View Single Post
  #1  
Old 3rd May 2009, 14:23
minimumnz minimumnz is offline
Junior Member
 
Join Date: May 2009
Posts: 2
Thanks: 1
Thanked 0 Times in 0 Posts
Default dkim with postfix for CentOS 5.2 - sometimes works, sometimes hardfail

I have setup dkim with postfix using this tutorial http://www.howtoforge.com/set-up-dki...ter-centos-5.2 and it seems to be signing emails successfully.

The problem is that in *some* situations the dkim=hardfail at gmail for example.

If I simply do:

# echo hi | mail some@example.com

I get dkim=pass

Here is the header:

Quote:
Received-SPF: pass (google.com: domain of root@sl5.example.com designates 208.43.xxx.xxx as permitted sender) client-ip=208.43.xxx.xxx;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of root@sl5.example.com designates 208.43.xxx.xxx as permitted sender) smtp.mail=root@sl5.example.com; dkim=pass header.i=@sl5.example.com
Received: by sl5.example.com (Postfix, from userid 0)
id 797221A2023B; Sun, 3 May 2009 05:46:34 -0500 (CDT)
X-DKIM: Sendmail DKIM Filter v2.8.2 sl5.example.com 797221A2023B
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=sl5.example.com;
s=default; t=1241347594; bh=u0cQJoM+IKvBViJ+kdF/0Kkf+vQ=;
h=To:Subject:Message-Id: Date:From;
b=B2giQk4tB1jL5vY/I12xZIgkIUy0hA1G18fTNyIMDiJpMooHZhpLMtT67sB2m8zkK
H98axLzikMNQkQ+GBYHlRWnZ2nOrsdkr2sEK9ir9PlZAfdwTd1 Vw5wiA9guy4SXbHE
cg558QYx5nNbPsFUGhPUStySsk4SrdsIihPf1MG0=


However if I send the same email from apache via php for example I get dkim=hardfail.

Quote:
Received-SPF: pass (google.com: domain of apache@sl5.example.com designates 208.43.xxx.xxx as permitted sender) client-ip=208.43.xxx.xxx;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of apache@sl5.example.com designates 208.43.xxx.xxx as permitted sender) smtp.mail=apache@sl5.example.com; dkim=hardfail header.i=@sl5.example.com
Received: by sl5.example.com (Postfix, from userid 48)
id 169981A2023D; Sun, 3 May 2009 05:56:57 -0500 (CDT)
X-DKIM: Sendmail DKIM Filter v2.8.2 sl5.example.com 169981A2023D
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=sl5.example.com;
s=default; t=1241348217; bh=Rv3vD0x4MFbfSvwJVTN3GNvbeyw=;
h=To:Subject:From:Message-Id: Date;
b=IhTU8JOFl0lCgw7mNvCdh+Ppf0gQT/XkeNbaxUuubNMK/FHEewKxmXF7pmGcY0CRJ
jbWg5hChzYo2VYXX+QyYurITTVCKla4+p2PCkeMiZADO8bYpQo Wu7TvBXlZMIdYE6A
5USJEDdjXqyJnjrlFr0Yu9Lc1tbqLqKB3SoyLUb0=
The headers seem almost exactly the same, the email is still getting signed, but it's just failing. I think it must be signing it incorrectly, but I don't know it figures out what to sign it.


Any clues would be much appreciated.
Reply With Quote
Sponsored Links