Thank you Doug,
I fixed the name so the unsupported character "_" is not used.
Please review my latest test, as I have a question.
Is there anything in the DKIM config files I can change to get rid of this
message ?
Authentication-Results: verifier.port25.com; dkim=pass (signature verifies;
identity doesn't match any headers) header.d=mta4.uits.uconn.edu
Am I supposed to get the headers to match ?
RAW DATA BELOW:
Thank you for using the verifier,
The Port25 Solutions, Inc. team
==========================================================
Summary of Results
==========================================================
SPF check: neutral
DomainKeys check: neutral
DKIM check: pass
SpamAssassin check: ham
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: pass (signature verifies; identity doesn't match any headers)
ID(s) verified: header.d=mta4.uits.uconn.edu
Canonicalized Headers:
to:check-a...@verifier.port25.com'0D''0A'
from:"Fazzina,'20'Angelo"'20'<alf02...@appmail.uconn.edu>'0D''0A'
date:Wed,'20'29'20'Mar'20'2017'20'15:29:26'20'-0400'0D''0A'
dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/simple;'20'd=mta4.uits.uconn.edu;'20's=dkim1;'20't=1490815766;'20'bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=;'20'h=To:From:Date:From;'20'b=
Canonicalized Body:
'0D''0A'
DNS record(s):
dkim1._domainkey.mta4.uits.uconn.edu. 60 IN TXT "v=DKIM1; k=rsa;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/YIuJIABa9M7Ox5AXs6CP6z26d/i9JDrHW58YU/OzfsEr6yADboIOydCaiiVaNuwtkbxcatzd6/iutxWbAiY51rRAvVdBs2YIoGO6Glzeev66ft8I
fMnHgxND438KIsdOjUmJZuglFJUWGzCYDSC1eq/zqDVncFwTxWkKW/qtxQIDAQAB"
Public key used for verification: dkim1._domainkey.mta4.uits.uconn.edu (1024
bits)
NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.
==========================================================
Original Email
==========================================================
Return-Path: <alf02...@appmail.uconn.edu>
Received: from mta4.uits.uconn.edu (137.99.25.243) by verifier.port25.com id
hrg5hc20i3g1 for <check-a...@verifier.port25.com>; Wed, 29 Mar 2017 15:29:26
-0400 (envelope-from <alf02...@appmail.uconn.edu>)
Authentication-Results: verifier.port25.com; spf=neutral (SPF-Result: None)
smtp.mailfrom=alf02...@appmail.uconn.edu
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not
signed) header.From=alf02...@appmail.uconn.edu
Authentication-Results: verifier.port25.com; dkim=pass (signature verifies;
identity doesn't match any headers) header.d=mta4.uits.uconn.edu
Received: from [137.99.80.129] (angelo.uits.uconn.edu [137.99.80.129])
by mta4.uits.uconn.edu (Postfix) with ESMTPSA id 3583C16F
for <check-a...@verifier.port25.com>; Wed, 29 Mar 2017 15:29:26
-0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mta4.uits.uconn.edu 3583C16F
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mta4.uits.uconn.edu;
s=dkim1; t=1490815766;
bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=;
h=To:From:Date:From;
b=t9zhBtRbQBNOIsdN1oa5DS51oRGWuczFcpqP+DjgZ8/ezzZk+8VvbHwITT5sGVVHj
CqbJSALLhbkUszq7XjYzV9Ro9A3EzudgNImg5PWL74sbPYdUg4BNiCce8UCqAb2xsh
nRXMvBq1QINwxp+oCOyi6Y4jE7E91NzYdk5v5SiI=
To: check-a...@verifier.port25.com
From: "Fazzina, Angelo" <alf02...@appmail.uconn.edu>
Message-ID: <64191897-59d3-6210-f79d-e88b755db...@appmail.uconn.edu>
Date: Wed, 29 Mar 2017 15:29:26 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
Thunderbird/45.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
-Angelo Fazzina
Operating Systems Programmer / Analyst
University of Connecticut, UITS, SSG, Server Systems
860-486-9075
-----Original Message-----
From: Doug [mailto:domain_name_t...@yahoo.com]
Sent: Friday, March 17, 2017 1:52 AM
To: postfix-users@postfix.org; Fazzina, Angelo <angelo.fazz...@uconn.edu>
Subject: Re: need little help with DKIM, if possible.
--------------------------------------------
On Thu, 3/16/17, Fazzina, Angelo
<angelo.fazz...@uconn.edu<mailto:angelo.fazz...@uconn.edu>> wrote:
Subject: need little help with DKIM, if possible.
To: "postfix-users@postfix.org<mailto:postfix-users@postfix.org>"
<postfix-users@postfix.org<mailto:postfix-users@postfix.org>>
Date: Thursday, March 16, 2017, 12:19 PM
Hi, I ran this.
opendkim-genkey -v -D /etc/opendkim/keys/uconn/ -d uconn.edu -s 2017_uconn_DKIM
which created the private key and selector name
[] That selector name is inappropriate. If you want to use something that long,
use dashes instead of underscores. But there is no reason to use something that
complicated. I just use 'dkim' for mine.
I am learning by reverse engineering
[] Don't do that. :) Different sites have different needs, and you really
don't need anything as complex as Google's.
This is a pretty good tutorial for a single domain:
https://help.ubuntu.com/community/Postfix/DKIM
Obviously you can ignore the Ubuntu-specific parts if you're not using Ubuntu.
Also, I would not use autorestart, see the man page for why. If you are setting
up multiple domains the configuration is slightly more complex, but still not
that difficult.
In regards to your DNS question, assuming you pick 'dkim' for your selector,
and your domain is 'uconn.edu' you would want to put the following record in
the uconn.edu zone file:
dkim._domainkey TXT ( "v=DKIM1; k=rsa; t=y;"
"p=<key stuff goes here>;" )
When you're done testing you can remove t=y; from the above example.
hope this helps,
Doug
