From: Michael W. <hu...@us...> - 2005-12-03 14:37:49
|
Morning - After upgrading dk/dkim to the latest version, i sent off an email to the various reflectors, and seems as if my sign is failing. I am unsure at this point if its SRS or not, can someone look at the headers below that came back from alt-n and see if they can see anything outstanding as to why i would be failing? Thank you very much in advance Michael Weiner ------ Forwarded Message From: <dki...@al...> Reply-To: <SRS0=4zyoA=2A=userfriendly.net=hu...@us...> Date: Sat, 03 Dec 2005 08:13:43 -0600 To: <SRS0=4zyoA=2A=userfriendly.net=hu...@us...> Subject: 0.2.0 test DKIM RULES! Headers of original email: -----8<--------- Return-path: <SRS0=4zyoA=2A=userfriendly.net=hu...@us...> Received: from r2d2.altn.com by altn.com (MDaemon.PRO.v9.0.0a.R) with ESMTP id md50001376701.msg for <dki...@al...>; Sat, 03 Dec 2005 08:13:34 -0600 Authentication-Results: r2d2.altn.com smtp.mail=SRS0=4zyoA=2A=userfriendly.net=hu...@us...; spf=pass Authentication-Results: r2d2.altn.com header.from=SRS0=4zyoA=2A=userfriendly.net=hu...@us...; domainkeys=neutral (bad but testing); dkim=neutral (1:-4:DKIM_SIGNATURE_BAD_BUT_TESTING;) Received-SPF: pass (r2d2.altn.com: domain of SRS0=4zyoA=2A=userfriendly.net=hu...@us... designates 68.22.33.179 as permitted sender) x-spf-client=MDaemon.PRO.v9.0.0a.R receiver=r2d2.altn.com client-ip=68.22.33.179 envelope-from=<SRS0=4zyoA=2A=userfriendly.net=hu...@us...> helo=spambox.userfriendly.net Received: from spambox.userfriendly.net ([68.22.33.179]) by r2d2.altn.com (r2d2.altn.com) (Cipher TLSv1:RC4-MD5:128) (MDaemon.PRO.v9.0.0a.R) with ESMTP id md50001594057.msg for <dki...@al...>; Sat, 03 Dec 2005 08:20:21 -0600 Received-SPF: pass (spambox.userfriendly.net: authenticated connection) receiver=spambox.userfriendly.net; client-ip=68.22.33.178; helo=[192.168.254.102]; envelope-from=hu...@us...; x-software=spfmilter 0.97 http://www.acme.com/software/spfmilter/ with libspf-unknown; X-DomainKeys: Sendmail DomainKeys Filter v0.3.1 spambox.userfriendly.net jB3EF9hA009712 DomainKey-Signature: a=rsa-sha1; s=ufn; d=userfriendly.net; c=simple; q=dns; b=lwL98Irwi3oaxg6PxdZIdxtlo+JuiX7OT3t2RsYYPwa22XYgWuOrrlGiLo3wyIUk X-DKIM: Sendmail DKIM Filter v0.2.0 spambox.userfriendly.net jB3EF9hA009712 DKIM-Signature: a=rsa-sha1; c=simple/simple; d=userfriendly.net; s=ufn; t=1133619318; h=User-Agent:Date:Subject:From:To:Message-ID: Thread-Topic:Thread-Index:Mime-version:Content-type: Content-transfer-encoding:X-Spam-Status:X-Spam-Checker-Version: X-DCC-Misty-Metrics:X-Virus-Scanned:X-Virus-Status; b=LQSNeEe5tN54k 6ZguJcV4TipGKW3WJvB65yREIiBb7LMwTstg3mQ0BgOfo/3Y65b Received: from [192.168.254.102] (moonbeam.userfriendly.net [68.22.33.178] (may be forged)) (authenticated bits=0) by spambox.userfriendly.net (8.13.1/8.13.4 UFN-Mailer) with ESMTP id jB3EF9hA009712 (version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=NO); Sat, 3 Dec 2005 09:15:10 -0500 User-Agent: Microsoft-Entourage/11.2.1.051004 Date: Sat, 03 Dec 2005 09:15:03 -0500 Subject: 0.2.0 test From: Michael Weiner <hu...@us...> To: <dki...@al...>, <dki...@mt...>, <aut...@el...>, <dk...@bl...> Message-ID: <BFB71297.B624%hu...@us...> Thread-Topic: 0.2.0 test Thread-Index: AcX4E/PnMmLOi2QHEdqA5wANk3OhrA== Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit X-DCC-Misty-Metrics: fedora 1170; Body=0 X-Virus-Scanned: ClamAV 0.80/1054/Fri Sep 2 10:26:51 2005 clamav-milter version 0.80j on localhost X-Virus-Status: Clean X-Spam-Processed: r2d2.altn.com, Sat, 03 Dec 2005 08:20:21 -0600 (processed during SMTP session) X-MDAV-Processed: r2d2.altn.com, Sat, 03 Dec 2005 08:20:22 -0600 X-Spam-Report: * -0.5 MDAEMON_SPF_PASS MDaemon: passed SPF verification * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 SPF_PASS SPF: sender matches SPF record * 1.6 BAYES_50 BODY: Bayesian spam probability is 40 to 60% * [score: 0.5000] * 1.5 BLANK_LINES_70_80 BODY: Message body has 70-80% blank lines * 1.6 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records X-Spam-Status: No, score=4.30 required=4.4 X-Spam-Level: **** X-Spam-Processed: c3po.altn.com, Sat, 03 Dec 2005 08:13:34 -0600 (processed during SMTP session) X-MDRcpt-To: dki...@al... X-Rcpt-To: dki...@al... X-Return-Path: SRS0=4zyoA=2A=userfriendly.net=hu...@us... X-MDaemon-Deliver-To: dki...@al... Reply-To: SRS0=4zyoA=2A=userfriendly.net=hu...@us... X-MDAV-Processed: c3po.altn.com, Sat, 03 Dec 2005 08:13:36 -0600 ------ End of Forwarded Message |
