Re: gmail.com SSL error:04091068:rsa routines:INT_RSA_VERIFY:bad signature

From: <shmick_at_riseup.net>
Date: Fri, 24 Oct 2014 20:59:16 +1100

.::AMP::. wrote:
> I am getting bizzare messages in my maillog regarding Gmail incoming
> emails:
> opendkim[77069]: D94BD11B4D: s=20120113 d=gmail.com SSL
> error:04091068:rsa routines:INT_RSA_VERIFY:bad signature
> opendkim[77069]: D94BD11B4D: bad signature data
>
> in this same time I got no problems with other providers:
> opendkim[77069]: E32FE11B57: s=20140625 d=mx.aol.com SSL
> opendkim[77069]: 5FAA211BC2: s=mail2010 d=opendkim.org SSL
>
> Here are some header from the failed gmail message:
> dkim=fail reason="signature verification failed" (2048-bit key;
> unprotected) header.d=gmail.com header.i=_at_gmail.com header.b=CutzcWz6;
> dkim-adsp=none (unprotected policy)
>
> For the test I send an email from Gmail to AOL account and here are the
> headers:
> X-AOL-SCOLL-AUTHENTICATION: mtaiw-aak04.mx.aol.com ; domain : gmail.com
> DKIM : pass
> X-AOL-SCOLL-DMARC: mtaiw-aak04.mx.aol.com ; domain : gmail.com ; policy
> : none ; result : P
> Authentication-Results: mx.aol.com;
> spf=pass (aol.com: the domain gmail.com reports 209.85.212.180 as a
> permitted sender.) smtp.mailfrom=gmail.com;
> dkim=pass (aol.com: email passed verification from the domain
> gmail.com.) header.d=gmail.com;
> dmarc=pass (aol.com: the domain gmail.com reports that Both SPF and
> DKIM strictly align.) header.from=gmail.com;
>
> I am looking for a way to solve this, what is the core problem and how
> do I overcome this?
> When I saw Gmail passed the AOL verification I started wondering is this
> something on my end I need to take care about.
>
> Thanks
> Nick

what is your dkim version/implementation and operating system ?

on a debian jessie install from the repos and compiled myself with
openssl 'i' and 'j' i get the same errors - i don't know why either
Received on Fri Oct 24 2014 - 09:59:36 PST