Hi!I have been running version 5.2-B536 for a long time, and DKIM was working fine. Today I was checking out other unrelated things related to a change in email provider, and I discovered that DKIM is not working. Depending on what changes I made, both GMail (as recipient) and some of the reflectors were giving me various error messages.The last few tries, I have been getting 'dkim=neutral (body hash did not verify) [email protected]'. I have tried generating key pairs both with GenDKIM.bat (which originally worked) and a few online generators. Nothing helps.Any ideas?Thanks.C. A different email provider.I've switched from Google Apps to Cotse.net.Can't see that that should make a difference, and I don't know if it did. It's been months since I used Pegasus Mail+HMailServer.
(I most often use webmail.) It could be that something else in the last few months caused the problem, and I didn't know because I didn't try to use it.Why am I the only one around here whom Martin isn't answering. Has he discovered that I have fleas? If that's the problem, I can get sprayed.Thanks.C. Did you check that result?
The majority of verification failures are due to signature and message body hash verification failures. Body hash verification errors indicate that the body of the message does not agree with the hash (digest) value in the signature. Signature verification errors indicate that the signature value does not correctly verify the signed header fields (including the signature itself) on the message.
Now it complains over the signature being 'bad', not the body hash in particular. This is with the same body you sent to me, right?The DKIM-signature header has weird line breaks in the bounced message you got from the reflector.
But in the copy you sent to me, they looked OK. So maybe the reflector is just not formatting the lines properly in the bounce message.Could you try to send an email using another email client, such as Outlook Express, to see if that has any effect?It would really help if the reflector had mentioned what went wrong, rather than 'something'. Maybe you could try to send to another reflector and see if that is more helpful?Edit: Maybe I'm misreading the response. Maybe the error means that the message signing just failed. I get the same results as the DKIM-reflectors you've tried. The signature of the messages is incorrect.I've tried to send the same message as you, with the contents 'From Thunderbird, sort of', using Thunderbird, to the same DKIM-reflectors but all of them reports success.1) Did you send these messages from Thunderbird? You write 'Sort of' in your body.2) Have you double-checked that the public key matches your private key?3) Have you had other public/private keys connected to the test11 selector before?
Maybe some DNS server have cached old values of the records.
![]() ![]()
I have successfully installed Postfix and OpenDkim on my server, and it's correctly signing mail from several different domains. The host we'll call webhost.example.com. It's running Ubuntu 18.04.2 LTS, Postfix 3.3.0 and OpenDKIM v2.11.0Today I wanted to get output from some CRON jobs sent to my Gmail account so I set up the required entries in the KeyTable and SigningTable and generated the keys and tested it with a one line email to myself. Echo 'Test message' mail -s 'Test message' [email protected] should generate an email from [email protected]. Since there was little response here I posted this question on. Here's I got, courtesy of. Setting the FixCRLF flag solved the problem.
I haven't yet investigated the temporary files to see if there's more information to be had there.The authentication results done by mx.google.com imply there's something different in the respecitve body between the messages you send on the command line and the ones which are send by a cron job: 'body hash did not verify'.One common problem with OpenDKIM are irregular line endings. RFC 5322 states that 'CR and LF MUST only occur together as CRLF; they MUST NOT appear independently in the body.'
So maybe the messages send by you manually have correct line endings, but the ones send by a cron job do not. You can try to set 'FixCRLF yes' in the config of OpenDKIM.Despite whether this is the cause, you can enable 'KeepTemporaryFiles' in OpenDKIM: 'Instructs the filter to create temporary files containing the header and body canonicalizations of messages that are signed or verified. The location of these files can be set using the TemporaryDirectory parameter. Intended only for debugging verification problems.' That way you can compare the original body and the one delivered to GMail and probably find out what's the difference that causes the validation error.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |