From: Greg N. <gpn...@eo...> - 2007-03-15 14:18:29
|
> >Can you disable the other filters and test with dk-filter only? Sure thing. See below. >If sendmail.net is seeing an older DNS record, that would cause DK >verification to fail. It's better to change selector records when >you generate a new key to avoid such an issue. Yeah, it was seeing one from when I turned off test mode, but that ended up not being the issue. The key itself was still the same. >There was a change in the dk-milter version running on sendmail.net. Yeah, this would certainly be the cause of my headaches, but it seems every other DK test out there fails it as well. So it's either something wrong from the getgo, or something new. >Send an email to aut...@dk.... You should get a >reply which includes the DNS records seen by the >autoresponder. Please verify whether the selector record is correct >(i.e. your public key in DNS). I ran the test against the new autoresponder you gave, and verified the DNS record as well as disabling all of my milters. The response the new responder gave was: ------- DKIM Test: pass (1024-bit key) DomainKeys Test: fail DomainKeys Policy: "o=~" DKIM Sender Signing Policy: query failed DomainKeys Selector: vixen "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSVzV7F/BK1vc9kuCtc9b8v5HdZRMJ+psf8yyVoJ+q4eEV2KlHUENLQTi3AO/jI4NO7IgUPVububWabofjhC7d0d4wI6ISI4I71K/Zu1Wuz4ucXvu4Refs6zwGhrkgDAqXCbxG3B0E0rU287yc/e99JseOZg4eR6MjoT2aw2BVPwIDAQAB" ------- This record does indeed match my TXT record published in the DNS. The outgoing e-mail was signed, and the headers are relatively mimimal. Typical ones towards the bottom, followed by the DomainKeys signature, and finally the sendmail received from lines, before it's validated by the autoresponder. Since this key was generated by the DKIM gentxt.csh file (the only difference was a 1024 vs 512 bit key it seemed), would it make more sense to have different selector records for DK and DKIM? I noticed sendmail.net and others all seem to be using the same key, so I'm seriously doubting it. Any more random pointers? - Greg |