Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 3rd May 2009, 13:23
minimumnz minimumnz is offline
Junior Member
 
Join Date: May 2009
Posts: 2
Thanks: 1
Thanked 0 Times in 0 Posts
Default dkim with postfix for CentOS 5.2 - sometimes works, sometimes hardfail

I have setup dkim with postfix using this tutorial http://www.howtoforge.com/set-up-dki...ter-centos-5.2 and it seems to be signing emails successfully.

The problem is that in *some* situations the dkim=hardfail at gmail for example.

If I simply do:

# echo hi | mail some@example.com

I get dkim=pass

Here is the header:

Quote:
Received-SPF: pass (google.com: domain of root@sl5.example.com designates 208.43.xxx.xxx as permitted sender) client-ip=208.43.xxx.xxx;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of root@sl5.example.com designates 208.43.xxx.xxx as permitted sender) smtp.mail=root@sl5.example.com; dkim=pass header.i=@sl5.example.com
Received: by sl5.example.com (Postfix, from userid 0)
id 797221A2023B; Sun, 3 May 2009 05:46:34 -0500 (CDT)
X-DKIM: Sendmail DKIM Filter v2.8.2 sl5.example.com 797221A2023B
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=sl5.example.com;
s=default; t=1241347594; bh=u0cQJoM+IKvBViJ+kdF/0Kkf+vQ=;
h=To:Subject:Message-Id: Date:From;
b=B2giQk4tB1jL5vY/I12xZIgkIUy0hA1G18fTNyIMDiJpMooHZhpLMtT67sB2m8zkK
H98axLzikMNQkQ+GBYHlRWnZ2nOrsdkr2sEK9ir9PlZAfdwTd1 Vw5wiA9guy4SXbHE
cg558QYx5nNbPsFUGhPUStySsk4SrdsIihPf1MG0=


However if I send the same email from apache via php for example I get dkim=hardfail.

Quote:
Received-SPF: pass (google.com: domain of apache@sl5.example.com designates 208.43.xxx.xxx as permitted sender) client-ip=208.43.xxx.xxx;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of apache@sl5.example.com designates 208.43.xxx.xxx as permitted sender) smtp.mail=apache@sl5.example.com; dkim=hardfail header.i=@sl5.example.com
Received: by sl5.example.com (Postfix, from userid 48)
id 169981A2023D; Sun, 3 May 2009 05:56:57 -0500 (CDT)
X-DKIM: Sendmail DKIM Filter v2.8.2 sl5.example.com 169981A2023D
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=sl5.example.com;
s=default; t=1241348217; bh=Rv3vD0x4MFbfSvwJVTN3GNvbeyw=;
h=To:Subject:From:Message-Id: Date;
b=IhTU8JOFl0lCgw7mNvCdh+Ppf0gQT/XkeNbaxUuubNMK/FHEewKxmXF7pmGcY0CRJ
jbWg5hChzYo2VYXX+QyYurITTVCKla4+p2PCkeMiZADO8bYpQo Wu7TvBXlZMIdYE6A
5USJEDdjXqyJnjrlFr0Yu9Lc1tbqLqKB3SoyLUb0=
The headers seem almost exactly the same, the email is still getting signed, but it's just failing. I think it must be signing it incorrectly, but I don't know it figures out what to sign it.


Any clues would be much appreciated.
Reply With Quote
Sponsored Links
  #2  
Old 3rd May 2009, 15:02
minimumnz minimumnz is offline
Junior Member
 
Join Date: May 2009
Posts: 2
Thanks: 1
Thanked 0 Times in 0 Posts
Default

I modified /etc/sysconfig/dkim-milt changed CANON=simple to CANON=relaxed/relaxed and this seem to do the trick.

Problem solved!
Reply With Quote
  #3  
Old 3rd May 2009, 17:40
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
 
Default

That indicates that something is modifying the email after signing has already taken place. If you sign mails with simple canonizations any modifications lead to failure in verification relaxed canonizations are more tolerant to modifications after signing.

If you got the time take a look at the DKIM RFC available at http://www.ietf.org/rfc/rfc4871.txt
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
The Following User Says Thank You to topdog For This Useful Post:
minimumnz (3rd May 2009)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix not responding to telnet CarbonCopy Server Operation 6 8th May 2009 05:39
Undelivered Mail Returned to Sender Error202 General 5 7th May 2009 11:14
localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 17:39
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47
Verify email setup meekish Installation/Configuration 28 27th October 2006 15:36


All times are GMT +2. The time now is 14:29.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.