#1 Selector is in error: Tag 'p': Error From openssl

v1.0.1
closed
Other (4)
5
2009-03-18
2009-01-19
Nick Nguyen
No

Hi,I installed dk-milter-1.0.1 yesterday and it seemed that everything is ok, but when I used DomainKey Selector Record tester at the following link: http://domainkeys.sourceforge.net/selectorcheck.html
I got this error:

This selector is in error: Tag 'p': Error From openssl: unable to load Public Key.

The server that I installed the package is 32 bit Centos 5.2 with openssl-0.9.8b.

The following steps were how I did when I installed the dk-milter-1.0.1:

#cd /usr/src/
#wget http://downloads.sourceforge.net/dk-milter/dk-milter-1.0.1.tar.gz
#tar xzf dk-milter-1.0.1.tar.gz
#cd dk-milter-1.0.1

#vim devtools/Site/site.config.m4

dnl Build options for dk-milter package
dnl ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

dnl Any options you set here are applied to all subdirectories of this
dnl build. Also, you may override or augment the defaults of any of the
dnl values described in devtools/README by setting your #preferred values
dnl in this file.

dnl Debug binary
dnl
dnl If you are encountering coredumps and want to be able to analyze them
dnl using something like "gdb", enable this next line by deleting the "dnl"
dnl at the front of it.
dnl define(`confOPTIMIZE', `-g')

dnl libar -- asynchronous resolver library
dnl
dnl If you want to use the asynchronous resolver library, enable this
dnl next line by deleting the "dnl" at the front of it.
dnl define(`bld_USE_ARLIB', `true')
define(`bld_USE_ARLIB', `true')
dnl
dnl libar normally uses res_init() or res_ninit() to load the contents
dnl of resolv.conf for its use. If neither of these work on your system
dnl in multi-threaded programs (e.g. OpenBSD 3.7 and later), then you
dnl may need to enable code that parses that file manually. This will
dnl also be required if you've got any IPv6 addresses in /etc/resolv.conf.
dnl In that case, enable this next line by deleting the "dnl" at the front
dnl of it.
dnl APPENDDEF(`conf_libar_ENVDEF', `-DAR_RES_MANUAL')
APPENDDEF(`conf_libar_ENVDEF', `-DAR_RES_MANUAL')
dnl POPAUTH -- POP-before-SMTP authentication
dnl
dnl If you use any POP-before-SMTP authentication, dk-filter can
dnl query that database to see if a client sending a message for signing
dnl is legitimate, enable this next line by deleting the "dnl" at the
dnl front of it.
dnl APPENDDEF(`conf_dk_filter_ENVDEF', `-DPOPAUTH ')
APPENDDEF(`conf_dk_filter_ENVDEF', `-DPOPAUTH ')

dnl BerkeleyDB -- Berkeley DB ("Sleepycat") database
dnl
dnl POPAUTH needs the Berkeley DB library.
dnl
dnl Sometimes this is built into your libc, but perhaps not, or perhaps
dnl you have a newer version that you want to use. If that's the case,
dnl edit the following lines as needed and enable the ones that apply
dnl by deleting "dnl" from the front of them:
dnl APPENDDEF(`confINCDIRS', `-I/usr/local/BerkeleyDB/include ')
dnl APPENDDEF(`confLIBDIRS', `-L/usr/local/BerkeleyDB/lib ')
dnl APPENDDEF(`confLIBS', `-ldb ')

dnl OpenSSL -- cryptography library
dnl
dnl DK requires several algorithms provided by this library. If necessary,
dnl enable these lines by deleting "dnl" from the front of them and edit
dnl paths as needed.
dnl APPENDDEF(`confINCDIRS', `-I/usr/local/ssl/include ')
dnl APPENDDEF(`confLIBDIRS', `-L/usr/local/ssl/lib ')
APPENDDEF(`confINCDIRS', `-I/usr/include/openssl ')
APPENDDEF(`confLIBDIRS', `-L/usr/lib ')
dnl Code For Future Release (FFRs):
dnl
dnl See the FEATURES file for descriptions of the features available
dnl as options. Many of these are untested and/or undocumented, so use
dnl at your own risk. To enable one, delete "dnl" from the front of its
dnl line.
dnl
dnl APPENDDEF(`confENVDEF', `-D_FFR_ANTICIPATE_SENDMAIL_MUNGE ')
dnl APPENDDEF(`confENVDEF', `-D_FFR_FLUSH_HEADERS ')
dnl APPENDDEF(`confENVDEF', `-D_FFR_HASH_BUFFERING ')
dnl APPENDDEF(`confENVDEF', `-D_FFR_REQUIRED_HEADERS ')
dnl APPENDDEF(`confENVDEF', `-D_FFR_SELECT_CANONICALIZATION ')

dnl libmilter -- Sendmail's milter library
dnl
dnl This must be in the search rules for your compile. If necessary,
dnl adjust the paths below and enable the lines by deleting "dnl" from the
dnl front of them.
dnl APPENDDEF(`bld_dk_filter_INCDIRS', `-I/usr/local/sendmail/include')
dnl APPENDDEF(`bld_dk_filter_LIBDIRS', `-L/usr/local/sendmail/lib')
APPENDDEF(`bld_dk_filter_INCDIRS', `-I/usr/include/libmilter')
APPENDDEF(`bld_dk_filter_LIBDIRS', `-L/usr/lib')
dnl smfi_addheader() -- older versions of libmilter
dnl
dnl If you run a version of libmilter too old to have the smfi_insheader()
dnl primitive, you can enable this to have dk-filter use smfi_addheader()
dnl instead. It will still work, but it breaks the DKIM specification.
dnl To enable this, remove the "dnl" from the front of the line.
dnl APPENDDEF(`conf_dk_filter_ENVDEF', `-DNO_SMFI_INSHEADER ')

