Discussion:
[dkim-milter-discuss] DKIM Verification failed on gmail and others
Pablo Garcia Melga
2010-09-27 23:11:53 UTC
Permalink
Hi, I just configured my email server to Sign outgoing mail with
dkim-milter 2.83.
When I send a mail to gmail I get :

dkim=neutral (bad format) header.i=@zonacitas.com


this is my test email source:

Delivered-To: ***@gmail.com
Received: by 10.231.139.151 with SMTP id e23cs183650ibu;
Mon, 27 Sep 2010 15:49:22 -0700 (PDT)
Received: by 10.150.69.20 with SMTP id r20mr9930730yba.304.1285627762101;
Mon, 27 Sep 2010 15:49:22 -0700 (PDT)
Return-Path: <***@zonacitas.com>
Received: from mail05.dridco.com (mail05.dridco.com [190.221.0.26])
by mx.google.com with ESMTP id q21si12805497ybk.55.2010.09.27.15.49.20;
Mon, 27 Sep 2010 15:49:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of ***@zonacitas.com
designates 190.221.0.26 as permitted sender) client-ip=190.221.0.26;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
***@zonacitas.com designates 190.221.0.26 as permitted sender)
smtp.mail=***@zonacitas.com; dkim=neutral (bad format)
header.i=@zonacitas.com
Received: from pgarcia.deremate.bue (unknown [10.152.0.17])
by mail05.dridco.com (Postfix) with ESMTP id E1859194002
for <***@gmail.com>; Mon, 27 Sep 2010 19:49:19 -0300 (GMT+3)
X-DKIM: Sendmail DKIM Filter v2.8.3 mail05.dridco.com E1859194002
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=zonacitas.com; s=alpha;
t=1285627759; bh=cr0mRUeJkUDN5bf6L5umjQzQKc8=;
h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
Content-Transfer-Encoding;
b=vRKWUN8dkcIByLvJVqPomEs8RHq+e0dswSM3s5KiG7Q4CPO3hIaiKWLYLnHfvpxG3
phY14WkRMEE3GADQNyjz5FY1y5xd5w8U/OZ07pn2GWRP/NCERTE93VxnLSl1gNCezI
w+sUV1g8fffgP0CknP3L3xPlOFxNxCBtpS0v8ETQ=
Message-ID: <***@zonacitas.com>
Date: Mon, 27 Sep 2010 19:49:19 -0300
From: Pablo <***@zonacitas.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.9)
Gecko/20100921 Fedora/3.1.4-1.fc13 Thunderbird/3.1.4
MIME-Version: 1.0
To: ***@gmail.com
Subject: prueba de envio a gmail
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

esta es una prueba


I created the DNS records

dig alpha._domainkey.zonacitas.com TXT @ns1.indisa.com.ar

; <<>> DiG 9.7.1-P2-RedHat-9.7.1-2.P2.fc13 <<>>
alpha._domainkey.zonacitas.com TXT @ns1.indisa.com.ar
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24534
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;alpha._domainkey.zonacitas.com. IN TXT

;; ANSWER SECTION:
alpha._domainkey.zonacitas.com. 3600 IN TXT "v=DKIM1\; g=*\; k=rsa\;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF6Uo/VocM2tZyvk4c4l+bcTU05tSkUmiNaKWvCPR1pvjXKB1rXj7T8gHg2WVN8X3kOZYbhbDRCKzWoljGgpLXzohYcgN/faofFRncYWi1zyVhLwfR/abjPN1OPia6QyyTnBXxyET+oGWhnCdHk1hbLUia0zAK3uAmIg2EXhsVXQIDAQAB"

;; Query time: 1 msec
;; SERVER: 190.221.0.10#53(190.221.0.10)
;; WHEN: Mon Sep 27 20:11:13 2010
;; MSG SIZE rcvd: 300


Any ideas ?

Thanks, Pablo
Pablo Garcia Melga
2010-09-27 23:11:53 UTC
Permalink
Hi, I just configured my email server to Sign outgoing mail with
dkim-milter 2.83.
When I send a mail to gmail I get :

dkim=neutral (bad format) header.i=@zonacitas.com


this is my test email source:

