Hello Ole
Actually the sample should have been:
[sample start]
failed to parse Authentication-Results: header field
bad signature data
Milter insert (1): header: Authentication-Results:
server.my-domain.com;\n\tdkim=fail
reason="signature verification failed" (1024-bit key) header.d=
uconn.onmicrosoft.com header.i=_at_uconn.onmicrosoft.com header.b=JTRDdrro
[sample end]
DNS resolves it just fine on my end as well (it was the first thing I
tested).
It's more likely it's failing because it doesn't have a key to match the
query to, due to the header parse failure
Ken
On Thu, Jan 10, 2019 at 1:29 PM Ole Frendved Hansen <
ole.frendved.hansen_at_deic.dk> wrote:
> Hi Ken,
>
> But the problem could steam from DNS-problem in your installation?
>
> Referring to the sample in your first post:
>
> [sample start]
>>>
>>> failed to parse Authentication-Results: header field
>>>
>>> key retrieval failed (s=selector1-Q2e-onmicrosoft-com, d=
>>> Q2e.onmicrosoft.com
>>> <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2FQ2e.onmicrosoft.com&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cdc89ccec4d474d2e8b0008d677155dfe%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C1%7C636827331011749542&sdata=vsEsJ3Sd9xYZ6bvk0Cr%2F2p%2FyeHTlugX0WDrXjWZTLgk%3D&reserved=0>):
>>> 'selector1-Q2e-onmicrosoft-com._domainkey.Q2e.onmicrosoft.com
>>> <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdomainkey.Q2e.onmicrosoft.com&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cdc89ccec4d474d2e8b0008d677155dfe%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C1%7C636827331011905786&sdata=6dleojM7Fy3w85mlBcC2fgYjAogeIE3KE7emUiPKrN8%3D&reserved=0>'
>>> query failed
>>>
>>> [sample end]
>>>
>> I can look up the key easily:
> Query: selector1-Q2e-onmicrosoft-com._domainkey.Q2e.onmicrosoft.com
> Response:
>
> v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtFzLYI19GpU/IyAjIxj1OPYUaH/yw28tk8r9qsIMA3KBawuYxmypWEju36fCZDJbMGsTYqJKqvMZ7ZapgGlIs/6cq1VpfAC252hABuDhplPidECPz78HzCumqgot+lEWcy9DvjJmk40AnnAIe5g7F9zt8DH8hjWhQj9JOy6xoVwIDAQAB; n=1024,1452993956,1
>
> Best regards,
>
> Ole
> --
> ole.frendved.hansen_at_deic.dk
> DeiC, Danish e-Infrastructure Cooperation, www.deic.dk
>
>
>
>
> Den 10. jan. 2019 kl. 19.01 skrev Ken <kenfcamp_at_gmail.com>:
>
> For those following this, the test with Angelo using Outlook via Office
> 356 resulted in the same
> results I've been seeing
>
> On Thu, Jan 10, 2019 at 11:44 AM Ken <kenfcamp_at_gmail.com> wrote:
>
>> Thanks for the offer Angelo
>>
>> I think based on the amount of domains this is happening with along with
>> the fact it only happens with a very specific sending environment it's
>> confirmed.
>>
>> But if you'd like to try, you can send an email to kenfcamp_at_campbus.com.
>> I'd assume Outlook via O365 would be a good place to start, but I'm only
>> guessing on what's being used based on the companies involved.
>>
>> Ken
>>
>> On Thu, Jan 10, 2019 at 11:28 AM Fazzina, Angelo <
>> angelo.fazzina_at_uconn.edu> wrote:
>>
>>> Hi, I am willing to help conduct a test.
>>>
>>> What email address do you want me to send to ?
>>>
>>>
>>>
>>> Should I send using telnet commands or you want me to send with Outlook
>>> or T-bird client ?
>>>
>>> My domain _at_uconn.edu is on O365 but I have access to other smtp servers
>>> if you want me to send from them.
>>>
>>>
>>>
>>> Then you can check your logs again….
>>>
>>> Pretty sure we have default setup in O365 but I have opendkim setup on
>>> some smtp servers.
>>>
>>>
>>>
>>>
>>>
>>> -ANGELO FAZZINA
>>>
>>>
>>>
>>> *ITS Service Manager:*
>>>
>>> Spam and Virus Prevention
>>>
>>> Mass Mailing
>>>
>>> G Suite/Gmail
>>>
>>>
>>>
>>> angelo_at_uconn.edu
>>>
>>> University of Connecticut, ITS, SSG, Server Systems
>>>
>>> 860-486-9075
>>>
>>>
>>>
>>> *From:* opendkim-users-bounce_at_lists.opendkim.org <
>>> opendkim-users-bounce_at_lists.opendkim.org> *On Behalf Of *Ken
>>> *Sent:* Thursday, January 10, 2019 10:34 AM
>>> *To:* opendkim-users_at_lists.opendkim.org
>>> *Subject:* OpenDKIM bug ?
>>>
>>>
>>>
>>> I'm currently running OpenDKIM 2.10.3
>>>
>>> I'm seeing instances (thousands per day) where verification's fail with:
>>>
>>> [sample start]
>>>
>>> failed to parse Authentication-Results: header field
>>>
>>> key retrieval failed (s=selector1-Q2e-onmicrosoft-com, d=
>>> Q2e.onmicrosoft.com
>>> <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2FQ2e.onmicrosoft.com&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cdc89ccec4d474d2e8b0008d677155dfe%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C1%7C636827331011749542&sdata=vsEsJ3Sd9xYZ6bvk0Cr%2F2p%2FyeHTlugX0WDrXjWZTLgk%3D&reserved=0>):
>>> 'selector1-Q2e-onmicrosoft-com._domainkey.Q2e.onmicrosoft.com
>>> <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdomainkey.Q2e.onmicrosoft.com&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cdc89ccec4d474d2e8b0008d677155dfe%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C1%7C636827331011905786&sdata=6dleojM7Fy3w85mlBcC2fgYjAogeIE3KE7emUiPKrN8%3D&reserved=0>'
>>> query failed
>>>
>>> [sample end]
>>>
>>> This is occurring with legitimate sources.
>>>
>>> Banks, Stores, Technology companies, and seems to be limited to any
>>> domain using what appears to be Outlook/Office 365
>>>
>>>
>>>
>>> If it were one off (one domain out of thousands) I could easily chalk it
>>> up to bad sender configuration. But it's not, it's thousands of emails from
>>> hundreds of (valid) senders a day
>>>
>>> Any insight would be appreciated
>>>
>>> Thank you
>>>
>>
>
Received on Thu Jan 10 2019 - 19:22:19 PST