[pfx] Re: Incoming OpenDKIM signature verification failing

Fri, 09 May 2025 14:01:15 -0700 

On 5/9/25 16:23, Ken Biggs via Postfix-users wrote:

Hi Matus,

I commented out policyd-spf and still am getting DKIM failure from google.com 
<http://google.com/>.  Here are maillog entries from a gmail test:

May  9 15:11:36 xxxxxxx postfix/smtpd[815073]: connect from 
mail-qk1-f169.google.com[209.85.222.169]
May  9 15:11:36 xxxxxxx postfix/smtpd[815073]: Anonymous TLS connection 
established from mail-qk1-f169.google.com[209.85.222.169]: TLSv1.3 with cipher 
TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature 
ECDSA (P-384) server-digest SHA384
May  9 15:11:37 xxxxxxx postfix/smtpd[815073]: 1CD1B200DF: 
client=mail-qk1-f169.google.com[209.85.222.169]
May  9 15:11:37 xxxxxxx postfix/cleanup[815088]: 1CD1B200DF: 
message-id=<xxx...@mail.gmail.com>
May  9 15:11:37 xxxxxxx opendkim[671562]: 1CD1B200DF: mail-qk1-f169.google.com 
[209.85.222.169] not internal
May  9 15:11:37 xxxxxxx opendkim[671562]: 1CD1B200DF: not authenticated
May  9 15:11:37 xxxxxxx opendkim[671562]: 1CD1B200DF: signature=XXXXXXX domain=gmail.com 
selector=20230601 result="signature verification failed"
May  9 15:11:37 xxxxxxx opendkim[671562]: 1CD1B200DF: bad signature data
May  9 15:11:37 xxxxxxx opendmarc[754]: 1CD1B200DF: gmail.com fail
May  9 15:11:37 xxxxxxx spamd[680444]: spamd: connection from ::1 [::1]:41032 
to port 783, fd 5
May  9 15:11:37 xxxxxxx spamd[680444]: spamd: setuid to sa-milt succeeded
May  9 15:11:37 xxxxxxx spamd[680444]: spamd: processing message 
<xxx...@mail.gmail.com> for sa-milt:988
May  9 15:11:37 xxxxxxx spamd[680444]: spamd: clean message (1.5/5.0) for 
sa-milt:988 in 0.2 seconds, 3643 bytes.
May  9 15:11:37 xxxxxxx spamd[680444]: spamd: result: . 1 - 
DKIM_ADSP_CUSTOM_MED,DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,NML_ADSP_CUSTOM_MED,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED,SPF_HELO_NONE,SPF_PASS
 
scantime=0.2,size=3643,user=sa-milt,uid=988,required_score=5.0,rhost=::1,raddr=::1,rport=41032,mid=<xxx...@mail.gmail.com>,autolearn=no
 autolearn_force=no




Suggestion:
Consider replacing policyd-spf, opendkim, AND opendmarc with rspamd. It does all of those jobs, does them *better*, and is actively maintained. 



--
  Phil Stracchino
  Fenian House Publishing
  ph...@caerllewys.net
  p...@co.ordinate.org
  Landline: +1.603.293.8485
  Mobile:   +1.603.998.6958
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to