info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
DKIM showing bad format
5,302 views
Skip to first unread message
Naval saini
Jul 16, 2012, 8:06:53 AM7/16/12
to
Setting up DKIM on my Postfix/CentOS 5.6 server.
It sends and signs the emails, but Google still showing it neutral. The
errors I'm getting are:
dkim=neutral (bad format) header.i=@r02.lbsmtp.org
from googles "show original" interface.
This is what my DKIM-signature header look like:
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=r02.lbsmtp.org;
s=lbsmtp.org; t=1342436478; bh=KpPvOZhGUmgR1WIhVC9UH5OXzTnwtnGMf7tEwI0nNfw=;
h=To:Subject:Message-Id:Date:From;
b=lWWQQZjSEWwSjanB0btmP0Xg0izkyqDwKsxzlUqsL/tA9JAQau6dNCYdJx7OWuNiv
M3vXqrBe3uzFnvGIrQ2xbZy9DMMPmjiqUKn+KKsvmr873eYq5iG9bw6b53SkSJ6uV5
et0iLL6i3XNt/VDBQKuY1ILs+qRI60Eek/nGaXos=
please suggest me how can i solve this problem.?
--
View this message in context: http://old.nabble.com/DKIM-showing-bad-format-tp34167419p34167419.html
Sent from the Postfix mailing list archive at Nabble.com.
Robert Schetterer
Jul 16, 2012, 8:53:27 AM7/16/12
to
Am 16.07.2012 14:06, schrieb Naval saini:
>
> Setting up DKIM on my Postfix/CentOS 5.6 server.
>
> It sends and signs the emails, but Google still showing it neutral. The
> errors I'm getting are:
>
> dkim=neutral (bad format) header.i=@r02.lbsmtp.org
>
> from googles "show original" interface.
>
> This is what my DKIM-signature header look like:
>
> DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=r02.lbsmtp.org;
> s=lbsmtp.org; t=1342436478; bh=KpPvOZhGUmgR1WIhVC9UH5OXzTnwtnGMf7tEwI0nNfw=;
> h=To:Subject:Message-Id:Date:From;
> b=lWWQQZjSEWwSjanB0btmP0Xg0izkyqDwKsxzlUqsL/tA9JAQau6dNCYdJx7OWuNiv
> M3vXqrBe3uzFnvGIrQ2xbZy9DMMPmjiqUKn+KKsvmr873eYq5iG9bw6b53SkSJ6uV5
> et0iLL6i3XNt/VDBQKuY1ILs+qRI60Eek/nGaXos=
>
> please suggest me how can i solve this problem.?
>
you may run in dns caching time problems by changing dkim
>
> Setting up DKIM on my Postfix/CentOS 5.6 server.
>
> It sends and signs the emails, but Google still showing it neutral. The
> errors I'm getting are:
>
> dkim=neutral (bad format) header.i=@r02.lbsmtp.org
>
> from googles "show original" interface.
>
> This is what my DKIM-signature header look like:
>
> DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=r02.lbsmtp.org;
> s=lbsmtp.org; t=1342436478; bh=KpPvOZhGUmgR1WIhVC9UH5OXzTnwtnGMf7tEwI0nNfw=;
> h=To:Subject:Message-Id:Date:From;
> b=lWWQQZjSEWwSjanB0btmP0Xg0izkyqDwKsxzlUqsL/tA9JAQau6dNCYdJx7OWuNiv
> M3vXqrBe3uzFnvGIrQ2xbZy9DMMPmjiqUKn+KKsvmr873eYq5iG9bw6b53SkSJ6uV5
> et0iLL6i3XNt/VDBQKuY1ILs+qRI60Eek/nGaXos=
>
> please suggest me how can i solve this problem.?
