From: John V. <sod...@gm...> - 2006-11-29 20:19:31
|
I setup dkim-milter on my system and I was always getting a verification failure on the emails I sent to the testers (sa...@se... and aut...@dk...) But then one message mentioned something about putting in a ';' (semicolon) after the p= line in my DNS entry. Once I did that then my test email to sa...@se... and aut...@dk... worked for the DKIM portion. So I'm curious, should gentxt.csh be changed to put in a semicolon at the end or is the bug somewhere else? Or am I mis-interpreting my results? Thanks, John |
From: SM <sm...@re...> - 2006-11-29 20:32:21
|
At 12:19 29-11-2006, John Villalovos wrote: >I setup dkim-milter on my system and I was always getting a >verification failure on the emails I sent to the testers >(sa...@se... and aut...@dk...) > >But then one message mentioned something about putting in a ';' >(semicolon) after the p= line in my DNS entry. Can we see your DNS entry? Regards, -sm |
From: John V. <sod...@gm...> - 2006-11-29 20:42:41
|
On 11/29/06, SM <sm...@re...> wrote: > At 12:19 29-11-2006, John Villalovos wrote: > >I setup dkim-milter on my system and I was always getting a > >verification failure on the emails I sent to the testers > >(sa...@se... and aut...@dk...) > > > >But then one message mentioned something about putting in a ';' > >(semicolon) after the p= line in my DNS entry. > > Can we see your DNS entry? []# dig txt dkim._domainkey.sodarock.com <snip> ;; ANSWER SECTION: dkim._domainkey.sodarock.com. 43200 IN TXT "v=DKIM1\; k=rsa\; t=y\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGuS8YNO69BrChRu09HFV/Lo6wS40zZxWgqS7xlaqUQLTLQWMAWY9G2CNUwKvGHItPPgsai4fPCifW4NP19xox+yTjst6WSd1ghRMfa+64xZhbx7BxBA7zuSAm06ccdIiUtP8okZr9xyC1hPfcrm8KPALp2nuHkBn0M8PMDPALjwIDAQAB\;" |
From: SM <sm...@re...> - 2006-11-29 21:01:01
|
At 12:42 29-11-2006, John Villalovos wrote: >;; ANSWER SECTION: >dkim._domainkey.sodarock.com. 43200 IN TXT "v=DKIM1\; k=rsa\; >t=y\; >p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGuS8YNO69BrChRu09HFV/Lo6wS40zZxWgqS7xlaqUQLTLQWMAWY9G2CNUwKvGHItPPgsai4fPCifW4NP19xox+yTjst6WSd1ghRMfa+64xZhbx7BxBA7zuSAm06ccdIiUtP8okZr9xyC1hPfcrm8KPALp2nuHkBn0M8PMDPALjwIDAQAB\;" The semi-colon is not required at the end. This is what I get when I do a lookup for your DNS record: ;; ANSWER SECTION: dkim._domainkey.sodarock.com. 4030 IN TXT "v=DKIM1\; k=rsa\; t=y\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGuS8YNO69BrChRu09HFV/Lo6wS40zZxWgqS7xlaqUQLTLQWMAWY9G2CNUwKvGHItPPgsai4fPCifW4NP19xox+yTjst6WSd1ghRMfa+64xZhbx7BxBA7zuSAm06ccdIiUtP8okZr9xyC1hPfcrm8KPALp2nuHkBn0M8PMDPALjwIDAQAB" Regards, -sm |
From: John V. <sod...@gm...> - 2006-11-29 21:49:49
|
On 11/29/06, SM <sm...@re...> wrote: > At 12:42 29-11-2006, John Villalovos wrote: > >;; ANSWER SECTION: > >dkim._domainkey.sodarock.com. 43200 IN TXT "v=DKIM1\; k=rsa\; > >t=y\; > >p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGuS8YNO69BrChRu09HFV/Lo6wS40zZxWgqS7xlaqUQLTLQWMAWY9G2CNUwKvGHItPPgsai4fPCifW4NP19xox+yTjst6WSd1ghRMfa+64xZhbx7BxBA7zuSAm06ccdIiUtP8okZr9xyC1hPfcrm8KPALp2nuHkBn0M8PMDPALjwIDAQAB\;" > > The semi-colon is not required at the end. Well before I put the semi-colon in at the end, the verification would fail. That was the only thing I changed at the time. So that is why I suspected the semi-colon. I'll leave it in for now since it is working. > This is what I get when I do a lookup for your DNS record: > > ;; ANSWER SECTION: > dkim._domainkey.sodarock.com. 4030 IN TXT "v=DKIM1\; k=rsa\; > t=y\; > p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGuS8YNO69BrChRu09HFV/Lo6wS40zZxWgqS7xlaqUQLTLQWMAWY9G2CNUwKvGHItPPgsai4fPCifW4NP19xox+yTjst6WSd1ghRMfa+64xZhbx7BxBA7zuSAm06ccdIiUtP8okZr9xyC1hPfcrm8KPALp2nuHkBn0M8PMDPALjwIDAQAB" Strange that you don't see the semi-colon because it is in there and I just checked it from multiple locations. |
From: Murray S. K. <ms...@se...> - 2006-11-29 22:49:54
|
The semi-colon shouldn't be required. I don't have one in mine and it verifies fine in both directions. I'll see if I can reproduce your problem. |
From: SM <sm...@re...> - 2006-11-29 22:59:40
|
At 13:49 29-11-2006, John Villalovos wrote: >Strange that you don't see the semi-colon because it is in there and I >just checked it from multiple locations. I see your new DNS record now with a semi-colon at the end. The autoresponders may have got the old DNS record. Would you mind posting a message to this list if the DKIM verification fails when this new record is used? Regards, -sm |
From: John V. <sod...@gm...> - 2006-11-30 00:24:59
|
Well I just tested again without the semi-colon and everything seems to be working. So no idea what I changed to get it working for the DKIM signing. Thanks for the help. Now all I have to do is figure out the DK signing but that is the other mailing list :) Thanks, John |
From: Mark M. <Mar...@ij...> - 2006-11-30 00:47:26
|
John, > Well I just tested again without the semi-colon and everything seems > to be working. > So no idea what I changed to get it working for the DKIM signing. > Thanks for the help. Now all I have to do is figure out the DK > signing but that is the other mailing list :) Perhaps you were testing against sa...@se... during the time it was broken. They were experimenting with sendmail 8.14.0.Alpha1/8.14.0.Alpha1, which caused incorrect signatures in their returned mail. When reverted to 8.13.8/8.14.0.Alpha1 around November 21th it was back to normal (there may have been other breakage periods which I don't know about). Mark |