LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 05-15-2009, 01:16 PM   #1
ethic
LQ Newbie
 
Registered: May 2009
Posts: 1

Rep: Reputation: 0
Sendmail - dkim-filter problem. Test : fail (signature doesn' verify)


I am using sendmail as my MTA and dkim-filter to sign my mails with DKIM, I already able to sign the messages, that means that at least dkim-filter seems to be working but the problem is that when I run the test (sending mails to test emails) I keep getting errors.
What I did:
(My mail server ethic.sempresariales.com)

1. Create my keys private/publilc, rename them and move it to the appropiate directory
openssl genrsa -out rsa.private 1024
openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM
mv rsa.private mails.key.pem
mv mails.key.pem /var/db/dkim
(selector name "mails")

2. Add public key to a TXT record in the DNS
mails._domainkey IN TXT
"v=DKIM1; g=*; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCGIRExnR3vbXjaOGnIpsYO+IeSP/WGmdAuplJsiNC/NbOHOh+06mKFuSUP0ZYCRUuJjLwtqD36trhFajHxeVDIDDyfHFMsQmkGfOqEXE3Owm4SomIt2la8K+/v06zRidecNIAkEffERqD32QxPI9iOnufRBRdvNV9dNDDcKvltQIDAQAB"

3.
dkim-filter -s s -k /var/db/dkim/s.key.pem -p inet:8892@localhost -d sempresariales.com -D

I added the -D option becausse I noticed that if I didn't the message weren't signed because the FQDN of the mail server is ethic.sempresariales.com once I did it the messages were signed.

4.
Add this line to the sendmail.mc and do "make"
INPUT_MAIL_FILTER(`dkim-filter', `S=inet:8892@localhost')

5. Restar sendmail
service sendmail restart

6. Finally send an email to see if my mails were being signed, and it actually did but my happiness didn't last because once I did the test to sa-test@sendmail.net and check-auth@verifier.port25.com I got a failed test. Here is an example of what I got from port25.com

-------------------------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: fail (signature doesn't verify)
ID(s) verified:
Canonicalized Headers:
Date:'20'Thu,'20'14'20'May'20'2009'20'17:24:46'20'-0500'0D''0A'
From:'20'Alfredo'20'Osorio'20'<ethic@sempresariales.com>'0D''0A'
Message-Id:'20'<200905142224.n4EMOkR9006100@ethic.sempresariales.com>'0D''0A'
To:'20'check-auth@verifier.port25.com'0D''0A'
Subject:'20'sd'0D''0A'
DKIM-Signature:'20'v=1;'20'a=rsa-sha256;'20'c=simple/simple;'20'd=sempresariales.com;'0D''0A'
'09's=mails;'20't=1242339887;'20'i=@sempresariales.com;'0D''0A'
'09'bh=GFCzb5dKQEn9tG2PMLRwQeSoJQ5tLnk22PLwiDUXtSg=;'0D''0A'
'09'h=Date:From:Message-Id:To:Subject;'0D''0A'
'09'b=

Canonicalized Body:
sd'0D''0A'


DNS record(s):
mails._domainkey.sempresariales.com. 3600 IN TXT "v=DKIM1; g=*; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCGIRExnR3vbXjaOGnIpsYO+IeSP/WGmdAuplJsiNC/NbOHOh+06mKFuSUP0ZYCRUuJjLwtqD36trhFajHxeVDIDDyfHFMsQmkGfOqEXE3Owm4SomIt2la8K+/v06zRidecNIAkEffERqD32QxPI9iOnufRBRdvNV9dNDDcKvltQIDAQAB"

NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions. If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM.
-------------------------------------------------------------------------
As you can see it says "fail (signature doesn't verify)", and I've been checking that my public key in the DNS is not misspelled or anything (spaces, etc) and actually it appears to be fine.

mails._domainkey.sempresariales.com text = "v=DKIM1\; g=*\; k=rsa\; t=y\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCGIRExnR3vbXjaOGnIpsYO+IeSP/WGmdAuplJsiNC/NbOHOh+06mKFuSUP0ZYCRUuJjLwtqD36trhFajHxeVDIDDyfHFMsQmkGfOqEXE3Owm4SomIt2la8K+/v06zRidecNIAkEffERqD32QxPI9iOnufRBRdvNV9dNDDcKvltQIDAQAB"

I don't know what else to do, so please help me out,

Thank You in advance

Alfredo
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to verify signature ? visu Linux - Newbie 5 05-07-2009 05:25 PM
LXer: Quick And Easy Setup For DomainKeys Using Ubuntu, Postfix And Dkim-Filter LXer Syndicated Linux News 0 01-07-2009 11:50 PM
What is the difference between dkim-milter and dk-filter? tomdkat Linux - Server 2 11-13-2008 09:39 AM
Using Kgpg, how to verify signature gljubuncic Linux - Software 2 05-14-2005 01:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 09:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration