題 DKIM簽名失敗 - DNS記錄查找不正確


我在帶有Postfix和opendkim的Linode上運行Ubuntu 12.04。

我測試時,我的DKIM簽名正在驗證/通過 http://www.brandonchecketts.com/emailtest.php 但是當我使用autorespond+dkim@dk.elandsys.com進行測試時失敗了。

問題與正確查找DNS記錄有關。 elandsys測試正在查找DNS記錄 不正確。我認為這是一個問題 我的 配置,我想知道如何解決它。

brandonchecketts.com上的測試查找DNS記錄 正確地 使用:
為list._domainkey.my_example.common構建DNS查詢

elandsys的測試查看了記錄 不正確 使用:
沒有_domainkey.list.my_example.com的DNS記錄

我的opendkim SigningTable包含以下條目:
*@list.my_example.com list._domainkey.my_example.common

我的opendkim KeyTable包含以下條目:
list._domainkey.my_example.com list.my_example.com:list:/etc/opendkim/list.private

我將在下面詳細介紹這兩個測試。第一個顯示DKIM正確驗證。第二個顯示了elandsys報告的問題。

brandonchecketts.com DKIM簽名 - 通行證

Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=my_example.com;
    s=list; t=1336xx239;
    bh=cS8QYxxxsPwl7ZB=;
    h=Subject:From:To:Date:List-Id;
    b=VYpXM...rBHWA+


Signature Information:
v= Version:         1
a= Algorithm:       rsa-sha256
c= Method:          relaxed/simple
d= Domain:          my_example.com
s= Selector:        list
q= Protocol:        
bh=                 aS8QYiOQ..sPwl8ZE+
h= Signed Headers:  Subject:From:To:Date:List-Id
b= Data:            VYpXM...rBHWA+
Public Key DNS Lookup

Building DNS Query for list._domainkey.my_example.com
Retrieved this publickey from DNS: v=DKIM1;k=rsa; t=y;  p=TIGfMA..AQAC
Validating Signature

result = pass

elandsys DKIM簽名 - 失敗

Date: Sat, 11 May 2012 11:45:05 -0700 (PDT)
Message-Id: <20120511xxx@mx.elandsys.com>
From: elandsys+-13368xxxx77@dk.elandsys.com
To: user@list.my_example.com
Subject: Auto-response from dk.elandsys.com
Sender: daemon@dk.elandsys.com
Auto-Submitted: auto-replied


This is an automatic response.  Replies to this message will not generate
an automatic response.
Do not reply to this message except for reporting a problem.

The results are as follows:

DKIM Signature validation: DKIM-Signature could not be verified
DomainKeys Signature validation: not available
DomainKeys Policy: no DNS record for _domainkey.list.my_example.com
DKIM Author Domain Signing Practices: no DNS record for _adsp._domainkey.list.my_example.com

ADSP is not required for DKIM signature validation.

Note: The authentication results are not available as there was no signature header or the signature could not be verified

這是一些版本信息:

opendkim -V
opendkim: OpenDKIM Filter v2.5.2
        Compiled with OpenSSL 1.0.1 14 Mar 2012
        SMFI_VERSION 0x1000001
        libmilter version 1.0.1
        Supported signing algorithms:
                rsa-sha1
                rsa-sha256
        Supported canonicalization algorithms:
                relaxed
                simple
        Active code options:
                USE_DB
                USE_LUA
                USE_UNBOUND
                _FFR_REPLACE_RULES
                _FFR_SELECTOR_HEADER
                _FFR_STATS
        libopendkim 2.5.2:

dpkg -s postfix
Package: postfix
Status: install ok installed
Priority: extra
Section: mail
Installed-Size: 3353
Maintainer: LaMont Jones <lamont@debian.org>
Architecture: amd64
Version: 2.9.1-4
Replaces: mail-transport-agent
Provides: default-mta, mail-transport-agent
Depends: libc6 (>= 2.14), libdb5.1, libsasl2-2, libsqlite3-0 (>= 3.5.9), libssl1.0.0 (>= 1.0.0), debconf (>= 0.5) | debconf-2.0, netbase, adduser (>= 3.48), dpkg (>= 1.8.3), lsb-base (>= 3.0-6), ssl-cert, cpio
Recommends: python
Suggests: procmail, postfix-mysql, postfix-pgsql, postfix-ldap, postfix-pcre, sasl2-bin, libsasl2-modules, dovecot-common, resolvconf, postfix-cdb, mail-reader, ufw
Conflicts: libnss-db (<< 2.2-3), mail-transport-agent, smail
Conffiles:
 /etc/init.d/postfix 4af3a2532cddca3e6d0bc5f7b4fc2f75
 /etc/insserv.conf.d/postfix 7fe2d086ff4822fc9fe13adab1090dce
 /etc/ppp/ip-up.d/postfix fccc53fc4eeeab46941ebcc95a71e766
 /etc/ppp/ip-down.d/postfix 52275dc23864f3bfca412c7558e28fe6
 /etc/network/if-up.d/postfix fccc53fc4eeeab46941ebcc95a71e766
 /etc/network/if-down.d/postfix 52275dc23864f3bfca412c7558e28fe6
 /etc/postfix/postfix-script 0d01860b2f0778cf41951c801f538b30
 /etc/postfix/post-install 4e9b37279a95246a5fe68afdbbbfd035
 /etc/postfix/postfix-files ad34dcc8c31d057f6f20268b0aa16f29
 /etc/rsyslog.d/postfix.conf d8a09827fff2a22311e4dd4a83e95c83
 /etc/ufw/applications.d/postfix 5c7e746dc9255e750b8f50460de11a32
 /etc/resolvconf/update-libc.d/postfix cfdfa512e14e80ab89cac7cc44b3a521
Description: High-performance mail transport agent
 Postfix is Wietse Venema's mail transport agent that started life as an
 alternative to the widely-used Sendmail program.  Postfix attempts to
 be fast, easy to administer, and secure, while at the same time being
 sendmail compatible enough to not upset existing users. Thus, the outside
 has a sendmail-ish flavor, but the inside is completely different.

3
2018-05-12 20:04


起源




答案:


我相信autorespond+dkim@dk.elandsys.com已經破產了。這似乎是個問題。除非它得到修復,否則就不要使用它。使用其他人。

我們的DKIM正在通過:

它唯一失敗的測試是:

  • 發送簽名的電子郵件至:autorespond+dkim@dk.elandsys.com

3
2018-05-13 03:02