From: Michael W. <hu...@us...> - 2005-12-03 16:28:49
|
On 12/3/05 9:37 AM, "Michael Weiner" <hu...@us...> wrote: > Morning - > > After upgrading dk/dkim to the latest version, i sent off an email to the > various reflectors, and seems as if my sign is failing. I am unsure at this > point if its SRS or not, can someone look at the headers below that came > back from alt-n and see if they can see anything outstanding as to why i > would be failing? > -- and i am also getting this back from mtcc <logent fac="DKIM-Vfy" sev="Info" date="Dec 03 08:17:50">SSP Check for hu...@us... <from>Michael Weiner <hu...@us...></from><msgid><BFB72E93.B671%hunter@ userfriendly.net></msgid></logent> <logent fac="DKIM" sev="Info" date="Dec 03 08:17:50">DNS method query=_policy._domainkey.userfriendly.net <from>Michael Weiner <hu...@us...></from><msgid><BFB72E93.B671%hunter@ userfriendly.net></msgid></logent> vfy=fasolt.mtcc.com; header.From=hu...@us...; dkim=neutral ( RSA-48 err: Michael Weiner <hu...@us...>; userfriendly.net/ufn fail; ); <logent fac="XP" sev="Info" date="Dec 03 08:17:50">EOMstats: msg=1 type=MAIL/SMTP; dispose=pass; size=2337; Sender=(null); Date=Sat, 03 Dec 2005 11:14:27 -0500; CLAM=0.00; COMPLY=0.00; URL=0.00; SA=0.00; RATING=(r:0.00; c:0; a:6); ip4=; <from>Michael Weiner <hu...@us...></from><msgid><BFB72E93.B671%hunter@ userfriendly.net></msgid></logent> <logent fac="IIM" sev="Info" date="Dec 03 08:17:50">Message Received<from>Michael Weiner <hu...@us...></from><msgid><BFB72E93.B671%hunter@ userfriendly.net></msgid></logent> run time = 0 thread high: 1 Can someone help me fix this failure? Here is my dns txt records: $host -t txt ufn._domainkey.userfriendly.net ufn._domainkey.userfriendly.net text "v=DKIM1\; k=rsa\; t=y\; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMSWWfhhrUd2Fzl1FIdEpETqArc+5kjwE67b9v7C6n 43JVtepwtsrx9rrpYixM8aKcIGr4Ncd20kf+GCI6N8UlECAwEAAQ==" and i startup dkim from an initscript as follows: DKIM_MILTER=/usr/bin/dkim-filter DKIM_EXTRA_FLAGS="-A -l -c nowsp -d userfriendly.net -D -i /etc/mail/ilist -h -u domainkeys -m MTA,TLSMTA,MSA -R" DKIM_SOCKET="inet:8894@localhost" DKIM_KEY_PATH="/var/db/domainkeys/ufn.key.pem" # DKIM_KEY_PATH="/var/db/domainkeys/keyset-list" # for use with -k option DKIM_SELECTOR="ufn" daemon $NICELEVEL $DKIM_MILTER -p ${DKIM_SOCKET} ${DKIM_EXTRA_FLAGS} -s ${DKIM_KEY_PATH} -S ${DKIM_SELECTOR} And i cant seem to see where/why its failing. Thanks in advance Michael Weiner |
From: Jim F. <jf...@bl...> - 2005-12-03 17:01:39
|
I'm not sure that mtcc is up to the -01 draft yet. In general, if they're signing with nowsp canonicalization, you should probably assume they aren't. I didn't see mtcc's signature in your message though. -Jim On Sat, 2005-12-03 at 11:28 -0500, Michael Weiner wrote: > On 12/3/05 9:37 AM, "Michael Weiner" <hu...@us...> wrote: > > > Morning - > > > > After upgrading dk/dkim to the latest version, i sent off an email to the > > various reflectors, and seems as if my sign is failing. I am unsure at this > > point if its SRS or not, can someone look at the headers below that came > > back from alt-n and see if they can see anything outstanding as to why i > > would be failing? > > > -- > > and i am also getting this back from mtcc > > <logent fac="DKIM-Vfy" sev="Info" date="Dec 03 08:17:50">SSP Check for > hu...@us... > <from>Michael Weiner > <hu...@us...></from><msgid><BFB72E93.B671%hunter@ > userfriendly.net></msgid></logent> > <logent fac="DKIM" sev="Info" date="Dec 03 08:17:50">DNS method > query=_policy._domainkey.userfriendly.net > <from>Michael Weiner > <hu...@us...></from><msgid><BFB72E93.B671%hunter@ > userfriendly.net></msgid></logent> > vfy=fasolt.mtcc.com; header.From=hu...@us...; dkim=neutral ( > RSA-48 err: Michael Weiner <hu...@us...>; > userfriendly.net/ufn > fail; ); > <logent fac="XP" sev="Info" date="Dec 03 08:17:50">EOMstats: msg=1 > type=MAIL/SMTP; dispose=pass; size=2337; Sender=(null); Date=Sat, 03 Dec > 2005 11:14:27 -0500; > CLAM=0.00; COMPLY=0.00; URL=0.00; SA=0.00; RATING=(r:0.00; c:0; a:6); > ip4=; > <from>Michael Weiner > <hu...@us...></from><msgid><BFB72E93.B671%hunter@ > userfriendly.net></msgid></logent> > <logent fac="IIM" sev="Info" date="Dec 03 08:17:50">Message > Received<from>Michael Weiner > <hu...@us...></from><msgid><BFB72E93.B671%hunter@ > userfriendly.net></msgid></logent> > run time = 0 thread high: 1 > > Can someone help me fix this failure? Here is my dns txt records: > $host -t txt ufn._domainkey.userfriendly.net > ufn._domainkey.userfriendly.net text "v=DKIM1\; k=rsa\; t=y\; > p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMSWWfhhrUd2Fzl1FIdEpETqArc+5kjwE67b9v7C6n > 43JVtepwtsrx9rrpYixM8aKcIGr4Ncd20kf+GCI6N8UlECAwEAAQ==" > > and i startup dkim from an initscript as follows: > > DKIM_MILTER=/usr/bin/dkim-filter > DKIM_EXTRA_FLAGS="-A -l -c nowsp -d userfriendly.net -D -i /etc/mail/ilist > -h -u domainkeys -m MTA,TLSMTA,MSA -R" > DKIM_SOCKET="inet:8894@localhost" > DKIM_KEY_PATH="/var/db/domainkeys/ufn.key.pem" > # DKIM_KEY_PATH="/var/db/domainkeys/keyset-list" # for use with -k option > DKIM_SELECTOR="ufn" > > daemon $NICELEVEL $DKIM_MILTER -p ${DKIM_SOCKET} ${DKIM_EXTRA_FLAGS} -s > ${DKIM_KEY_PATH} -S ${DKIM_SELECTOR} > > And i cant seem to see where/why its failing. > > Thanks in advance > Michael Weiner > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > _______________________________________________ > dkim-milter-discuss mailing list > dki...@li... > https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss -- Jim Fenton <jf...@bl...> |
From: Michael W. <hu...@us...> - 2005-12-03 17:09:25
|
On 12/3/05 12:01 PM, "Jim Fenton" <jf...@bl...> wrote: > I'm not sure that mtcc is up to the -01 draft yet. In general, if > they're signing with nowsp canonicalization, you should probably assume > they aren't. I didn't see mtcc's signature in your message though. -- Jim - Thanks for replying. Here is the complete email back from mtcc: >>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<< >From SRS0=4zyoA=2A=userfriendly.net=hu...@us... Sat Dec 3 08:17:41 2005 Received: from spambox.userfriendly.net (ns2.userfriendly.net [68.22.33.179]) by fasolt.mtcc.com (8.13.1/8.13.1) with ESMTP id jB3GHeHS020845 for <dki...@mt...>; Sat, 3 Dec 2005 08:17:40 -0800 Received-SPF: pass (spambox.userfriendly.net: authenticated connection) receiver=spambox.userfriendly.net; client-ip=68.22.33.178; helo=[192.168.254.102]; envelope-from=hu...@us...; x-software=spfmilter 0.97 http://www.acme.com/software/spfmilter/ with libspf-unknown; X-DomainKeys: Sendmail DomainKeys Filter v0.3.1 spambox.userfriendly.net jB3GES55020056 DomainKey-Signature: a=rsa-sha1; s=ufn; d=userfriendly.net; c=simple; q=dns; b=K4Cm8Hn6jc3L9wbyAVIWyTcrK4IRWupcdmbIR2fRUzf6PByIh4WznulAgGmw4uoI X-DKIM: Sendmail DKIM Filter v0.2.0 spambox.userfriendly.net jB3GES55020056 DKIM-Signature: a=rsa-sha1; c=nowsp/nowsp; d=userfriendly.net; s=ufn; t=1133626642; h=User-Agent:Date:Subject:From:To:Message-ID: Thread-Topic:Thread-Index:Mime-version:Content-type: Content-transfer-encoding:X-Spam-Status:X-Spam-Checker-Version: X-DCC-Misty-Metrics:X-Virus-Scanned:X-Virus-Status; b=GM15XhHjzQhBw cinfw7OFArirqQMWtbdc8xpqD1LHc4HSIGDoGDqhPy2i0FLHAnX Received: from [192.168.254.102] (moonbeam.userfriendly.net [68.22.33.178] (may be forged)) (authenticated bits=0) by spambox.userfriendly.net (8.13.1/8.13.4 UFN-Mailer) with ESMTP id jB3GES55020056 (version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=NO); Sat, 3 Dec 2005 11:16:50 -0500 User-Agent: Microsoft-Entourage/11.2.1.051004 Date: Sat, 03 Dec 2005 11:14:27 -0500 Subject: 0.2.0 test From: Michael Weiner <hu...@us...> To: <dki...@al...>, <dki...@mt...>, <aut...@el...>, <dk...@bl...> Message-ID: <BFB72E93.B671%hu...@us...> Thread-Topic: 0.2.0 test Thread-Index: AcX4JKH64GjP2mQXEdqA5wANk3OhrA== Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit X-Spam-Status: No, score=-4.1 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on fedora X-DCC-Misty-Metrics: fedora 1170; Body=0 X-Virus-Scanned: ClamAV 0.80/1054/Fri Sep 2 10:26:51 2005 clamav-milter version 0.80j on localhost X-Virus-Status: Clean 0.2.0 test >>>>>>>>>>>>>>> DKIM Processing Output <<<<<<<<<<<<<<< <logent fac="XP" sev="Info" date="Dec 03 08:17:50">Loaded 30736 signatures. </logent> xipe version 0.1 starting up... <logent fac="DKIM" sev="Info" date="Dec 03 08:17:50">DNS method query=ufn._domainkey.userfriendly.net <from>Michael Weiner <hu...@us...></from><msgid><BFB72E93.B671%hunter@ userfriendly.net></msgid></logent> vfy: canonicalized 1073 bytes: calculated hash: 27f341596a21f340dcf281d9f3e5f046da808cd5 {{canontrace-vfy}} user-agent:Microsoft-Entourage/11.2.1.051004'0d''0a' date:Sat,03Dec200511:14:27-0500'0d''0a' subject:0.2.0test'0d''0a' from:MichaelWeiner<hu...@us...>'0d''0a' to:<dki...@al...>,<dki...@mt...>,<aut...@el...> ,<dk...@bl...>'0d''0a' message-id:<BFB72E93.B671%hu...@us...>'0d''0a' thread-topic:0.2.0test'0d''0a' thread-index:AcX4JKH64GjP2mQXEdqA5wANk3OhrA=='0d''0a' mime-version:1.0'0d''0a' content-type:text/plain;charset="US-ASCII"'0d''0a' content-transfer-encoding:7bit'0d''0a' x-spam-status:No,score=-4.1required=3.0tests=ALL_TRUSTED,AWL,BAYES_00autolea rn=hamversion=3.1.0'0d''0a' x-spam-checker-version:SpamAssassin3.1.0(2005-09-13)onfedora'0d''0a' x-dcc-misty-metrics:fedora1170;Body=0'0d''0a' x-virus-scanned:ClamAV0.80/1054/FriSep210:26:512005clamav-milterversion0.80j onlocalhost'0d''0a' x-virus-status:Clean'0d''0a' '0d''0a' 0.2.0test'0d''0a' dkim-signature:a=rsa-sha1;c=nowsp/nowsp;d=userfriendly.net;s=ufn;t=113362664 2;h=User-Agent:Date:Subject:From:To:Message-ID:Thread-Topic:Thread-Index:Mim e-version:Content-type:Content-transfer-encoding:X-Spam-Status:X-Spam-Checke r-Version:X-DCC-Misty-Metrics:X-Virus-Scanned:X-Virus-Status;b= {{/canontrace-vfy}} <logent fac="DKIM-Vfy" sev="Error" date="Dec 03 08:17:50">RSA-48 err: Michael Weiner <hu...@us...> error:04077077:lib(4):func(119):reason(119) 'a=rsa-sha1; c=nowsp/nowsp; d=userfriendly.net; s=ufn;
 t=1133626642; h=User-Agent:Date:Subject:From:To:Message-ID:
 Thread-Topic:Thread-Index:Mime-version:Content-type:
 Content-transfer-encoding:X-Spam-Status:X-Spam-Checker-Version:
 X-DCC-Misty-Metrics:X-Virus-Scanned:X-Virus-Status; b=' <from>Michael Weiner <hu...@us...></from><msgid><BFB72E93.B671%hunter@ userfriendly.net></msgid></logent> <logent fac="DKIM" sev="Warning" date="Dec 03 08:17:50">can't append bogofile /var/log/iim/iim.bogo <from>Michael Weiner <hu...@us...></from><msgid><BFB72E93.B671%hunter@ userfriendly.net></msgid></logent> >From SRS0=4zyoA=2A=userfriendly.net=hu...@us... ip=; hdrvfy=unknown; Received: from spambox.userfriendly.net (ns2.userfriendly.net [68.22.33.179]) by fasolt.mtcc.com (8.13.1/8.13.1) with ESMTP id jB3GHeHS020845 for <dki...@mt...>; Sat, 3 Dec 2005 08:17:40 -0800 Received-SPF: pass (spambox.userfriendly.net: authenticated connection) receiver=spambox.userfriendly.net; client-ip=68.22.33.178; helo=[192.168.254.102]; envelope-from=hu...@us...; x-software=spfmilter 0.97 http://www.acme.com/software/spfmilter/ with libspf-unknown; X-DomainKeys: Sendmail DomainKeys Filter v0.3.1 spambox.userfriendly.net jB3GES55020056 DomainKey-Signature: a=rsa-sha1; s=ufn; d=userfriendly.net; c=simple; q=dns; b=K4Cm8Hn6jc3L9wbyAVIWyTcrK4IRWupcdmbIR2fRUzf6PByIh4WznulAgGmw4uoI X-DKIM: Sendmail DKIM Filter v0.2.0 spambox.userfriendly.net jB3GES55020056 DKIM-Signature: a=rsa-sha1; c=nowsp/nowsp; d=userfriendly.net; s=ufn; t=1133626642; h=User-Agent:Date:Subject:From:To:Message-ID: Thread-Topic:Thread-Index:Mime-version:Content-type: Content-transfer-encoding:X-Spam-Status:X-Spam-Checker-Version: X-DCC-Misty-Metrics:X-Virus-Scanned:X-Virus-Status; b=GM15XhHjzQhBw cinfw7OFArirqQMWtbdc8xpqD1LHc4HSIGDoGDqhPy2i0FLHAnX Received: from [192.168.254.102] (moonbeam.userfriendly.net [68.22.33.178] (may be forged)) (authenticated bits=0) by spambox.userfriendly.net (8.13.1/8.13.4 UFN-Mailer) with ESMTP id jB3GES55020056 (version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=NO); Sat, 3 Dec 2005 11:16:50 -0500 User-Agent: Microsoft-Entourage/11.2.1.051004 Date: Sat, 03 Dec 2005 11:14:27 -0500 Subject: 0.2.0 test From: Michael Weiner <hu...@us...> To: <dki...@al...>, <dki...@mt...>, <aut...@el...>, <dk...@bl...> Message-ID: <BFB72E93.B671%hu...@us...> Thread-Topic: 0.2.0 test Thread-Index: AcX4JKH64GjP2mQXEdqA5wANk3OhrA== Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit X-Spam-Status: No, score=-4.1 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on fedora X-DCC-Misty-Metrics: fedora 1170; Body=0 X-Virus-Scanned: ClamAV 0.80/1054/Fri Sep 2 10:26:51 2005 clamav-milter version 0.80j on localhost X-Virus-Status: Clean 0.2.0 test <logent fac="DKIM-Vfy" sev="Info" date="Dec 03 08:17:50">SSP Check for hu...@us... <from>Michael Weiner <hu...@us...></from><msgid><BFB72E93.B671%hunter@ userfriendly.net></msgid></logent> <logent fac="DKIM" sev="Info" date="Dec 03 08:17:50">DNS method query=_policy._domainkey.userfriendly.net <from>Michael Weiner <hu...@us...></from><msgid><BFB72E93.B671%hunter@ userfriendly.net></msgid></logent> vfy=fasolt.mtcc.com; header.From=hu...@us...; dkim=neutral ( RSA-48 err: Michael Weiner <hu...@us...>; userfriendly.net/ufn fail; ); <logent fac="XP" sev="Info" date="Dec 03 08:17:50">EOMstats: msg=1 type=MAIL/SMTP; dispose=pass; size=2337; Sender=(null); Date=Sat, 03 Dec 2005 11:14:27 -0500; CLAM=0.00; COMPLY=0.00; URL=0.00; SA=0.00; RATING=(r:0.00; c:0; a:6); ip4=; <from>Michael Weiner <hu...@us...></from><msgid><BFB72E93.B671%hunter@ userfriendly.net></msgid></logent> <logent fac="IIM" sev="Info" date="Dec 03 08:17:50">Message Received<from>Michael Weiner <hu...@us...></from><msgid><BFB72E93.B671%hunter@ userfriendly.net></msgid></logent> run time = 0 thread high: 1 |
From: SM <sm...@re...> - 2005-12-03 18:02:12
|
Hi Jim, At 09:01 03-12-2005, Jim Fenton wrote: >I'm not sure that mtcc is up to the -01 draft yet. In general, if >they're signing with nowsp canonicalization, you should probably assume >they aren't. I didn't see mtcc's signature in your message though. The mtcc is up to the -01 draft. BTW, DKIM 0.2.0 is not backward compatible with previous versions if you are using simple canonicalization as the DKIM-Signature header uses the c=simple/simple tag. Regards, -sm |
From: SM <sm...@re...> - 2005-12-03 18:19:46
|
Hi Michael, At 08:28 03-12-2005, Michael Weiner wrote: >Can someone help me fix this failure? Here is my dns txt records: >$host -t txt ufn._domainkey.userfriendly.net >ufn._domainkey.userfriendly.net text "v=DKIM1\; k=rsa\; t=y\; >p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMSWWfhhrUd2Fzl1FIdEpETqArc+5kjwE67b9v7C6n >43JVtepwtsrx9rrpYixM8aKcIGr4Ncd20kf+GCI6N8UlECAwEAAQ==" Remove the "v=DKIM1" and test. >and i startup dkim from an initscript as follows: > >DKIM_MILTER=/usr/bin/dkim-filter >DKIM_EXTRA_FLAGS="-A -l -c nowsp -d userfriendly.net -D -i /etc/mail/ilist >-h -u domainkeys -m MTA,TLSMTA,MSA -R" Use relaxed or simple instead of nowsp. Regards, -sm |
From: Murray S. K. <ms...@se...> - 2005-12-05 19:42:18
|
On Sat, 3 Dec 2005, SM wrote: > BTW, DKIM 0.2.0 is not backward compatible with previous versions if you > are using simple canonicalization as the DKIM-Signature header uses the > c=simple/simple tag. c=simple implies c=simple/simple in the new draft, so there should be some backward compatibility. |
From: SM <sm...@re...> - 2005-12-05 20:12:42
|
Hi Murray, At 11:42 05-12-2005, Murray S. Kucherawy wrote: >c=simple implies c=simple/simple in the new draft, so there should >be some backward compatibility. I tested a DKIM 0.2.0 signed message against the previous version. The previous version expects "c=simple". It does not process "c=simple/simple" correctly. If you want to preserve backward compatibility, you would have to use "c=simple" for the DKIM-Signature. Regards, -sm |
From: Murray S. K. <ms...@se...> - 2005-12-05 21:11:36
|
On Mon, 5 Dec 2005, SM wrote: >> c=simple implies c=simple/simple in the new draft, so there should be some >> backward compatibility. > > I tested a DKIM 0.2.0 signed message against the previous version. The > previous version expects "c=simple". It does not process "c=simple/simple" > correctly. If you want to preserve backward compatibility, you would have to > use "c=simple" for the DKIM-Signature. I was referring to DKIM 0.2.0 verifying DKIM 0.1.1 signatures. I realize older versions won't understand the x/y format. |
From: SM <sm...@re...> - 2005-12-03 18:19:45
|
Hi Michael, At 06:37 03-12-2005, Michael Weiner wrote: >After upgrading dk/dkim to the latest version, i sent off an email to the >various reflectors, and seems as if my sign is failing. I am unsure at this >point if its SRS or not, can someone look at the headers below that came >back from alt-n and see if they can see anything outstanding as to why i >would be failing? SRS should not affect the signature as it is an envelope rewrite. Regards, -sm |
From: Michael W. <hu...@us...> - 2005-12-03 18:33:58
|
On 12/3/05 1:12 PM, "SM" <sm...@re...> wrote: > Hi Michael, > At 06:37 03-12-2005, Michael Weiner wrote: >> After upgrading dk/dkim to the latest version, i sent off an email to the >> various reflectors, and seems as if my sign is failing. I am unsure at this >> point if its SRS or not, can someone look at the headers below that came >> back from alt-n and see if they can see anything outstanding as to why i >> would be failing? > > SRS should not affect the signature as it is an envelope rewrite. -- You are correct :) I disabled it anyway and tested and get the same resuts - as expected. Now to see where/why i am failing against the reflectors. thanks again for all your help Michael Weiner |
From: Michael W. <hu...@us...> - 2005-12-04 01:40:42
|
I keep getting this from a reflector: >>>>>>>>>>>>>>> DKIM Processing Output <<<<<<<<<<<<<<< [Dec 03 16:26:12: 1 f:<unknown> m:<unknown>] Sig: Illegal canonicalization algorithm [Dec 03 16:26:12: 1 f:Michael Weiner <hu...@us...> m:<BFB7AFF4.B7D2%hu...@us...>] Null DKIM Policy Check for hu...@us... [Dec 03 16:26:12: 1 f:Michael Weiner <hu...@us...> m:<BFB7AFF4.B7D2%hu...@us...>] DNS method query=_policy._domainkey.userfriendly.net vfy=testing.dkim.org; header.from=hu...@us...; dkim=neutral run time = 0 thread high: 1 any idea what to look for? i have the following DNS records: $host -t txt _policy._domainkey.userfriendly.net _policy._domainkey.userfriendly.net text "o=~\; r=ab...@us..." $host -t txt _domainkey.userfriendly.net _domainkey.userfriendly.net text "k=rsa\; h=sha1\; g=*\; s=email\; t=y\;" "p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMSWWfhhrUd2Fzl1FIdEpETqArc+5kjwE67b9v7C6 n43JVtepwtsrx9rrpYixM8aKcIGr4Ncd20kf+GCI6N8UlECAwEAAQ==\;" $host -t txt ufn._domainkey.userfriendly.net ufn._domainkey.userfriendly.net text "k=rsa\; h=sha1\; g=*\; s=email\; t=y\;" "p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMSWWfhhrUd2Fzl1FIdEpETqArc+5kjwE67b9v7C6 n43JVtepwtsrx9rrpYixM8aKcIGr4Ncd20kf+GCI6N8UlECAwEAAQ==\;" and start the filter up as follows" /usr/bin/dkim-filter -p inet:8894@localhost -A -l -c simple -d userfriendly.net -D -i /etc/mail/ilist -u domainkeys -m MTA TLSMTA MSA -h -s /var/db/domainkeys/ufn.key.pem -S ufn I am not publishing per user records at this time, and i am unsure where its failing. Does anyone have any pointers? Thanks Michael Weiner |
From: SM <sm...@re...> - 2005-12-04 03:33:05
|
