Sendmail OpenDKIM signature failure
by drewhead from LinuxQuestions.org on (#4VBXX)
I've got a self compiled sendmail 8.15.2 on a reasonably up to date 14.2 signing outbound emails via OpenDKIM running on the same box.
My cf has been generated with INPUT_MAIL_FILTER(`opendkim', `S=inet:8891@127.0.0.1')
I've commented out MASQUERADE_AS, and FEATURE(`genericstable' ...
and added in FEATURE(`nocanonify')
all in accordiance with OpenDKIM's README
Both sendmail.cf and submit.cf have been rebuilt.
Both sendmail and OpenDKIM have been restarted.
I created the key via OpenDKIM directions.
opendkim.conf
Code:LogWhy yes
Syslog yes
SyslogSuccess yes
Canonicalization relaxed/simple
Domain drewhead.org,keep.drewhead.org,vgap.drewhead.org
Selector keep_2019
KeyFile /etc/mail/keep_2019.mail.key.pem
Socket inet:8891@localhost
ReportAddress drewhead@drewhead.org
SendReports yes# dig -t TXT keep_2019._domainkey.keep.drewhead.org
Code:; <<>> DiG 9.11.8 <<>> -t TXT keep_2019._domainkey.keep.drewhead.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42474
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;keep_2019._domainkey.keep.drewhead.org. IN TXT
;; ANSWER SECTION:
keep_2019._domainkey.keep.drewhead.org. 86400 IN TXT "v=DKIM1; g=*; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7B2iTMmou7k3D57tKys38BRqMeWCwJYrBHYzQcTyeXUu2/B0JbgXy6vFIGzoRC0FJqKj14iI5WPheJy9tQGnyfAneg1S3tuIGqXck7UPLDEsw0c+3/TM1StbNMTtbR+Z5xz7njGPnN9rsS4p4vMzS6HHOX+y/y+K6rZNDK1mZxQIDAQAB"
;; AUTHORITY SECTION:
drewhead.org. 86400 IN NS ns4.linode.com.
drewhead.org. 86400 IN NS ns2.linode.com.
drewhead.org. 86400 IN NS ns5.linode.com.
drewhead.org. 86400 IN NS ns3.linode.com.
drewhead.org. 86400 IN NS ns1.linode.com.
;; Query time: 23 msec
;; SERVER: 173.230.129.5#53(173.230.129.5)
;; WHEN: Tue Nov 19 11:29:07 EST 2019
;; MSG SIZE rcvd: 424that certainly looks like the generated key.
But testing against https://dkimvalidator.com is failing.
Original Message:
Code:Received: from keep.drewhead.org (keep.drewhead.org [23.239.18.71])
by relay-3.us-west-2.relay-prod (Postfix) with ESMTPS id A845420EB8
for <52hpO6M7jzoGWp@dkimvalidator.com>; Tue, 19 Nov 2019 16:11:57 +0000 (UTC)
Received: from keep.drewhead.org (IDENT:1000@localhost [127.0.0.1])
by keep.drewhead.org (8.15.2/8.15.2) with ESMTPS id xAJGBuR4020615
(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
for <52hpO6M7jzoGWp@dkimvalidator.com>; Tue, 19 Nov 2019 11:11:56 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=keep.drewhead.org;
s=keep_2019; t=1574179916;
bh=dk2ARZdrQZ8MJ9fDD2hPyZF3ZdWK5d4SN6wIdvNR3KA=;
h=From:Subject:To:Date;
b=BwejKkV+5PVkNrUTp4NI9Pv88+MOSRqclbKuKrnvIijbacaeFy6FcS25GWLcANYnu
ViNkOxzkL2DfbtmgLwadaq3knAVhRsX/tPcxsP6xlKTCz51Uxew6rBONQJl10yTunR
b4UOjuXRErXvAkriHNESQNhiWxErcqEVqUC2GL8o=
Received: (from drewhead@localhost)
by keep.drewhead.org (8.15.2/8.15.2/Submit) id xAJGBu4x020613
for 52hpO6M7jzoGWp@dkimvalidator.com; Tue, 19 Nov 2019 11:11:56 -0500
From: drewhead@drewhead.org
Message-Id: <201911191611.xAJGBu4x020613@keep.drewhead.org>
Subject: test
To: 52hpO6M7jzoGWp@dkimvalidator.com
Date: Tue, 19 Nov 2019 11:11:56 -0500 (EST)
X-Mailer: ELM [version 2.5 PL8]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
--
Drew Dowling | Drewhead | http://www.drewhead.org
Concord, North Carolina |drewhead@drewhead.org| CLEMSON Tigers!