Delivered-To: ***@gmail.com
Received: by 10.231.139.151 with SMTP id e23cs183650ibu;
Mon, 27 Sep 2010 15:49:22 -0700 (PDT)
Received: by 10.150.69.20 with SMTP id r20mr9930730yba.304.1285627762101;
Mon, 27 Sep 2010 15:49:22 -0700 (PDT)
Return-Path: <***@zonacitas.com>
Received: from mail05.dridco.com (mail05.dridco.com [190.221.0.26])
by mx.google.com with ESMTP id q21si12805497ybk.55.2010.09.27.15.49.20;
Mon, 27 Sep 2010 15:49:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of ***@zonacitas.com
designates 190.221.0.26 as permitted sender) client-ip=190.221.0.26;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
***@zonacitas.com designates 190.221.0.26 as permitted sender)
smtp.mail=***@zonacitas.com; dkim=neutral (bad format)
header.i=@zonacitas.com
Received: from pgarcia.deremate.bue (unknown [10.152.0.17])
by mail05.dridco.com (Postfix) with ESMTP id E1859194002
for <***@gmail.com>; Mon, 27 Sep 2010 19:49:19 -0300 (GMT+3)
X-DKIM: Sendmail DKIM Filter v2.8.3 mail05.dridco.com E1859194002
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=zonacitas.com; s=alpha;
t=1285627759; bh=cr0mRUeJkUDN5bf6L5umjQzQKc8=;
h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
Content-Transfer-Encoding;
b=vRKWUN8dkcIByLvJVqPomEs8RHq+e0dswSM3s5KiG7Q4CPO3hIaiKWLYLnHfvpxG3
phY14WkRMEE3GADQNyjz5FY1y5xd5w8U/OZ07pn2GWRP/NCERTE93VxnLSl1gNCezI
w+sUV1g8fffgP0CknP3L3xPlOFxNxCBtpS0v8ETQ=
Message-ID: <***@zonacitas.com>
Date: Mon, 27 Sep 2010 19:49:19 -0300
From: Pablo <***@zonacitas.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.9)
Gecko/20100921 Fedora/3.1.4-1.fc13 Thunderbird/3.1.4
MIME-Version: 1.0
To: ***@gmail.com
Subject: prueba de envio a gmail
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

esta es una prueba


I created the DNS records

dig alpha._domainkey.zonacitas.com TXT @ns1.indisa.com.ar

; <<>> DiG 9.7.1-P2-RedHat-9.7.1-2.P2.fc13 <<>>
alpha._domainkey.zonacitas.com TXT @ns1.indisa.com.ar
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24534
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;alpha._domainkey.zonacitas.com. IN TXT

;; ANSWER SECTION:
alpha._domainkey.zonacitas.com. 3600 IN TXT "v=DKIM1\; g=*\; k=rsa\;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF6Uo/VocM2tZyvk4c4l+bcTU05tSkUmiNaKWvCPR1pvjXKB1rXj7T8gHg2WVN8X3kOZYbhbDRCKzWoljGgpLXzohYcgN/faofFRncYWi1zyVhLwfR/abjPN1OPia6QyyTnBXxyET+oGWhnCdHk1hbLUia0zAK3uAmIg2EXhsVXQIDAQAB"

;; Query time: 1 msec
;; SERVER: 190.221.0.10#53(190.221.0.10)
;; WHEN: Mon Sep 27 20:11:13 2010
;; MSG SIZE rcvd: 300


Any ideas ?

Thanks, Pablo
Mark Martinec
2010-09-28 12:42:37 UTC
Permalink
Post by Pablo Garcia Melga
Hi, I just configured my email server to Sign outgoing mail with
dkim-milter 2.83.
I don't see anything wrong with it (after fixing the wrapped
Received-SPF, Authentication-Results and User-Agent, which
I assume happened on composing the message). Both the
opendkim and the Mail::DKIM consider the signature
in the message (along with the key) to be valid.

Try mailing me some signed test message directly.

Mark
Mark Martinec
2010-09-28 14:27:08 UTC
Permalink
Post by Mark Martinec
Try mailing me some signed test message directly.
Authentication-Results: mail.ijs.si; dkim=pass (1024-bit key)
Authentication-Results: mail.ijs.si (amavisd-new); dkim=pass
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;
d=zonacitas.com; s=alpha; ...
Thanks Mark !!!
This one is fine too, with both dkim verifiers.
I wonder what is it that gmail does not like.

Mark
Pablo Garcia Melga
2010-09-28 14:30:21 UTC
Permalink
I've changed the canonicalization to relaxed and started working,
dunno what would be the effect of this change.
Post by Mark Martinec
Post by Mark Martinec
Try mailing me some signed test message directly.
Authentication-Results: mail.ijs.si; dkim=pass (1024-bit key)
Authentication-Results: mail.ijs.si (amavisd-new); dkim=pass
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;
  d=zonacitas.com; s=alpha; ...
Thanks Mark !!!
This one is fine too, with both dkim verifiers.
I wonder what is it that gmail does not like.
 Mark
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
dkim-milter-discuss mailing list
https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
Mark Martinec
2010-09-28 14:43:46 UTC
Permalink
Post by Pablo Garcia Melga
I've changed the canonicalization to relaxed and started working,
dunno what would be the effect of this change.
Post by Pablo Garcia Melga
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;
Good to know. My choice would be the c=simple/relaxed .
There is hardly any benefit from a 'relaxed' body canonicalization
in my experience, but a 'relaxed' for a header can be useful.

Mark

Loading...