojure.com. 300 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjMwDDAe+yYRb64GF3fCsICIhhSxOdE1+ksO4xKHgBdHR8MgbdidJ6qIYqH/kAemeuMq73MyXLrisEcRXmgn776qVnFOmpOlsgQwWSWjhzoSAiZuteP+tRc/lor+iUPVytAvnbqiNYecHrX8J24gXwGOQJ8Yr7wrhdvvMz8yBxrwIDAQAB"
Public key used for verification: default._domainkey.cursiveclojure.com (1024 bits)
NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.
Received on Fri Mar 28 2014 - 12:38:32 PST