When TXT selector._domainkey… is missing, OpenDKIM still adds AR-header
Update:
> The DKIM-Signature suggests obtaining the DNS TXT record selector1._domainkey.doccs.ny.gov , but this record does not
> exist, so OpenDKIM cannot validate DKIM-Signature.
>
Right now DNS TXT selector1._domainkey.doccs.ny.gov does exist. I don’t know what happened earlier, I was not able to
retrieve the record.
In any case, for this simple message:
From: <m2aieium_at_doccs.ny.gov>
Date: Thu, 31 Jan 2019 23:07:10 +0000
Subject: A D K T200
Message-Id: <eaiti2u_at_eiau>
To: ****_at_aegee.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=doccs.ny.gov;s=selector200;h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-
SenderADCheck;bh=nle3m1ypJwIQJcEYxNcs+Ir/fcHuMGnDz4yqI+qTars=;b=0M3G0N6YRSxSUP9QdLY5O9boBg+AxQf48/z10u8TgBHEYO4GJfEUoedS
H4qteMfrHDw+IQhpV+dRkv+pk0ggaxMkaWVgzGutk+NiZoRzpYoRCjcJwuCs2pRcqNpScxd/LseV2AnrAfBRi3W7Xs8ExaYN6H0Dcbm2zHqmU6oDf/k=
A B C 99200
DNS TXT selector200._domainkey.doccs.ny.gov does not exist, and on my system OpenDKIM adds:
Authentication-Results: mail.aegee.org/x11KMGTC013169; dkim=fail
reason="key not found in DNS" header.d=doccs.ny.gov header.i=_at_doccs.ny.gov
header.a=rsa-sha256 header.s=selector200 header.b=0M3G0N6Y
So my assumption, that OpenDKIM forgets inserting AR header, when the key is missing from DNS, was not verified. Why
there is no AR-header from OpenDKIM in your sample I cannot say, but this is significant.
OpenDKIM behaves correctly even if the non-existent domain blub.ny.gov is used.
Regards
Дилян
Received on Fri Feb 01 2019 - 20:34:26 PST
This archive was generated by hypermail 2.3.0
: Sat Feb 02 2019 - 06:00:00 PST