>
send mail to reflectors
to test
i.e
check...@auth.returnpath.net
there are more reflector services outside
search for it i.e on dkim info pages
--
Best Regards
MfG Robert Schetterer
Viktor Dukhovni
Jul 16, 2012, 11:12:33 AM7/16/12
to
On Mon, Jul 16, 2012 at 05:06:53AM -0700, Naval saini wrote:
> DKIM-Signature: v=1; a=rsa-sha256;
> c=simple/simple;
> d=r02.lbsmtp.org;
> s=lbsmtp.org;
>
> DKIM-Signature: v=1; a=rsa-sha256;
> c=simple/simple;
> d=r02.lbsmtp.org;
> s=lbsmtp.org;
>
> please suggest me how can i solve this problem.?
You may get better results with c=relaxed/relaxed.
I see no DNS records for the selector/domain pair you're signing with:
$ dig -t txt lbsmtp.org._domainkey.r02.lbsmtp.org
...
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47502
...
lbsmtp.org. 7200 IN SOA enow.mercury.orderbox-dns.com. ...
This is a serious problem, since the public key needed to verify
the message is not published in your DNS.
--
Viktor.
Naval saini
Jul 17, 2012, 4:51:50 AM7/17/12
to
so viktor How can i publish keys in my DNS.. ?
This is my DNS ZONE file entry:
_domainkey.r02.lbsmtp.org. IN TXT "t=y; o=-;"
lbsmtp.org._domainkey.r02.lbsmtp.org. IN TXT "k=rsa; t=y;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+Nk+qAXShe92GLTe8sXXHFeH+lqZpxWMqCPqRdowGTx3Scrq7mgqEPnc49Po5cS0NjZI/eWF/rzD7/qpbpKLR2eZx3/8JEn67EtjKmuVc/uyejL5WSxkHsj4rhHFnX96yqV0iS+odGqy4c/QWvbbF+LB/rcOXDkvOR544O4LGgwIDAQAB"
This is my DNS ZONE file entry:
_domainkey.r02.lbsmtp.org. IN TXT "t=y; o=-;"
lbsmtp.org._domainkey.r02.lbsmtp.org. IN TXT "k=rsa; t=y;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+Nk+qAXShe92GLTe8sXXHFeH+lqZpxWMqCPqRdowGTx3Scrq7mgqEPnc49Po5cS0NjZI/eWF/rzD7/qpbpKLR2eZx3/8JEn67EtjKmuVc/uyejL5WSxkHsj4rhHFnX96yqV0iS+odGqy4c/QWvbbF+LB/rcOXDkvOR544O4LGgwIDAQAB"
Viktor Dukhovni
Jul 17, 2012, 10:51:19 AM7/17/12
to
On Tue, Jul 17, 2012 at 02:21:50PM +0530, Naval saini wrote:
> This is my DNS ZONE file entry:
>
> _domainkey.r02.lbsmtp.org. IN TXT "t=y; o=-;"
The above resource record (RR) has no selector, it has no meaning in DKIM.
> This is my DNS ZONE file entry:
>
> _domainkey.r02.lbsmtp.org. IN TXT "t=y; o=-;"
> lbsmtp.org._domainkey.r02.lbsmtp.org. IN TXT
> "k=rsa; t=y;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+Nk+qAXShe92GLTe8sXXHFeH+
> lqZpxWMqCPqRdowGTx3Scrq7mgqEPnc49Po5cS0NjZI/eWF/rzD7/qpbpKLR2eZx
> 3/8JEn67EtjKmuVc/uyejL5WSxkHsj4rhHFnX96yqV0iS+odGqy4c/QWvbbF+LB/
> rcOXDkvOR544O4LGgwIDAQAB"
foolishly created 512-bit RSA keys, which are too easily factored). That
said, your DNS does not in fact publish this RR to the world at large:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18036
So your DKIM public key is not available for verification. Over
and out.
--
Viktor.
Naval saini
Jul 17, 2012, 12:15:10 PM7/17/12
to
Actually my Domain name is lbsmtp.org and i relay mails from my domain as relayhost through MX record in my dns zone file now i want to sign outbound mails Since i am new postfix user so please can explain me how can i get DKIM signing mails .
Please explain me about which and what kind of entries required in dns. If any tutorial please send me the link...
Wietse Venema
Jul 17, 2012, 12:58:38 PM7/17/12
to
Naval saini:
at the examples in the appendices, and come back if you have any
questions.
