Вопросы Теги

Проверка dkim не работает плохая подпись

Моя проверка DKIM не работает, и я не могу понять почему. Он подписан, но неправильно.

Когда я проверяю домен и селектор, он оказывается действительным, значит, проблема связана с подписью.

Вот дамп одного тестового письма: 

============================================================================
This is SPF/DKIM/DMARC/RBL report generated by a test tool provided 
    by AdminSystem Software Limited.

Any problem, please contact support@emailarchitect.net
============================================================================
Report-Id: a511e572
Sender: dule@example.com
Source-IP: 11.22.33.44
============================================================================
Original email header:

x-sender: dule@example.com
x-receiver: test-a511e572@appmaildev.com
Received: from host1.example.biz ([11.22.33.44]) by appmaildev.com with Microsoft SMTPSVC(8.5.9600.16384);
     Wed, 25 Jan 2017 07:25:09 +0000
Received: from host1.example.biz (localhost [127.0.0.1])
    by host1.example.biz (Postfix) with SMTP id DB0A3164364
    for <test-a511e572@appmaildev.com>; Wed, 25 Jan 2017 08:25:08 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com;
    s=2016; t=1485329108;
    bh=GNttbsw+WDQCAJvuUenSuOnhZUFMDY0bOkhR87y32XA=;
    h=From:Subject:To:Date:From;
    b=dhJTUjBelfWvNPO4/gCWExHc87vC3uucapPxhKosJ/Ka/rgv42bSqARNIAmmROPID
     z7o2txBEt6aSRz+C/v+MnaXIzbFzlkOCUavahehOaGo7jkoIle1N11Yxyn6qe4+uh8
     wykUbHN9/sD4IORxP1sguFAdo9ONlbB6naW7tQoVDDfIhOS6UY5rFw7WmmGJIzitgv
     LJ4a/QrEDDDQX/H+kDessPbULFfLVUlhZQyscbHkb+S/B7s2D93S9vY9CSzrzG/uVj
     jvAYY+4LLhnPpaJBwjtQK2Itygj+gNQ3tvEmP1RwyNjSum0XDSQcQjEWtXs/ZC7Ker
     6rQnOaNhmvSaQ==
From: "dule" <dule@example.com>
Subject: d
To: test-a511e572@appmaildev.com
Message-Id: <1485329108.10136@example.com>
X-Mailer: Usermin 1.690
Date: Wed, 25 Jan 2017 08:25:08 +0100 (CET)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="bound1485329108"
Return-Path: dule@example.com
X-OriginalArrivalTime: 25 Jan 2017 07:25:09.0615 (UTC) FILETIME=[28C68FF0:01D276DC]

============================================================================
SPF: Pass
============================================================================

SPF-Record: v=spf1 mx a ip4:11.22.33.44 a:host1.example.biz ?all
Sender-IP:11.22.33.44
Sender-Domain:example.com

Query TEXT record from DNS server for: example.com
[TXT]: v=spf1 mx a ip4:11.22.33.44 a:host1.example.biz ?all
Parsing SPF record: v=spf1 mx a ip4:11.22.33.44 a:host1.example.biz ?all

Mechanisms: v=spf1

Mechanisms: mx
Testing mechanism mx
Query MX record from DNS server for: example.com
[MX]: mail.example.com
Testing mechanism A:mail.example.com/128
Query A record from DNS server for: mail.example.com
[A]: 11.22.33.44
Testing CIDR: source=11.22.33.44;  11.22.33.44/128
mx hit, Qualifier: +

============================================================================
DKIM: fail
============================================================================

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com;
    s=2016; t=1485329108;
    bh=GNttbsw+WDQCAJvuUenSuOnhZUFMDY0bOkhR87y32XA=;
    h=From:Subject:To:Date:From;
    b=dhJTUjBelfWvNPO4/gCWExHc87vC3uucapPxhKosJ/Ka/rgv42bSqARNIAmmROPID
     z7o2txBEt6aSRz+C/v+MnaXIzbFzlkOCUavahehOaGo7jkoIle1N11Yxyn6qe4+uh8
     wykUbHN9/sD4IORxP1sguFAdo9ONlbB6naW7tQoVDDfIhOS6UY5rFw7WmmGJIzitgv
     LJ4a/QrEDDDQX/H+kDessPbULFfLVUlhZQyscbHkb+S/B7s2D93S9vY9CSzrzG/uVj
     jvAYY+4LLhnPpaJBwjtQK2Itygj+gNQ3tvEmP1RwyNjSum0XDSQcQjEWtXs/ZC7Ker
     6rQnOaNhmvSaQ==
Signed-by: dule@example.com
Expected-Body-Hash: GNttbsw+WDQCAJvuUenSuOnhZUFMDY0bOkhR87y32XA=
Public-Key: v=DKIM1; k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9jrAe+o1L/g0pQefC4AdVPmN2gS2ODghLhfzir0xKTBLl3U+2X33DCStxvHdaLJZYVlKu9PDwr5yXvX4izX5ZnM/gEIm2p3ij0ykQu7Phz6GUvBoozLGPM2876dEVuMZ/aZgqoC4BU8dXGIlif4mqyo6pM76gPwbcj9e98nY+NKJAdKpJV5fMO94wXZ/DjNjI4Sr6bWxrBOZZyh5Am9T/lbOgjjU26ejiroSw//MdXDNGBBp44llHSWEWuUfxamDHaR83UGqhV2gWLpJyrbJtp3Ic8nwuWc0Ko1fR7wbg+HW5OdF9WMf0Id2qTbKQlOSAzbz82Qh5Nj2RCBdBJ1hwIDAQAB;

DKIM-Result: fail (bad signature)

Вот дамп opendkim. conf 

# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.

# Log to syslog
Syslog yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask                   002

# Sign for example.com with key in /etc/mail/dkim.key using
# selector '2007' (e.g. 2007._domainkey.example.com)
Domain /etc/dkim-domains.txt
KeyFile /etc/dkim.key
Selector 2016

# Commonly-used options; the commented-out versions show the defaults.
#Canonicalization       simple
#Mode                   sv
#SubDomains             no
#ADSPAction            continue

# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier.  From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders         From

# List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures
# (ATPS) (experimental)

#ATPSDomains            example.com
#SigningTable refile:/etc/dkim-signingtable
#KeyTable /etc/dkim-keytable
0
задан 25 January 2017 в 09:58
1 ответ

На самом деле похоже, что вышеуказанная конфигурация и ключи в порядке, проблема могла быть с различными инструментами для проверки DKIM и Google, что они выбирают изменения DNS с задержкой.

Я предлагаю провести тесты DKIM через 48 часов после настройки сервера.

0
ответ дан 5 December 2019 в 08:42

Теги

Похожие вопросы