Re: "unprotected key" with DNSSEC

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: SM <sm_at_resistor.net>
Date: Tue, 30 Aug 2016 19:44:14 -0700

Hi Jim,
At 16:39 30-08-2016, Jim Fenton wrote:
>I sent a test message to myself through a forwarder (I had some problems
>with the milter config after a Linux upgrade) and now it's signing and
>verifying, but reporting that the key is unprotected. But my domain is
>DNSSEC signed, so I wonder why I'm seeing this.

[snip]

>and Authentication-Results:
>
>Authentication-Results: v2.bluepopcorn.net; dkim=pass
> reason="1024-bit key; unprotected key"
> header.d=bluepopcorn.net header.i=_at_bluepopcorn.net
> header.b=WwWpOCSI; dkim-adsp=pass; dkim-atps=neutral
>
>
>Any ideas?

This is what is results for your email to the list:

Authentication-Results: mx.elandsys.com; dkim=pass
         reason="1024-bit key; secure key"
         header.d=bluepopcorn.net header.i=_at_bluepopcorn.net
         header.b=Wml4M0eS; dkim-adsp=pass

Did you set "TrustAnchorFile" to point to the DNSSEC "root key".

Regards,
-sm
Received on Wed Aug 31 2016 - 02:44:28 PST

This archive was generated by hypermail 2.3.0 : Wed Aug 31 2016 - 02:54:00 PST