#cp site.config.m4.dist devtools/Site/site.config.m4
#make; make install

I got 2 errors, but they are manual pages and it should be any problem.

install -c -o bin -g bin -m 444 ar.0 /usr/man/man3/ar.3
install: cannot create regular file `/usr/man/man3/ar.3': No such file or directory
make[1]: *** [install-docs] Error 1

install: cannot create regular file `/usr/man/man8/dk-filter.8': No such file or directory
make[1]: *** [install-docs] Error 1

#openssl genrsa -out rsa.private 768
#openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM
#mkdir -p /var/db/domainkeys/
#cp rsa.private /var/db/domainkeys/mail.key.pem
#cat /var/db/domainkeys/mail.key.pem

I copied the key and pasted it to a notepad
and open the zone dns record and entered the following line with the key that I just pasted in my notepad
mail._domainkey.jkurtzman.com. IN TXT "k=rsa; t=y; p=key from notepad"
_domainkey.jkurtzman.com. IN TXT “t=y; o=~”

#service named restart
#vim /etc/init.d/domainkeys
and entered the follow codes that I got on this link
http://www.jkurtzman.com/blog/2008/06/setting-up-domainkeys-on-centos

#!/bin/sh
#
# “/etc/rc.d/init.d/dk-filter”
# Start/stop script for the dk-filter daemon on RedHat Linux
#
# chkconfig: - 79 31
# description: Acts as the “dk-filter” InputMailFilter (milter) for the \ # Sendmail MTA to provide DomainKeys service

############################################################
#
# Be sure to edit these values:
#
KEYFILE="/var/db/domainkeys/mail.key.pem"
DOMAIN="mydomain.com"
SELECTOR="mail"
USER="domainkeys"
#
############################################################

PIDFILE=”/var/run/dk-milter/pid”
SUBMISSION_DAEMON=”smtp”
PORT=8891

# Source function library. Provides the “status” option
. /etc/init.d/functions

test -x `which dk-filter` || exit 0

RETVAL=0

start() {
echo -n $”Starting dk-filter: ”
COMMAND=”dk-filter -u $USER -b s -p inet:$PORT@localhost -l -P $PIDFILE -s $KEYFILE -d $DOMAIN -S $SELECTOR -m$SUBMISSION_DAEMON -c nofws”
# echo -e “Now executing\n”$COMMAND”"
daemon $COMMAND
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/dk-filter
return $RETVAL
}

stop() {
echo -n $”Stopping dk-filter: ”
killproc dk-filter
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $PIDFILE /var/lock/subsys/dk-filter
return $RETVAL
}

restart() {
stop
start
}

case “$1″ in
start)
start
;;
stop)
stop
;;
status)
status dk-filter
;;
restart)
restart
;;
*)
echo $”Usage: $0 {start|stop|status|restart}”
exit 1
esac

exit $?

#chmod +x /etc/init.d/domainkeys
#useradd domainkeys
#service domainkeys start
#chkconfig domainkeys on
#vim /etc/mail/sendmail.mc
added
INPUT_MAIL_FILTER(`dk-filter’, `S=inet:8891@localhost’)
#service sendmail restart

Then I tested Selector Record many time and it always come up with the error like this: "This selector is in error: Tag 'p': Error From openssl: unable to load Public Key"

I believe I specified the correct path for SSL (openssl) and I don't know what I did incorrectly.

I need help.

Discussion

  • Anonymous - 2009-01-19

    What's the real domain name you used to set up your public key, and the real name of the selector you chose? I'd like to inspect the record you've posted there.

     
  • Anonymous - 2009-01-19
    • assigned_to: nobody --> sm-msk
    • milestone: --> 819546
    • labels: --> 640125
    • status: open --> pending
     
  • Nick  Nguyen

    Nick Nguyen - 2009-01-19
    • assigned_to: sm-msk --> nobody
    • labels: 640125 -->
    • milestone: 819546 -->
    • status: pending --> open
     
  • Nick  Nguyen

    Nick Nguyen - 2009-01-19

    DNS zone record I entered is:

    mail._domainkey.mydomain.com. IN TXT "k=rsa; t=y; p=key from
    notepad"
    _domainkey.mydomain.com. IN TXT “t=y; o=~”

     
  • Anonymous - 2009-01-19

    Your domain name isn't "mydomain.com", is it?

    I'd like to be able to query it with my own tools, but I can't do that unless you reveal the domain name.

     
  • Anonymous - 2009-01-19
    • assigned_to: nobody --> sm-msk
    • milestone: --> 897443
    • labels: --> 640245
    • status: open --> pending
     
  • Anonymous - 2009-01-19

    If you did exactly what you said and pasted "mail._domainkey.jkurtzman.com" into your own zone file, that won't work. That's advertising a text record called "mail._domainkey.jkurtzman.com.example.com" where "example.com" is your domain name. You probably didn't want that.

    Take out ".jkurtzman.com", update your zone file's serial number, reload your zone, and try it again. The record should look like:

    mail._domainkey IN TXT "k=rsa; t=y; p=(base64-key-data-here)"

     
  • Anonymous - 2009-01-19
    • milestone: 897443 --> v1.0.1
    • labels: 640245 --> Other
     
  • SourceForge Robot

    This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 14 days (the time period specified by
    the administrator of this Tracker).

     
  • SourceForge Robot

    • status: pending --> closed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks