#32 SSL error:04091068:rsa routines:INT_RSA_VERIFY:bad signature
I configured opendkim with postfix. Signing outgoing e-mail works well, but I have a problem regarding incoming e-mails.
When I receive a DKIM-signed e-mail, DKIM-verification fails with reason="verification failed; insecure key".
My environment is:
- Debian Wheezy 7.11
- Postfix v2.9.6
- OpenDKIM v2.6.8
This is relevant postfix log http://paste.debian.net/738593/
This is the main.cf http://paste.debian.net/738590/
This is the master.cf http://paste.debian.net/738591/
This is the header of e-mail where you can see the message "verification failed; insecure key" http://paste.debian.net/738592/
From what I can see from postfix log, this kind of issue happens for all mails from gmail and for mails from office365 customer; probably it happens for all DKIM-signed e-mails.
Recently, I have installed (compiling from source) opendkim-v2.9.1 on the same machine and the issue is the same.
Best Regards
Nevermind, it was a problem in postfix configuration with "header_checks=". The e-mails were altered by the regexp "/^Mime-Version:/ IGNORE" which was responsible for removing the header field "MIME-Version: 1.0" before the DKIM-verification. So, removing "MIME-Version: 1.0" cause the failure in signature verification.
Best Regards
Rino, you saved me here, thx.