Verify email with two DKIM signature from Alexandre Ellert on 2014-07-07 (OpenDKIM Users mailing list)

From: Alexandre Ellert <ellertalexandre_at_gmail.com>
Date: Mon, 7 Jul 2014 15:26:25 +0200

Hello,

I have an issue when opendkim setup in verify mode (inbound MX) checks
an email with two DKIM signature.
An recurrent exemple is calendar notification sent from Google Apps
when customer has defined a DKIM signature for its own domain. Google
sign it twice but opendkim seems to only notice about the first
signature in the Authentication-Results header. And I think that's why
opendmarc fail.

# email headers
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
client-ip=209.85.217.201; helo=mail-lb0-f201.google.com;
envelope-from=3q0c6uwymclgdpylaikcbgyjry.amklyrfyjgckcbgyjry.amk_at_calendar-server.bounces.google.com;
receiver=nathalie_at_exemple.com
Authentication-Results: mail.numeezy.com; dmarc=fail header.from=exemple.com
Authentication-Results: mail.numeezy.com; dkim=pass
    reason="2048-bit key; unprotected key"
    header.d=google.com header.i=_at_google.com header.b=iGijFGSr;
    dkim-adsp=pass; dkim-atps=neutral
Authentication-Results: mail.numeezy.com; spf=pass (sender SPF
authorized) smtp.mailfrom=calendar-server.bounces.google.com
(client-ip=209.85.217.201; helo=mail-lb0-f201.google.com;
envelope-from=3q0c6uwymclgdpylaikcbgyjry.amklyrfyjgckcbgyjry.amk_at_calendar-server.bounces.google.com;
receiver=nathalie_at_exemple.com)
Received: from mail-lb0-f201.google.com (mail-lb0-f201.google.com
[209.85.217.201])
    (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
    (No client certificate requested)
    by mail-in-1.numeezy.com (Postfix) with ESMTPS id 9AA4F1C0084
    for <nathalie_at_exemple.com>; Mon, 7 Jul 2014 08:39:40 +0200 (CEST)
Received: by mail-lb0-f201.google.com with SMTP id u10so335777lbd.2
        for <nathalie_at_exemple.com>; Sun, 06 Jul 2014 23:39:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=mime-version:reply-to:sender:auto-submitted:message-id:date:subject
         :from:to:content-type;
        bh=a54pSjbohP5FkUu5wGYg+kowDLM2rYRW8JbdmKGYW3s=;
        b=iGijFGSrqD7Kos2i4YHZ+wlEn5VHbilZCr5qSCQCZHq3GK4NswKls54owr5su18d0L
         givbSA1sVwLdLT6dkYd8BmhB2biEckG/cr4rskxIDU+6Q+j3rP+UWty4JEnKbVTkXugE
         qVyYo7YbW9gBC1g/+YLEBN9djZ63aXxlNiSnRUf+bGDzyU+HZYqmR/EiaXcErV9ICewA
         YVRSeHsiqihWmLA8jMkcPQ/KRCzFqtCR73aFCvQOs7M6iUgze97dgomL4xiCqFejxDWJ
         6yzG0EVgIhPLIbmQGp8olYjwo4XDVBJFTuRMnKviE6q4cXzCJn6OFlutSSJSkJOn4xLP
         Tugg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=exemple.com; s=google;
        h=mime-version:reply-to:sender:auto-submitted:message-id:date:subject
         :from:to:content-type;
        bh=a54pSjbohP5FkUu5wGYg+kowDLM2rYRW8JbdmKGYW3s=;
        b=irCFjq3JfpxWnnLSKeygD8FqWZ9/CLUP+S0hEM6GcpgxHZa4msqzgu1TxVf6ZGjQJ5
         yauSpb2Y9+PZsMG9p9LparSWH95myP8J37ZQLMByOyvEePj3CbA08zCLMMTMmMgJnaj5
         4MekY8XE4gDBHNYTga6Ips6/eclBOI9qKbCuc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:reply-to:sender:auto-submitted
         :message-id:date:subject:from:to:content-type;
        bh=a54pSjbohP5FkUu5wGYg+kowDLM2rYRW8JbdmKGYW3s=;
        b=lO8Kaik0IDGml5eZp83y/Xp4jZ0bOtLCTD/dTuPiyHnLWTa/voUjw+8Cb6IFOpzc1K
         /Z6yst+O5SzllncrczHDWH/c5vK0VYGUUwqSdFealVzNf23XOVgsYU8cX283m2/NT2VW
         +09PQZqSM1nq/DwWJrvv5wTQ2vfJjLnhdXZZb7SjVY5d5xxCrs1Cw9eZuRU56O8t/f3/
         ghreV/fhUWsqeFPD7fZwT3mqZR2Worv0dvmYYbfn0/HWS22bA8bsp3CcIgNqNcDUY9TB
         7PfclyJUr8KP1LTd0FIXUrpfXIDT17cR+Qtbvy6NS888Xe3aM12ghFf+cOkOA87aONit
         9o9w==
X-Gm-Message-State:
ALoCoQkncfmWWlFoBf1fkiUXP8pqJVw9Zprg4aI64Dkwrv5MN6aAW4kz/zBYrAtM6PCa9SUv2RiH
MIME-Version: 1.0
X-Received: by 10.194.243.35 with SMTP id wv3mr8338wjc.7.1404715179368; Sun,
06 Jul 2014 23:39:39 -0700 (PDT)
Reply-To: Franck Bersauter <franck_at_exemple.com>
Sender: Google Agenda <calendar-notification_at_google.com>
Auto-Submitted: auto-generated
Message-ID: <e89a8f646fbb46fe1f04fd94bdce_at_google.com>
Date: Mon, 07 Jul 2014 06:39:39 +0000
Subject: =?ISO-8859-1?Q?Accept=E9=3A_Victor_Partouche_Formation_contao_=2D_mer=2E_9?=
    =?ISO-8859-1?Q?_juil=2E_2014_15=3A00_=2D_17=3A00_=28Nathalie_Steiner=29?=
From: Franck Bersauter <franck_at_exemple.com>
To: "nathalie_at_exemple.com" <nathalie_at_exemple.com>
ITCFRLT-MBP1:~ aellert_at_IVSDOMAIN.FR$ $
-bash: $: command not found
ITCFRLT-MBP1:~ aellert_at_IVSDOMAIN.FR$ vi temp
ITCFRLT-MBP1:~ aellert_at_IVSDOMAIN.FR$ cat temp
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
client-ip=209.85.217.201; helo=mail-lb0-f201.google.com;
envelope-from=3q0c6uwymclgdpylaikcbgyjry.amklyrfyjgckcbgyjry.amk_at_calendar-server.bounces.google.com;
receiver=nathalie_at_exemple.com
Authentication-Results: mail.numeezy.com; dmarc=fail header.from=exemple.com
Authentication-Results: mail.numeezy.com; dkim=pass
    reason="2048-bit key; unprotected key"
    header.d=google.com header.i=_at_google.com header.b=iGijFGSr;
    dkim-adsp=pass; dkim-atps=neutral
Authentication-Results: mail.numeezy.com; spf=pass (sender SPF
authorized) smtp.mailfrom=calendar-server.bounces.google.com
(client-ip=209.85.217.201; helo=mail-lb0-f201.google.com;
envelope-from=3q0c6uwymclgdpylaikcbgyjry.amklyrfyjgckcbgyjry.amk_at_calendar-server.bounces.google.com;
receiver=nathalie_at_exemple.com)
Received: from mail-lb0-f201.google.com (mail-lb0-f201.google.com
[209.85.217.201])
    (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
    (No client certificate requested)
    by mail-in-1.numeezy.com (Postfix) with ESMTPS id 9AA4F1C0084
    for <nathalie_at_exemple.com>; Mon, 7 Jul 2014 08:39:40 +0200 (CEST)
Received: by mail-lb0-f201.google.com with SMTP id u10so335777lbd.2
        for <nathalie_at_exemple.com>; Sun, 06 Jul 2014 23:39:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=mime-version:reply-to:sender:auto-submitted:message-id:date:subject
         :from:to:content-type;
        bh=a54pSjbohP5FkUu5wGYg+kowDLM2rYRW8JbdmKGYW3s=;
        b=iGijFGSrqD7Kos2i4YHZ+wlEn5VHbilZCr5qSCQCZHq3GK4NswKls54owr5su18d0L
         givbSA1sVwLdLT6dkYd8BmhB2biEckG/cr4rskxIDU+6Q+j3rP+UWty4JEnKbVTkXugE
         qVyYo7YbW9gBC1g/+YLEBN9djZ63aXxlNiSnRUf+bGDzyU+HZYqmR/EiaXcErV9ICewA
         YVRSeHsiqihWmLA8jMkcPQ/KRCzFqtCR73aFCvQOs7M6iUgze97dgomL4xiCqFejxDWJ
         6yzG0EVgIhPLIbmQGp8olYjwo4XDVBJFTuRMnKviE6q4cXzCJn6OFlutSSJSkJOn4xLP
         Tugg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=exemple.com; s=google;
        h=mime-version:reply-to:sender:auto-submitted:message-id:date:subject
         :from:to:content-type;
        bh=a54pSjbohP5FkUu5wGYg+kowDLM2rYRW8JbdmKGYW3s=;
        b=irCFjq3JfpxWnnLSKeygD8FqWZ9/CLUP+S0hEM6GcpgxHZa4msqzgu1TxVf6ZGjQJ5
         yauSpb2Y9+PZsMG9p9LparSWH95myP8J37ZQLMByOyvEePj3CbA08zCLMMTMmMgJnaj5
         4MekY8XE4gDBHNYTga6Ips6/eclBOI9qKbCuc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:reply-to:sender:auto-submitted
         :message-id:date:subject:from:to:content-type;
        bh=a54pSjbohP5FkUu5wGYg+kowDLM2rYRW8JbdmKGYW3s=;
        b=lO8Kaik0IDGml5eZp83y/Xp4jZ0bOtLCTD/dTuPiyHnLWTa/voUjw+8Cb6IFOpzc1K
         /Z6yst+O5SzllncrczHDWH/c5vK0VYGUUwqSdFealVzNf23XOVgsYU8cX283m2/NT2VW
         +09PQZqSM1nq/DwWJrvv5wTQ2vfJjLnhdXZZb7SjVY5d5xxCrs1Cw9eZuRU56O8t/f3/
         ghreV/fhUWsqeFPD7fZwT3mqZR2Worv0dvmYYbfn0/HWS22bA8bsp3CcIgNqNcDUY9TB
         7PfclyJUr8KP1LTd0FIXUrpfXIDT17cR+Qtbvy6NS888Xe3aM12ghFf+cOkOA87aONit
         9o9w==
X-Gm-Message-State:
ALoCoQkncfmWWlFoBf1fkiUXP8pqJVw9Zprg4aI64Dkwrv5MN6aAW4kz/zBYrAtM6PCa9SUv2RiH
MIME-Version: 1.0
X-Received: by 10.194.243.35 with SMTP id wv3mr8338wjc.7.1404715179368; Sun,
06 Jul 2014 23:39:39 -0700 (PDT)
Reply-To: Franck Bersauter <franck_at_exemple.com>
Sender: Google Agenda <calendar-notification_at_google.com>
Auto-Submitted: auto-generated
Message-ID: <e89a8f646fbb46fe1f04fd94bdce_at_google.com>
Date: Mon, 07 Jul 2014 06:39:39 +0000
Subject: =?ISO-8859-1?Q?Accept=E9=3A_Victor_Partouche_Formation_contao_=2D_mer=2E_9?=
    =?ISO-8859-1?Q?_juil=2E_2014_15=3A00_=2D_17=3A00_=28Nathalie_Steiner=29?=
From: Franck Bersauter <franck_at_exemple.com>
To: "nathalie_at_exemple.com" <nathalie_at_exemple.com>