VGAP4 Hosting at http://vgap.drewhead.orgDKIM Information:
Code:DKIM Signature
Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=keep.drewhead.org;
s=keep_2019; t=1574179916;
bh=dk2ARZdrQZ8MJ9fDD2hPyZF3ZdWK5d4SN6wIdvNR3KA=;
h=From:Subject:To:Date;
b=BwejKkV+5PVkNrUTp4NI9Pv88+MOSRqclbKuKrnvIijbacaeFy6FcS25GWLcANYnu
ViNkOxzkL2DfbtmgLwadaq3knAVhRsX/tPcxsP6xlKTCz51Uxew6rBONQJl10yTunR
b4UOjuXRErXvAkriHNESQNhiWxErcqEVqUC2GL8o=
Signature Information:
v= Version: 1
a= Algorithm: rsa-sha256
c= Method: relaxed/simple
d= Domain: keep.drewhead.org
s= Selector: keep_2019
q= Protocol:
bh= dk2ARZdrQZ8MJ9fDD2hPyZF3ZdWK5d4SN6wIdvNR3KA=
h= Signed Headers: From:Subject:To:Date
b= Data: BwejKkV+5PVkNrUTp4NI9Pv88+MOSRqclbKuKrnvIijbacaeFy6FcS25GWLcANYnu
ViNkOxzkL2DfbtmgLwadaq3knAVhRsX/tPcxsP6xlKTCz51Uxew6rBONQJl10yTunR
b4UOjuXRErXvAkriHNESQNhiWxErcqEVqUC2GL8o=
Public Key DNS Lookup
Building DNS Query for keep_2019._domainkey.keep.drewhead.org
Retrieved this publickey from DNS: v=DKIM1; g=*; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7B2iTMmou7k3D57tKys38BRqMeWCwJYrBHYzQcTyeXUu2/B0JbgXy6vFIGzoRC0FJqKj14iI5WPheJy9tQGnyfAneg1S3tuIGqXck7UPLDEsw0c+3/TM1StbNMTtbR+Z5xz7njGPnN9rsS4p4vMzS6HHOX+y/y+K6rZNDK1mZxQIDAQAB
Validating Signature
result = fail
Details: message has been alteredWhere am I going wrong here? How can I find what is altering the message?
My cf has been generated with INPUT_MAIL_FILTER(`opendkim', `S=inet:8891@127.0.0.1')
I've commented out MASQUERADE_AS, and FEATURE(`genericstable' ...
and added in FEATURE(`nocanonify')
all in accordiance with OpenDKIM's README
Both sendmail.cf and submit.cf have been rebuilt.
Both sendmail and OpenDKIM have been restarted.
I created the key via OpenDKIM directions.
opendkim.conf
Code:LogWhy yes
Syslog yes
SyslogSuccess yes
Canonicalization relaxed/simple
Domain drewhead.org,keep.drewhead.org,vgap.drewhead.org
Selector keep_2019
KeyFile /etc/mail/keep_2019.mail.key.pem
Socket inet:8891@localhost
ReportAddress drewhead@drewhead.org
SendReports yes# dig -t TXT keep_2019._domainkey.keep.drewhead.org
Code:; <<>> DiG 9.11.8 <<>> -t TXT keep_2019._domainkey.keep.drewhead.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42474
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;keep_2019._domainkey.keep.drewhead.org. IN TXT
;; ANSWER SECTION:
keep_2019._domainkey.keep.drewhead.org. 86400 IN TXT "v=DKIM1; g=*; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7B2iTMmou7k3D57tKys38BRqMeWCwJYrBHYzQcTyeXUu2/B0JbgXy6vFIGzoRC0FJqKj14iI5WPheJy9tQGnyfAneg1S3tuIGqXck7UPLDEsw0c+3/TM1StbNMTtbR+Z5xz7njGPnN9rsS4p4vMzS6HHOX+y/y+K6rZNDK1mZxQIDAQAB"
;; AUTHORITY SECTION:
drewhead.org. 86400 IN NS ns4.linode.com.
drewhead.org. 86400 IN NS ns2.linode.com.
drewhead.org. 86400 IN NS ns5.linode.com.
drewhead.org. 86400 IN NS ns3.linode.com.
drewhead.org. 86400 IN NS ns1.linode.com.