Hi Michael, At 17:40 03-12-2005, Michael Weiner wrote: >I keep getting this from a reflector: > > >>>>>>>>>>>>>>> DKIM Processing Output <<<<<<<<<<<<<<< >[Dec 03 16:26:12: 1 f:<unknown> m:<unknown>] > Sig: Illegal canonicalization algorithm The reflector may not support draft -01. Please copy your reply to me. I'll see whether it passes signature verification. Regards, -sm |
From: Michael W. <hu...@us...> - 2005-12-04 03:38:40
|
On 12/3/05 10:32 PM, "SM" <sm...@re...> wrote: > Please copy your reply to me. I'll see whether it passes signature > verification. -- SM - been reading and re-reading and tweaking lately and now get the following from ALT-Ns reflector (which looks good except for domainkeys): DKIM RULES! Headers of original email: -----8<--------- Return-path: <SRS0=08PLN=2B=userfriendly.net=hu...@us...> Received: from r2d2.altn.com by altn.com (MDaemon.PRO.v9.0.0a.R) with ESMTP id md50001377099.msg for <dki...@al...>; Sat, 03 Dec 2005 21:31:48 -0600 Authentication-Results: r2d2.altn.com smtp.mail=SRS0=08PLN=2B=userfriendly.net=hu...@us...; spf=pass Authentication-Results: r2d2.altn.com header.from=SRS0=08PLN=2B=userfriendly.net=hu...@us...; domainkeys=neutral (bad but testing); dkim=pass (1:0:good;) Received-SPF: pass (r2d2.altn.com: domain of SRS0=08PLN=2B=userfriendly.net=hu...@us... designates 68.22.33.179 as permitted sender) x-spf-client=MDaemon.PRO.v9.0.0a.R receiver=r2d2.altn.com client-ip=68.22.33.179 envelope-from=<SRS0=08PLN=2B=userfriendly.net=hu...@us...> helo=spambox.userfriendly.net Received: from spambox.userfriendly.net ([68.22.33.179]) by r2d2.altn.com (r2d2.altn.com) (Cipher TLSv1:RC4-MD5:128) (MDaemon.PRO.v9.0.0a.R) with ESMTP id md50001594613.msg for <dki...@al...>; Sat, 03 Dec 2005 21:38:35 -0600 Received-SPF: pass (spambox.userfriendly.net: authenticated connection) receiver=spambox.userfriendly.net; client-ip=68.22.33.178; helo=[192.168.254.102]; envelope-from=hu...@us...; x-software=spfmilter 0.97 http://www.acme.com/software/spfmilter/ with libspf-unknown; X-DomainKeys: Sendmail DomainKeys Filter v0.3.1 spambox.userfriendly.net jB43XUa1031341 DomainKey-Signature: a=rsa-sha1; s=ufn; d=userfriendly.net; c=simple; q=dns; b=DZa+JLzqJsJl2NKkfv9EIRJnUi3TtQGqsfRaeDWfqnPoS6p/mKUoDb8KH6zGLnj5t zN+IC12kDEWTpBELP6d7w== X-DKIM: Sendmail DKIM Filter v0.2.0 spambox.userfriendly.net jB43XUa1031341 DKIM-Signature: a=rsa-sha1; c=simple/simple; d=userfriendly.net; s=ufn; t=1133667214; h=User-Agent:Date:Subject:From:To:Message-ID: Thread-Topic:Thread-Index:Mime-version:Content-type: Content-transfer-encoding:X-Spam-Status:X-Spam-Checker-Version: X-DCC-NIET-Metrics:X-Virus-Scanned:X-Virus-Status; b=rh98riByQ355Jm UnKZuXFlkQSz0QQVBuvS3ZuUiwcGDiLh3xpucVEfTfCXUiWBrD4VVKqoNJAv1X5Cfu1 PJ4Pg== Received: from [192.168.254.102] (moonbeam.userfriendly.net [68.22.33.178] (may be forged)) (authenticated bits=0) by spambox.userfriendly.net (8.13.1/8.13.4 UFN-Mailer) with ESMTP id jB43XUa1031341 (version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=NO) for <dki...@al...>; Sat, 3 Dec 2005 22:33:30 -0500 User-Agent: Microsoft-Entourage/11.2.1.051004 Date: Sat, 03 Dec 2005 22:33:28 -0500 Subject: final? From: Michael Weiner <hu...@us...> To: "dki...@al..." <dki...@al...> Message-ID: <BFB7CDB8.B815%hu...@us...> Thread-Topic: final? Thread-Index: AcX4g32BvCNxZmR2EdqA5wANk3OhrA== Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit X-DCC-NIET-Metrics: fedora 1080; env_From=12 Body=0 X-Virus-Scanned: ClamAV 0.80/1054/Fri Sep 2 10:26:51 2005 clamav-milter version 0.80j on localhost X-Virus-Status: Clean X-Spam-Processed: r2d2.altn.com, Sat, 03 Dec 2005 21:38:35 -0600 (processed during SMTP session) X-MDAV-Processed: r2d2.altn.com, Sat, 03 Dec 2005 21:38:35 -0600 X-Spam-Report: * 0.0 TO_ADDRESS_EQ_REAL To: repeats address as real name * -0.5 MDAEMON_DKIM_PASS MDaemon: passed DKIM verification * -0.5 MDAEMON_SPF_PASS MDaemon: passed SPF verification * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 SPF_PASS SPF: sender matches SPF record * 1.6 BAYES_50 BODY: Bayesian spam probability is 40 to 60% * [score: 0.5000] * 1.5 BLANK_LINES_70_80 BODY: Message body has 70-80% blank lines * 1.6 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records X-Spam-Status: No, score=3.80 required=4.4 X-Spam-Level: *** X-Spam-Processed: c3po.altn.com, Sat, 03 Dec 2005 21:31:48 -0600 (processed during SMTP session) X-MDRcpt-To: dki...@al... X-Rcpt-To: dki...@al... X-Return-Path: SRS0=08PLN=2B=userfriendly.net=hu...@us... X-MDaemon-Deliver-To: dki...@al... Reply-To: SRS0=08PLN=2B=userfriendly.net=hu...@us... X-MDAV-Processed: c3po.altn.com, Sat, 03 Dec 2005 21:31:50 -0600 Thanks Michael Weiner |
