Re: "unprotected key" with DNSSEC

From: Jim Fenton <fenton_at_bluepopcorn.net>
Date: Tue, 30 Aug 2016 22:06:17 -0700

On 8/30/16 7:44 PM, SM wrote:
> Hi Jim,
> At 16:39 30-08-2016, Jim Fenton wrote:
>> I sent a test message to myself through a forwarder (I had some problems
>> with the milter config after a Linux upgrade) and now it's signing and
>> verifying, but reporting that the key is unprotected. But my domain is
>> DNSSEC signed, so I wonder why I'm seeing this.
>
> [snip]
>
>> and Authentication-Results:
>>
>> Authentication-Results: v2.bluepopcorn.net; dkim=pass
>> reason="1024-bit key; unprotected key"
>> header.d=bluepopcorn.net header.i=_at_bluepopcorn.net
>> header.b=WwWpOCSI; dkim-adsp=pass; dkim-atps=neutral
>>
>>
>> Any ideas?
>
> This is what is results for your email to the list:
>
> Authentication-Results: mx.elandsys.com; dkim=pass
> reason="1024-bit key; secure key"
> header.d=bluepopcorn.net header.i=_at_bluepopcorn.net
> header.b=Wml4M0eS; dkim-adsp=pass
>
> Did you set "TrustAnchorFile" to point to the DNSSEC "root key".

Thanks, SM. I wasn't aware of that option, and haven't set TrustAnchorFile.

-Jim
Received on Wed Aug 31 2016 - 05:06:35 PST

This archive was generated by hypermail 2.3.0 : Wed Aug 31 2016 - 05:09:00 PST