Re: [mailop] Google Rejecting Mails as Spam

Mon, 28 Oct 2024 01:10:43 -0700 

On Mon, Oct 28, 2024 at 07:48:42AM +0000, Pete Long wrote:

> > On 28 Oct 2024, at 05:32, Viktor Dukhovni via mailop <mailop@mailop.org> 
> > wrote:
> > 
> > Mind you, why is there a trailing "#" at the end of the "p=" value,
> > that's not a valid Base64 character, and is not expected here.  The
> > correct encoding is without the trailing "#":
> > 
> >    "v=DKIM1; k=rsa; 
> > p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWeIDz1pdmR1f4ZIs2SOOoXkMaYu0iOnHzPoJpZ2xwvT8uFLauG6IfkIEtZwFJ/t9R2qq6fdrn9YT3GhkEgWOM6o6dFpfxqqtQXtwaExHGIIf7EPG2m2WM+LZpkBRjl60FpE4BKwrGbaxdBJ3i1XYiGaNElFcRkvdj+pWxPd6/AL9O3a5IxdXuoQ7qaC0St20"
> >  
> > "TYXjTdQx0dlAp3HU4MLletOBei6YzlfDYwvKtDbiavP6i3MwVI3qfxOs1UqvVXiKcrrdGzM44YqGnpGkstAhkDO/5XRUVES/anCqyjCyfhfoHjfVeo35ThxP99D2aZ+vVVoRtqR8D2xWIGA1PpcAQIDAQAB"
> 
> Thanks Viktor. I ran these commands I found in search result to generate a 
> new DKIM key pair yesterday and the public key does end up with a hash symbol:
> 
> 
> # openssl genrsa -out valar_dkim_private.pem 2048
> 
> # openssl ec -in valar_dkim_private.pem -pubout -outform der | openssl base64 
> -A

1. The key is an RSA key, the fact that "openssl ec" can also read it,
   is a happy coincidence, you should use "openssl pkey" instead.

2. That "#" was not part of the output, it was rather your "root" shell
   *prompt*, because "openssl base64 -A" output is not newline terminated.

    [root@amnesiac etc]# openssl ec -in 
/etc/letsencrypt/live/amnesiac/combo.pem -pubout -outform DER | openssl base64 
-A
    read EC key
    writing EC key
    
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOvsZJddqraZBmgTjXb/MQZ3+jDQqJGOkPrVd32tDKNdICPuuccjXuQ/YM1u5i2EFo4Dq1ups844Fi1rgo8iqywjGX0wV5UQgP7UUOXF48B43IYxh6pGyJU/SozrIVjzO8TJHaRTzA55rjyS06yfbzRdtniSKSdwpxROJu12qoHqJ3k3aDwgThGKMMP/k8nuJKQpKkS/QMIevcv3HcbygRYUc6iICRC8lVZiF4zbVc4UsHDQaVSEIF63NXSRjRzAPZW+QcBu1DRs6yV9/clFnObmngfdKCJwNH2AjUNvJoiAgYwCldxvPo/uwd+VoLhYeBW/R2fHtAciPsoEXj8B9wIDAQAB[root@amnesiac
 etc]#

More robust (the "bash" shell has a "printf" built-in, you can use (echo 
"$b64") instead.

    # b64=$(openssl pkey -in /etc/letsencrypt/live/mx1.imrryr.org/combo.pem  
-pubout -outform DER | openssl base64 -A)
    # printf "%s\n" "$b64"
    
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOvsZJddqraZBmgTjXb/MQZ3+jDQqJGOkPrVd32tDKNdICPuuccjXuQ/YM1u5i2EFo4Dq1ups844Fi1rgo8iqywjGX0wV5UQgP7UUOXF48B43IYxh6pGyJU/SozrIVjzO8TJHaRTzA55rjyS06yfbzRdtniSKSdwpxROJu12qoHqJ3k3aDwgThGKMMP/k8nuJKQpKkS/QMIevcv3HcbygRYUc6iICRC8lVZiF4zbVc4UsHDQaVSEIF63NXSRjRzAPZW+QcBu1DRs6yV9/clFnObmngfdKCJwNH2AjUNvJoiAgYwCldxvPo/uwd+VoLhYeBW/R2fHtAciPsoEXj8B9wIDAQAB

-- 
    Viktor.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Reply via email to