From: SM <sm...@re...> - 2005-12-04 05:27:03
|
Hi Michael, At 19:38 03-12-2005, Michael Weiner wrote: >been reading and re-reading and tweaking lately and now get the following >from ALT-Ns reflector (which looks good except for domainkeys): Turn off the DKIM milter and test the domainkeys. If you get a failure, copy the email to me. Regards, -sm |
From: Jim F. <jf...@bl...> - 2005-12-04 06:35:50
|
On Sat, 2005-12-03 at 20:40 -0500, Michael Weiner wrote: > $host -t txt _domainkey.userfriendly.net > _domainkey.userfriendly.net text "k=rsa\; h=sha1\; g=*\; s=email\; t=y\;" > "p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMSWWfhhrUd2Fzl1FIdEpETqArc+5kjwE67b9v7C6 > n43JVtepwtsrx9rrpYixM8aKcIGr4Ncd20kf+GCI6N8UlECAwEAAQ==\;" > > $host -t txt ufn._domainkey.userfriendly.net > ufn._domainkey.userfriendly.net text "k=rsa\; h=sha1\; g=*\; s=email\; > t=y\;" > "p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMSWWfhhrUd2Fzl1FIdEpETqArc+5kjwE67b9v7C6 > n43JVtepwtsrx9rrpYixM8aKcIGr4Ncd20kf+GCI6N8UlECAwEAAQ==\;" Why does that first record exist? It shouldn't ever be referenced. If it's there as the result of a wildcard, it's probably not a good idea. If someone has the wrong selector name, you would rather that it not return a record than return the wrong record. -Jim -- Jim Fenton <jf...@bl...> |
From: SM <sm...@re...> - 2005-12-04 06:49:25
|
At 22:35 03-12-2005, Jim Fenton wrote: >On Sat, 2005-12-03 at 20:40 -0500, Michael Weiner wrote: > > $host -t txt _domainkey.userfriendly.net > > _domainkey.userfriendly.net text "k=rsa\; h=sha1\; g=*\; s=email\; t=y\;" > > > "p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMSWWfhhrUd2Fzl1FIdEpETqArc+5kjwE67b9v7C6 > > n43JVtepwtsrx9rrpYixM8aKcIGr4Ncd20kf+GCI6N8UlECAwEAAQ==\;" [snip] >Why does that first record exist? It shouldn't ever be referenced. If >it's there as the result of a wildcard, it's probably not a good idea. >If someone has the wrong selector name, you would rather that it not >return a record than return the wrong record. I missed that. It looks like a mistake. _domainkey.userfriendly.net is for the sending domain policy. It should not contain the public key or the above tags. The query should return: _domainkey.userfriendly.net text "t=y\; o=~\" The actual record in DNS should be: _domainkey.userfriendly.net IN TXT "t=y; o=~" Regards, -sm |
From: Michael W. <hu...@us...> - 2005-12-04 13:23:42
|
On 12/4/05 1:48 AM, "SM" <sm...@re...> wrote: > At 22:35 03-12-2005, Jim Fenton wrote: >> On Sat, 2005-12-03 at 20:40 -0500, Michael Weiner wrote: >>> $host -t txt _domainkey.userfriendly.net >>> _domainkey.userfriendly.net text "k=rsa\; h=sha1\; g=*\; s=email\; t=y\;" >>> >> "p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMSWWfhhrUd2Fzl1FIdEpETqArc+5kjwE67b9v7C6 >>> n43JVtepwtsrx9rrpYixM8aKcIGr4Ncd20kf+GCI6N8UlECAwEAAQ==\;" > > [snip] > >> Why does that first record exist? It shouldn't ever be referenced. If >> it's there as the result of a wildcard, it's probably not a good idea. >> If someone has the wrong selector name, you would rather that it not >> return a record than return the wrong record. > > I missed that. It looks like a mistake. _domainkey.userfriendly.net > is for the sending domain policy. It should not contain the public > key or the above tags. The query should return: > > _domainkey.userfriendly.net text "t=y\; o=~\" > > The actual record in DNS should be: > > _domainkey.userfriendly.net IN TXT "t=y; o=~" Correct, i fixed that after re-reading the specs (core and ssp) thank you Michael Weiner |