David,
I should have thought of doing that along with the elandysys.com
response and including the info. I'll just insert the dkim-related output and original
headers. I removed non-dkim-related chuff (and the canonicalized body for the passed
email - seemed immaterial and too long to include).
thanks,
Jim
This
one passed:
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: pass (matches From: emailtest_at_ipns.com)
ID(s) verified: header.d=ipns.com
Canonicalized Headers:
date:Thu,'20'06'20'Aug'20'2015'20'17:12:34'20'-0700'0D''0A'
from:Mail'20'Test'20'<emailtest_at_ipns.com>'0D''0A'
to:check-auth_at_verifier.port25.com,'20'autorespond+dkim_at_dk.elandsys.com'0D''0A'
subject:test'0D''0A'
dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/relaxed;'20'd=ipns.com;'20's=portland;'20't=1438906361;'20'bh=FzsRF3UnGHxEUgnZEVLAxZXLrNOsCyjfYZue4LoxbYE=;'20'h=Date:From:To:Subject:From;'20'b=
==========================================================
Original Email
==========================================================
Received: from r3428-6188.hosted.mailfoundry.net (66.18.21.70) by verifier.port25.com id
hofrvo20i3gp for <check-auth_at_verifier.port25.com>;
Thu, 6 Aug 2015 20:12:44 -0400 (envelope-from <emailtest_at_ipns.com>)
Authentication-Results: verifier.port25.com; spf=pass smtp.mailfrom=emailtest_at_ipns.com
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) header.From=emailtest_at_ipns.com
Authentication-Results: verifier.port25.com; dkim=pass (matches From: emailtest_at_ipns.com) header.d=ipns.com
Authentication-Results: verifier.port25.com; sender-id=pass header.From=emailtest_at_ipns.com
X-Envelope-From: emailtest_at_ipns.com
X-Envelope-To: autorespond+dkim_at_dk.elandsys.com
Received: From mail01.ipns.com (208.110.132.119) by r3428-6188.hosted.mailfoundry.net
(MAILFOUNDRY) id BaCXYDyZEeWHgQAl; Fri, 7 Aug 2015 00:12:42 -0000 (GMT)
Received: from [10.0.0.2] (c-71-56-157-55.hsd1.or.comcast.net [71.56.157.55])
(using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
(No client certificate requested)
(Authenticated sender: emailtest_at_ipns.com)
by mail01.ipns.com (Postfix) with ESMTPSA id 5A765F7604A;
Thu, 6 Aug 2015 17:12:38 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail01.ipns.com 5A765F7604A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipns.com;
s=portland; t=1438906361;
bh=FzsRF3UnGHxEUgnZEVLAxZXLrNOsCyjfYZue4LoxbYE=;
h=Date:From:To:Subject:From;
b=H1v79GI/1FFXTINDx5kbnSPkAInh9hxz4qb9kGpfBeBYjUAWvrJX07zPAcP401TTk
6XgQaI5JB7G7uSCAvXqS90tiA1DCQIo560HbMv0bvslNUIBJYSBoiGJAoc/2ldSrYK
U7jt+RbgZ011DIGqZoZlCyNPPSKg59wNzxmezFeo=
Message-ID: <55C3F7F2.60703_at_ipns.com>
Date: Thu, 06 Aug 2015 17:12:34 -0700
From: Mail Test <emailtest_at_ipns.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: check-auth_at_verifier.port25.com, autorespond+dkim_at_dk.elandsys.com
Subject: test
Content-Type: multipart/alternative;
boundary="------------010602080803090301050108"
This is a multi-part message in MIME format.
--------------010602080803090301050108
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
testing
=============================================
End of passed email. This one failed:
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: fail
Sender-ID check: pass
SpamAssassin check: ham
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: fail (wrong body hash: expected
Oz5zVLkdmDyhyj/uN7/5yK1ynvlslRyoAk4wD4v7WYE=)
ID(s) verified:
Canonicalized Headers:
date:Thu,'20'6'20'Aug'20'2015'20'17:11:40'20'-0700'0D''0A'
subject:testing'0D''0A'
from:"RISP'20'System'20'Administrator"'20'<sysadmin_at_ipns.com>'0D''0A'
to:check-auth_at_verifier.port25.com,'20'autorespond+dkim_at_dk.elandsys.com'0D''0A'
dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/relaxed;'20'd=ipns.com;'20's=portland;'20't=1438906297;'20'bh=t2W7yF+v4iJBEo7G/dZJvyp0iPEbJjnGP5SL+ZYQ6I8=;'20'h=Date:Subject:From:To:From;'20'b=
Canonicalized Body:
------=_20150806171140_66475'0D''0A'
Content-Type:'20'text/plain;'20'charset="utf-8"'0D''0A'
Content-Transfer-Encoding:'20'quoted-printable'0D''0A'
'0D''0A'
'0D''0A'
'0D''0A'
'0D''0A'
testing'0D''0A'
'0D''0A'
--'0D''0A'
'0D''0A'
RISP'20'System'20'&'20'Network'20'Operations'0D''0A'
'0D''0A'
Drizzle'20'-'20'IPNS'20'-'20'CSolutions'20'-'20'CNNW'20'-'20'Oregons'20'Best'20'-'20'ClipperNet'20'-'20'MyServLi='0D''0A'
nk'0D''0A'
'0D''0A'
'0D''0A'
'0D''0A'
24-hour'20'support'20'desk'20'-'20'503.205.4767'20'or'20'877.255.4767'0D''0A'
'0D''0A'
The'20'support'20'technicians'20'have'20'tools'20'to'20'trouble'20'shoot'20'in'20'real'20'time'0D''0A'
'0D''0A'
and'20'can'20'identify'20'and'20'help'20'correct'20'any'20'issues'20'immediately.'0D''0A'
'0D''0A'
=A0'0D''0A'
'0D''0A'
------=_20150806171140_66475'0D''0A'
Content-Type:'20'text/html;'20'charset="utf-8"'0D''0A'
Content-Transfer-Encoding:'20'quoted-printable'0D''0A'
'0D''0A'
<p>testing<br'20'/>'0D''0A'
--<br'20'/>'0D''0A'
RISP'20'System'20'&'20'Network'20'Operations<br'20'/>'0D''0A'
Drizzle'20'-'20'IPNS'20'-'20'CSolutions'20'-'20'CNNW'20'-'20'Oregons'20'Best'20'-'20'ClipperNet'20'-'20'MyServLi='0D''0A'
nk<br'20'/>'0D''0A'
<br'20'/>'0D''0A'
24-hour'20'support'20'desk'20'-'20'503.205.4767'20'or'20'877.255.4767<br'20'/>'0D''0A'
The'20'support'20'technicians'20'have'20'tools'20'to'20'trouble'20'shoot'20'in'20'real'20'time<br'20'/>'0D''0A'
and'20'can'20'identify'20'and'20'help'20'correct'20'any'20'issues'20'immediately.<br'20'/>'0D''0A'
</p>'0D''0A'
------=_20150806171140_66475--'0D''0A'
==========================================================
Original Email
==========================================================
Received: from r149-6325.hosted.mailfoundry.net (66.18.21.8) by verifier.port25.com
id hofrrq20i3gv for <check-auth_at_verifier.port25.com>; Thu, 6 Aug 2015 20:11:41 -0400
(envelope-from <sysadmin_at_ipns.com>)
Authentication-Results: verifier.port25.com; spf=pass smtp.mailfrom=sysadmin_at_ipns.com
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed)
header.From=sysadmin_at_ipns.com
Authentication-Results: verifier.port25.com; dkim=fail (wrong body hash: expected
Oz5zVLkdmDyhyj/uN7/5yK1ynvlslRyoAk4wD4v7WYE=)
Authentication-Results: verifier.port25.com; sender-id=pass
header.From=sysadmin_at_ipns.com
X-Envelope-From: sysadmin_at_ipns.com
X-Envelope-To: autorespond+dkim_at_dk.elandsys.com
Received: From mail02.ipns.com (208.110.132.120) by r149-6325.hosted.mailfoundry.net
(MAILFOUNDRY) id 3O8NsDyYEeWFGQAl; Fri, 7 Aug 2015 00:11:34 -0000 (GMT)
Received: from mail02.ipns.com (mail02.ipns.com [208.110.132.120])
by mail02.ipns.com (Postfix) with ESMTP id 285F4F7800D;
Thu, 6 Aug 2015 17:11:37 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail02.ipns.com 285F4F7800D
Authentication-Results: mail02.ipns.com;
dkim=fail reason="signature verification failed" (1024-bit key)
header.d=ipns.com
header.i=_at_ipns.com header.b=SKYp/i55
Received: from webmail1.reliableisp.net (list.ipns.com [208.110.132.123])
(Authenticated sender: sysadmin)
by mail02.ipns.com (Postfix) with ESMTPA id 0F00AF7800A;
Thu, 6 Aug 2015 17:11:37 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail02.ipns.com 0F00AF7800A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipns.com;
s=portland; t=1438906297;
bh=t2W7yF+v4iJBEo7G/dZJvyp0iPEbJjnGP5SL+ZYQ6I8=;
h=Date:Subject:From:To:From;
b=SKYp/i55SPXLfGgHL+T1fFzM/04256yVyDr1QtqkEstv/ZoXJYAcqjhkvvY2hYYPM
uA3Y3i8/cePcsFzCRee7tfkqNu0pI662zQB0PxXMzv37G3Pt2S8lf7FwQ9J4EZq+8s
A8XabTgFegMYxRHsmoOUdzuUnUPxgQsWaV8KmB+E=
Received: from 71.56.157.55
(SquirrelMail authenticated user sysadmin)
by webmail1.reliableisp.net with HTTP;
Thu, 6 Aug 2015 17:11:40 -0700
Message-ID: <ae1f521854060fcf91bd0d7b938ebe40.squirrel_at_webmail1.reliableisp.net>
Date: Thu, 6 Aug 2015 17:11:40 -0700
Subject: testing
From: "RISP System Administrator" <sysadmin_at_ipns.com>
To: check-auth_at_verifier.port25.com,
autorespond+dkim_at_dk.elandsys.com
User-Agent: SquirrelMail/1.4.23 [SVN]
MIME-Version: 1.0
Content-Type: multipart/alternative;boundary="----=_20150806171140_66475"
X-Priority: 3 (Normal)
Importance: Normal
------=_20150806171140_66475
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
testing
====================================================================
Same one that failed with elandsys.com check:
DKIM Signature validation: fail
DKIM Author Domain Signing Practices: no DNS record for _adsp._domainkey.ipns.com
ADSP is not required for DKIM signature validation.
Information about DKIM is available at
http://www.elandsys.com/resources/mail/dkim/opendkim.html
Information about ADSP is available at
http://www.elandsys.com/resources/mail/dkim/opendkim.html
Information about dkim-milter is available at
http://www.elandsys.com/resources/sendmail/dkim.html
Information about DomainKeys is available at
http://www.elandsys.com/resources/sendmail/domainkeys.html
Original message:
Received: from r149-6325.hosted.mailfoundry.net (r149-6325.hosted.mailfoundry.net
[66.18.21.8])
by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id t770BeD5028267
for <autorespond+dkim_at_dk.elandsys.com>; Thu, 6 Aug 2015 17:11:47 -0700 (PDT)
Authentication-Results: mx.elandsys.com; dkim=fail
reason="verification failed; unprotected key"
header.d=ipns.com header.i=_at_ipns.com header.b=SKYp/i55;
dkim-adsp=none (unprotected policy)
X-Envelope-From: sysadmin_at_ipns.com
X-Envelope-To: autorespond+dkim_at_dk.elandsys.com
Received: From mail02.ipns.com (208.110.132.120) by r149-6325.hosted.mailfoundry.net
(MAILFOUNDRY) id 3O8NsDyYEeWFGQAl; Fri, 7 Aug 2015 00:11:34 -0000 (GMT)
Received: from mail02.ipns.com (mail02.ipns.com [208.110.132.120])
by mail02.ipns.com (Postfix) with ESMTP id 285F4F7800D;
Thu, 6 Aug 2015 17:11:37 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail02.ipns.com 285F4F7800D
Authentication-Results: mail02.ipns.com;
dkim=fail reason="signature verification failed" (1024-bit key)
header.d=ipns.com
header.i=_at_ipns.com header.b=SKYp/i55
Received: from webmail1.reliableisp.net (list.ipns.com [208.110.132.123])
(Authenticated sender: sysadmin)
by mail02.ipns.com (Postfix) with ESMTPA id 0F00AF7800A;
Thu, 6 Aug 2015 17:11:37 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail02.ipns.com 0F00AF7800A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipns.com;
s=portland; t=1438906297;
bh=t2W7yF+v4iJBEo7G/dZJvyp0iPEbJjnGP5SL+ZYQ6I8=;
h=Date:Subject:From:To:From;
b=SKYp/i55SPXLfGgHL+T1fFzM/04256yVyDr1QtqkEstv/ZoXJYAcqjhkvvY2hYYPM
uA3Y3i8/cePcsFzCRee7tfkqNu0pI662zQB0PxXMzv37G3Pt2S8lf7FwQ9J4EZq+8s
A8XabTgFegMYxRHsmoOUdzuUnUPxgQsWaV8KmB+E=
Received: from 71.56.157.55
(SquirrelMail authenticated user sysadmin)
by webmail1.reliableisp.net with HTTP;
Thu, 6 Aug 2015 17:11:40 -0700
Message-ID: <ae1f521854060fcf91bd0d7b938ebe40.squirrel_at_webmail1.reliableisp.net>
Date: Thu, 6 Aug 2015 17:11:40 -0700
Subject: testing
From: "RISP System Administrator" <sysadmin_at_ipns.com>
To: check-auth_at_verifier.port25.com, autorespond+dkim_at_dk.elandsys.com
User-Agent: SquirrelMail/1.4.23 [SVN]
MIME-Version: 1.0
Content-Type: multipart/alternative;boundary="----=_20150806171140_66475"
X-Priority: 3 (Normal)
Importance: Normal
------=_20150806171140_66475
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
testing
============================================================
On Thu, August 6, 2015 3:52 pm, David Flanigan wrote:
> The key check url you used below only check that the keys are valid. Send an email
to
> check-auth_at_verifier.port25.com to check the entire process and get some better data
for
> troubleshooting. As noted already it seems likely that the message or header failed
the
> test which would normally happen if the message was edited post sending.
> On Aug 6, 2015
> 4:43 PM, RISP System Administrator wrote:
> Hello,
> We recently set up OpenDKIM and after a fudging around, got it to work
and checked
> results using http://dkimcore.org/c/keycheck, which came back successful for
all the
> domains we set up.
> However. When testing, we're seeing this header (real
domain munged):
> DKIM-Filter:OpenDKIM Filter v2.10.3 mail02.domain.com
> 2832AF78062Authentication-Results:mail02.domain.com; dkim=fail
> reason="signature verification failed"
(1024-bit key)
> header.d=domain.com header.i=@domain.com
header.b=CCeF8U5s
> I haven't been able to find out exactly what the issue is. We created
private keys
> and public keys using http://www.dnswatch.info/dkim/create-dns-record, which sets
up a
> 1024-bit key.
> Where should I look or what should I do to correct this?
> thanks,
> Jim
>
--
>
Received on Fri Aug 07 2015 - 01:59:46 PST