Hi,thanks for tips, I used "-i ilist file containing list of internal (signing) hosts".
It is signing now, but signature fails on the verifier :Nov 7 12:40:54 celer dkim-filter[4888]: 5CCC8C750A SSL error:04077068:rsa routines:RSA_verify:bad signature
Nov 7 12:40:54 celer dkim-filter[4888]: 5CCC8C750A: bad signature data
In the message header : X-DKIM: Sendmail DKIM Filter v2.7.2 celer.ajetaci.cz 5CCC8C750A Authentication-Results: celer.ajetaci.cz; dkim=hardfail (verification failed) header.i=@fnhk.cz; dkim-adsp=failInteresting is, that verifier in the way of this email accepted it signing domain fnhk.cz (I don't wanna overwite domain before post it here anymore :) :
X-DKIM: Sendmail DKIM Filter v2.7.2 antivir2.fnhk.cz 71EAF282B8
Authentication-Results: antivir2.fnhk.cz; dkim=pass (1024-bit key)
header.i=@fnhk.cz; dkim-adsp=pass
Maybe error in the adding some headers by server antivir2.fnhk.cz ? :
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fnhk.cz; s=mail;
t=1320665813; bh=FD+AeMxIothgfnBUmgiB3BMcpAHS75XIiHCbbzJzcPg=;
h=Subject:From:To:Content-Type:Date:Message-ID:Mime-Version:
Content-Transfer-Encoding; b=CRNC8R1tz/4LDsr6SwSAErYvN7y7Zfa2EK6pf
cwrtlfBBvYWRBCVr8n0doU2dAGdPVEq96q9Jf9cVf2o5deFLosOLxW/OnXuXhflWqzU
jao6Pjw/JU5473lDWxr2tk7BzPco6N80LsjvmY3cN+4dChWhUxlnEaGVUm51PlgvU08
=
Thanks a lot
J.K.
Cituji Robert Schetterer <rob...@schetterer.org>:
Am 07.11.2011 10:56, schrieb Josef Karliak:In the message header I've : X-DKIM: Sendmail DKIM Filter v2.7.2 kostnew.ajetaci.cz 8840B239C3 Authentication-Results: kostnew.ajetaci.cz; dkim=none (no signature) header.i=unknown; dkim-adsp=fail And in the mail log: Nov 7 10:48:37 kostnew dkim-filter[16623]: 8840B239C3 external host [192.168.2.5] attempted to send as ajetaci.cz I've a few similar dkim installations that works (but on older opensuses..). Maybe some small stupid misconfig, but where. It is all simple :-/ thanks J.K.sorry i am short in time perhaps this helps man dkim-filter.conf ExternalIgnoreList (string) Identifies a file of "external" hosts which may send mail through the server as one of the signing domains without credentials as such. Basically suppresses the "external host (hostname) tried to send mail as (domain)" log messages. Entries in the file should be of the same form as those of the PeerList option below. The list is empty by default.Cituji Robert Schetterer <rob...@schetterer.org>:Am 07.11.2011 10:46, schrieb Robert Schetterer:Am 07.11.2011 10:39, schrieb Josef Karliak:Good morning, I configured dkim-milter (2.7.2-x) to postfix (2.7.2-x) on opensuse 11.4 64-bit, generated keys (named "mail"). In the dkim-milter config I defined my options: DKIM_MODES="sv" DKIM_DOMAIN="ajetaci.cz" DKIM_SELECTOR="mail" DKIM_CANON="simple" DKIM_REJECTION="bad=a,dns=t,no=a,sec=t" DKIM_EXTRA_ARGS="-l -h -D" DKIM_SIGNALG="rsa-sha256" and in the main.cf I've : milter_protocol = 2 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891 milter_default_action = accept I tried this over unix socket too. Where is an error ? Any kicks to the right way ? :-/ Thanks and best regards J.K.perhaps this helps Mode (string) Selects operating modes. The string is a concatenation of characters which indicate which mode(s) of operation are desired. Valid modes are s (signer) and v (verifier). The default is sv except in test mode (see the dkim-filter(8) man page) in which case the default is v. so configure your DKIM_MODES="sv" as you want itups sorry, guess that was not what you asked for what exactly does not work do you have any logs? -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria-- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
--Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you.
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
binPzrqOlCTG5.bin
Description: Veřejný PGP klíč
