Am 07.11.2011 12:50, schrieb Josef Karliak: > Hi, > thanks for tips, I used "-i ilist file containing list of > internal (signing) hosts". > It is signing now, but signature fails on the verifier : > Nov 7 12:40:54 celer dkim-filter[4888]: 5CCC8C750A SSL > error:04077068:rsa routines:RSA_verify:bad signature > Nov 7 12:40:54 celer dkim-filter[4888]: 5CCC8C750A: bad signature data > > In the message header : > X-DKIM: Sendmail DKIM Filter v2.7.2 celer.ajetaci.cz 5CCC8C750A > Authentication-Results: celer.ajetaci.cz; dkim=hardfail > (verification failed) header.i=@fnhk.cz; dkim-adsp=fail > > Interesting is, that verifier in the way of this email accepted it > signing domain fnhk.cz (I don't wanna overwite domain before post it > here anymore :) : > X-DKIM: Sendmail DKIM Filter v2.7.2 antivir2.fnhk.cz 71EAF282B8 > Authentication-Results: antivir2.fnhk.cz; dkim=pass (1024-bit key) > header.i=@fnhk.cz; dkim-adsp=pass > > Maybe error in the adding some headers by server antivir2.fnhk.cz ? : > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fnhk.cz; s=mail; > t=1320665813; bh=FD+AeMxIothgfnBUmgiB3BMcpAHS75XIiHCbbzJzcPg=; > h=Subject:From:To:Content-Type:Date:Message-ID:Mime-Version: > Content-Transfer-Encoding; b=CRNC8R1tz/4LDsr6SwSAErYvN7y7Zfa2EK6pf > cwrtlfBBvYWRBCVr8n0doU2dAGdPVEq96q9Jf9cVf2o5deFLosOLxW/OnXuXhflWqzU > jao6Pjw/JU5473lDWxr2tk7BzPco6N80LsjvmY3cN+4dChWhUxlnEaGVUm51PlgvU08 > = > > Thanks a lot > J.K.
sorry no time to check that further keep safe that nothing does change the header, after dkim milter does ( i.e some x antivirus mail was added too etc) verifieres sometimes need long to give right answers, about failed and reconfigured dkim keys cause they use dns caching, so try a new verifier, post your problem dkim-milter list http://sourceforge.net/mail/?group_id=139420 > > Cituji Robert Schetterer <rob...@schetterer.org>: > >> Am 07.11.2011 10:56, schrieb Josef Karliak: >>> In the message header I've : >>> X-DKIM: Sendmail DKIM Filter v2.7.2 kostnew.ajetaci.cz 8840B239C3 >>> Authentication-Results: kostnew.ajetaci.cz; dkim=none (no signature) >>> header.i=unknown; dkim-adsp=fail >>> >>> And in the mail log: >>> Nov 7 10:48:37 kostnew dkim-filter[16623]: 8840B239C3 external host >>> [192.168.2.5] attempted to send as ajetaci.cz >>> >>> I've a few similar dkim installations that works (but on older >>> opensuses..). >>> >>> Maybe some small stupid misconfig, but where. It is all simple :-/ >>> >>> >>> thanks >>> J.K. >> >> >> sorry i am short in time perhaps this helps >> >> man dkim-filter.conf >> >> ExternalIgnoreList (string) >> Identifies a file of "external" hosts which may send mail >> through the server as one of the signing domains without credentials as >> such. Basically suppresses the >> "external host (hostname) tried to send mail as (domain)" >> log messages. Entries in the file should be of the same form as those >> of the PeerList option below. >> The list is empty by default. >> >>> >>> Cituji Robert Schetterer <rob...@schetterer.org>: >>> >>>> Am 07.11.2011 10:46, schrieb Robert Schetterer: >>>>> Am 07.11.2011 10:39, schrieb Josef Karliak: >>>>>> Good morning, >>>>>> I configured dkim-milter (2.7.2-x) to postfix (2.7.2-x) on opensuse >>>>>> 11.4 64-bit, generated keys (named "mail"). In the dkim-milter >>>>>> config I >>>>>> defined my options: >>>>>> DKIM_MODES="sv" >>>>>> DKIM_DOMAIN="ajetaci.cz" >>>>>> DKIM_SELECTOR="mail" >>>>>> DKIM_CANON="simple" >>>>>> DKIM_REJECTION="bad=a,dns=t,no=a,sec=t" >>>>>> DKIM_EXTRA_ARGS="-l -h -D" >>>>>> DKIM_SIGNALG="rsa-sha256" >>>>>> >>>>>> and in the main.cf I've : >>>>>> milter_protocol = 2 >>>>>> smtpd_milters = inet:localhost:8891 >>>>>> non_smtpd_milters = inet:localhost:8891 >>>>>> milter_default_action = accept >>>>>> >>>>>> I tried this over unix socket too. >>>>>> >>>>>> Where is an error ? Any kicks to the right way ? :-/ >>>>>> Thanks and best regards >>>>>> J.K. >>>>>> >>>>>> >>>>> >>>>> perhaps this helps >>>>> >>>>> Mode (string) >>>>> Selects operating modes. The string is a >>>>> concatenation of >>>>> characters which indicate which mode(s) of operation are desired. >>>>> Valid >>>>> modes are s (signer) and v >>>>> (verifier). The default is sv except in test mode (see >>>>> the dkim-filter(8) man page) in which case the default is v. >>>>> >>>>> so configure your >>>>> >>>>> DKIM_MODES="sv" as you want it >>>> >>>> ups sorry, guess that was not what you asked for >>>> >>>> what exactly does not work >>>> do you have any logs? >>>> >>>> >>>> -- >>>> Best Regards >>>> >>>> MfG Robert Schetterer >>>> >>>> Germany/Munich/Bavaria >>>> >>> >>> >>> >> >> >> -- >> Best Regards >> >> MfG Robert Schetterer >> >> Germany/Munich/Bavaria >> > > > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