# postfix, opendkim logs
Jul 7 08:39:40 mail-in-1 opendkim[29481]: 9AA4F1C0084: message has
signatures from google.com, exemple.com
Jul 7 08:39:40 mail-in-1 opendkim[29481]: 9AA4F1C0084: DKIM
verification successful
Jul 7 08:39:40 mail-in-1 opendkim[29481]: 9AA4F1C0084: s=20120113
d=google.com SSL
Jul 7 08:39:40 mail-in-1 opendmarc[9751]: 9AA4F1C0084: exemple.com fail

# dmarc logs
job 9AA4F1C0084
reporter mail-in-1.numeezy.com
received 1404715180
ipaddr 209.85.217.201
from exemple.com
mfrom calendar-server.bounces.google.com
dkim google.com 0
spf 0
pdomain exemple.com
policy 17
rua mailto:mailauth-reports_at_numeezy.com
pct 100
adkim 115
aspf 115
p 113
sp 113
align_dkim 5
align_spf 5
action 4

# opendkim -V
opendkim: OpenDKIM Filter v2.9.2
    Compiled with OpenSSL 1.0.1e 11 Feb 2013
    SMFI_VERSION 0x1000001
    libmilter version 1.0.1
    Supported signing algorithms:
        rsa-sha1
        rsa-sha256
    Supported canonicalization algorithms:
        relaxed
        simple
    Active code options:
        QUERY_CACHE
        USE_DB
        USE_LDAP
        USE_LUA
        USE_ODBX
        USE_UNBOUND
        _FFR_ATPS
        _FFR_RBL
        _FFR_REPLACE_RULES
        _FFR_STATS
        _FFR_VBR
    libopendkim 2.9.2: atps query_cache

Thanks for your help.

Alexandre
Received on Mon Jul 07 2014 - 13:26:38 PST

This archive was generated by hypermail 2.3.0 : Mon Jul 07 2014 - 13:36:00 PST