;; Query time: 23 msec
;; SERVER: 173.230.129.5#53(173.230.129.5)
;; WHEN: Tue Nov 19 11:29:07 EST 2019
;; MSG SIZE rcvd: 424that certainly looks like the generated key.
But testing against https://dkimvalidator.com is failing.
Original Message:
Code:Received: from keep.drewhead.org (keep.drewhead.org [23.239.18.71])
by relay-3.us-west-2.relay-prod (Postfix) with ESMTPS id A845420EB8
for <52hpO6M7jzoGWp@dkimvalidator.com>; Tue, 19 Nov 2019 16:11:57 +0000 (UTC)
Received: from keep.drewhead.org (IDENT:1000@localhost [127.0.0.1])
by keep.drewhead.org (8.15.2/8.15.2) with ESMTPS id xAJGBuR4020615
(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
for <52hpO6M7jzoGWp@dkimvalidator.com>; Tue, 19 Nov 2019 11:11:56 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=keep.drewhead.org;
s=keep_2019; t=1574179916;
bh=dk2ARZdrQZ8MJ9fDD2hPyZF3ZdWK5d4SN6wIdvNR3KA=;
h=From:Subject:To:Date;
b=BwejKkV+5PVkNrUTp4NI9Pv88+MOSRqclbKuKrnvIijbacaeFy6FcS25GWLcANYnu
ViNkOxzkL2DfbtmgLwadaq3knAVhRsX/tPcxsP6xlKTCz51Uxew6rBONQJl10yTunR
b4UOjuXRErXvAkriHNESQNhiWxErcqEVqUC2GL8o=
Received: (from drewhead@localhost)
by keep.drewhead.org (8.15.2/8.15.2/Submit) id xAJGBu4x020613
for 52hpO6M7jzoGWp@dkimvalidator.com; Tue, 19 Nov 2019 11:11:56 -0500
From: drewhead@drewhead.org
Message-Id: <201911191611.xAJGBu4x020613@keep.drewhead.org>
Subject: test
To: 52hpO6M7jzoGWp@dkimvalidator.com
Date: Tue, 19 Nov 2019 11:11:56 -0500 (EST)
X-Mailer: ELM [version 2.5 PL8]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
--
Drew Dowling | Drewhead | http://www.drewhead.org
Concord, North Carolina |drewhead@drewhead.org| CLEMSON Tigers!
VGAP4 Hosting at http://vgap.drewhead.orgDKIM Information:
Code:DKIM Signature
Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=keep.drewhead.org;
s=keep_2019; t=1574179916;
bh=dk2ARZdrQZ8MJ9fDD2hPyZF3ZdWK5d4SN6wIdvNR3KA=;
h=From:Subject:To:Date;
b=BwejKkV+5PVkNrUTp4NI9Pv88+MOSRqclbKuKrnvIijbacaeFy6FcS25GWLcANYnu
ViNkOxzkL2DfbtmgLwadaq3knAVhRsX/tPcxsP6xlKTCz51Uxew6rBONQJl10yTunR
b4UOjuXRErXvAkriHNESQNhiWxErcqEVqUC2GL8o=
Signature Information:
v= Version: 1
a= Algorithm: rsa-sha256
c= Method: relaxed/simple
d= Domain: keep.drewhead.org
s= Selector: keep_2019
q= Protocol:
bh= dk2ARZdrQZ8MJ9fDD2hPyZF3ZdWK5d4SN6wIdvNR3KA=
h= Signed Headers: From:Subject:To:Date
b= Data: BwejKkV+5PVkNrUTp4NI9Pv88+MOSRqclbKuKrnvIijbacaeFy6FcS25GWLcANYnu
ViNkOxzkL2DfbtmgLwadaq3knAVhRsX/tPcxsP6xlKTCz51Uxew6rBONQJl10yTunR
b4UOjuXRErXvAkriHNESQNhiWxErcqEVqUC2GL8o=
Public Key DNS Lookup
Building DNS Query for keep_2019._domainkey.keep.drewhead.org
Retrieved this publickey from DNS: v=DKIM1; g=*; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7B2iTMmou7k3D57tKys38BRqMeWCwJYrBHYzQcTyeXUu2/B0JbgXy6vFIGzoRC0FJqKj14iI5WPheJy9tQGnyfAneg1S3tuIGqXck7UPLDEsw0c+3/TM1StbNMTtbR+Z5xz7njGPnN9rsS4p4vMzS6HHOX+y/y+K6rZNDK1mZxQIDAQAB
Validating Signature
result = fail
Details: message has been alteredWhere am I going wrong here? How can I find what is altering the message?