DKIM: "message may have been tampered with or corrupted"

marciano · 05-03-2013, 03:34 PM

Hello,

I've implemented DKIM in a couple domains I host following a very good tutorial: http://stevejenkins.com/blog/2011/08...centos-fedora/

I need your help on what to look for because a fail alert "message may have been tampered with or corrupted".
I don't know what is tampering sent mails. I use Postfix.
Here is the answer from a testing DKIM service.
Sending mail to sa-test@sendmail.net I got a reply I attached here. Same as the dkim tool in brandonchecketts.com

Thank you in advance,
M

unSpawn · 05-05-2013, 05:56 AM

Just to make sure:
- Do you have an actual domain name that you are responsible for?
- Did you replace your actual domain name with "example.com"? (Because you can't use that for real as it's not owned by you.)
- What does 'grep -i dkim /var/log/mail.{log,warn,err}' show?
- Did you try uncommenting the LogWhy option in your /etc/opendkim.conf file and setting it to Yes?

marciano · 05-05-2013, 09:19 AM

Hello unSpawn, thanks for your help.

Quote:

- Do you have an actual domain name that you are responsible for?

Yes.

Quote:

- Did you replace your actual domain name with "example.com"? (Because you can't use that for real as it's not owned by you.)

Yes, of course. In the samples I replaced the domain name by example.com

Quote:

- What does 'grep -i dkim /var/log/mail.{log,warn,err}' show?

Quote:

/var/log/maillog:May 5 05:21:44 hostname opendkim[4932]: D929E60D8DD8: DKIM verification successful
/var/log/maillog:May 5 05:21:44 hostname opendkim[4932]: D929E60D8DD8: s=private d=care2.com SSL
/var/log/maillog:May 5 07:18:58 hostname opendkim[4932]: 80A7960D9078: DKIM-Signature header added (s=default, d=example.com)
/var/log/maillog:May 5 08:48:15 hostname opendkim[4932]: DDF9C60D878C: DKIM verification successful
/var/log/maillog:May 5 08:48:16 hostname opendkim[4932]: DDF9C60D878C: s=dkim-201303 d=twitter.com SSL
/var/log/maillog:May 5 09:52:12 hostname opendkim[4932]: 2681B60D896C: DKIM verification successful
/var/log/maillog:May 5 09:52:12 hostname opendkim[4932]: 2681B60D896C: s=proddkim1024 d=linkedin.com SSL
(no .warn .err file)

Quote:

- Did you try uncommenting the LogWhy option in your /etc/opendkim.conf file and setting it to Yes?

I just turned it on, restarted opendkim and

Quote:

/var/log/maillog:May 5 10:59:50 hostname opendkim[4932]: 54E1C60D8C67: DKIM-Signature header added (s=default, d=example.com)
/var/log/maillog:May 5 10:59:56 hostname opendkim[4932]: 1591060D8C6C: DKIM verification successful
/var/log/maillog:May 5 10:59:56 hostname opendkim[4932]: 1591060D8C6C: s=verifier201208 d=port25.com SSL
/var/log/maillog:May 5 11:06:06 hostname opendkim[4932]: OpenDKIM Filter: mi_stop=1
/var/log/maillog:May 5 11:06:06 hostname opendkim[4932]: OpenDKIM Filter v2.8.2 terminating with status 0, errno = 0
/var/log/maillog:May 5 11:06:06 hostname opendkim[20144]: OpenDKIM Filter v2.8.2 starting (args: -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid)
/var/log/maillog:May 5 11:07:13 hostname opendkim[20144]: 2D84260D8F0B: DKIM-Signature header added (s=default, d=example.com)
/var/log/maillog:May 5 11:07:19 hostname opendkim[20144]: (unknown-jobid): bane.privatedns.com [70.38.127.73] not internal
/var/log/maillog:May 5 11:07:19 hostname opendkim[20144]: (unknown-jobid): not authenticated
/var/log/maillog:May 5 11:07:19 hostname opendkim[20144]: 491E660D8F13: DKIM verification successful
/var/log/maillog:May 5 11:07:19 hostname opendkim[20144]: 491E660D8F13: s=verifier201208 d=port25.com SSL

I am in iWeb dedicated server.
M

unSpawn · 05-05-2013, 10:56 AM

As you've enabled "LogWhy" could you please try running the verification test again?

marciano · 05-05-2013, 11:46 AM

Here it is. I use port 995 to send mails from client.
Thank you.

PS: I have KeyTable enabled
refile:/etc/opendkim/KeyTable
and SigningTable is in use
refile:/etc/opendkim/SigningTable

/etc/opendkim/keys contains domain folders with the keys generated for them

unSpawn · 05-09-2013, 04:34 AM

Shame there wasn't any more 'grep -i dkim /var/log/mail.{log,warn,err}' added, all that can be seen is "dkim=fail (signature doesn't verify)". Maybe start with verifying locally first, see 'man opendkim-testkey'?

marciano · 05-09-2013, 02:51 PM

Hello unSpawn,

opendkim-testkey does not display anything, I guess it is OK.
I still am getting this response from sa-test@sendmail.net

Authentication System: DomainKeys Identified Mail (DKIM)
Result: DKIM signature confirmed BAD
Description: Signature verification failed, message may have been tampered with or corrupted
Reporting host: services.sendmail.com

May 9 16:29:50 hostname opendkim[20144]: 7A69460D8BEF: DKIM-Signature header added (s=default, d=mydomain.com)
May 9 16:30:03 hostname opendkim[20144]: 7F6D460D8C07: DKIM verification successful
May 9 16:30:03 hostname opendkim[20144]: 7F6D460D8C07: s=gatsby d=sendmail.net SSL

I don't know how to get what is tampering outgoing messages.
I also have tried the same from other domain I host.
Would it be useful to post my postfix configuration?
Thank you
M

marciano · 05-09-2013, 03:42 PM

Shame on me. There was a slight error on KeysTable lines.
Thanks and sorry,
M

unSpawn · 05-09-2013, 06:56 PM

Quote:

Originally Posted by marciano

Shame on me. There was a slight error on KeysTable lines.
Thanks and sorry,

NP and thanks for the feedback. So what exactly was the error? Just curious.

marciano · 05-09-2013, 07:48 PM

NP
Each line like
default._domainkey.mydomain.com mydomain.com:default:/etc/opendkim/keys/default.private
instead of
default._domainkey.mydomain.com mydomain.com:default:/etc/opendkim/keys/mydomain.com/default
There is a file /etc/opendkim/keys/default.private (; ----- DKIM key default for com) that's why I guess that error instead of something missing
Cheers!