Wietse
> Actually my Domain name is lbsmtp.org and i relay mails from my domain as
> relayhost through MX record in my dns zone file now i want to sign outbound
> mails Since i am new postfix user so please can explain me how can i get
> DKIM signing mails .
> Please explain me about which and what kind of entries required in dns. If
> any tutorial please send me the link...
I suggest that you read http://tools.ietf.org/html/rfc6376, look
> relayhost through MX record in my dns zone file now i want to sign outbound
> mails Since i am new postfix user so please can explain me how can i get
> DKIM signing mails .
> Please explain me about which and what kind of entries required in dns. If
> any tutorial please send me the link...
at the examples in the appendices, and come back if you have any
questions.
Wietse
Robert Schetterer
Jul 17, 2012, 1:03:15 PM7/17/12
to
Am 17.07.2012 18:15, schrieb Naval saini:
> Actually my Domain name is lbsmtp.org <http://lbsmtp.org> and i relay
you need to publish your dkim key in the your dns zone file
looks like
nameservers for lbsmtp.org
are
Name Server:ENOW.MARS.ORDERBOX-DNS.COM
Name Server:ENOW.EARTH.ORDERBOX-DNS.COM
Name Server:ENOW.VENUS.ORDERBOX-DNS.COM
Name Server:ENOW.MERCURY.ORDERBOX-DNS.COM
so there should be some interface for publish your dkim key and/or some
admin which will do it for you , then
sign your mail with i.e dkim milter service
perhaps this will help
https://help.ubuntu.com/community/Postfix/DKIM
>
> On Tue, Jul 17, 2012 at 8:21 PM, Viktor Dukhovni
> <postfi...@dukhovni.org <mailto:postfi...@dukhovni.org>> wrote:
>
> On Tue, Jul 17, 2012 at 02:21:50PM +0530, Naval saini wrote:
>
> > This is my DNS ZONE file entry:
> >
> > _domainkey.r02.lbsmtp.org <http://domainkey.r02.lbsmtp.org>.
> enow.mercury.orderbox-dns.com
> <http://enow.mercury.orderbox-dns.com>. ...
> Actually my Domain name is lbsmtp.org <http://lbsmtp.org> and i relay
> mails from my domain as relayhost through MX record in my dns zone file
> now i want to sign outbound mails Since i am new postfix user so please
> can explain me how can i get DKIM signing mails .
> Please explain me about which and what kind of entries required in dns.
> If any tutorial please send me the link...
Viktor has allready answered
> now i want to sign outbound mails Since i am new postfix user so please
> can explain me how can i get DKIM signing mails .
> Please explain me about which and what kind of entries required in dns.
> If any tutorial please send me the link...
you need to publish your dkim key in the your dns zone file
looks like
nameservers for lbsmtp.org
are
Name Server:ENOW.MARS.ORDERBOX-DNS.COM
Name Server:ENOW.EARTH.ORDERBOX-DNS.COM
Name Server:ENOW.VENUS.ORDERBOX-DNS.COM
Name Server:ENOW.MERCURY.ORDERBOX-DNS.COM
so there should be some interface for publish your dkim key and/or some
admin which will do it for you , then
sign your mail with i.e dkim milter service
perhaps this will help
https://help.ubuntu.com/community/Postfix/DKIM
>
> On Tue, Jul 17, 2012 at 8:21 PM, Viktor Dukhovni
> <postfi...@dukhovni.org <mailto:postfi...@dukhovni.org>> wrote:
>
> On Tue, Jul 17, 2012 at 02:21:50PM +0530, Naval saini wrote:
>
> > This is my DNS ZONE file entry:
> >
> IN TXT "t=y; o=-;"
>
> The above resource record (RR) has no selector, it has no meaning in
> DKIM.
>
> > lbsmtp.org._domainkey.r02.lbsmtp.org
> <http://domainkey.r02.lbsmtp.org>. IN TXT
>
> The above resource record (RR) has no selector, it has no meaning in
> DKIM.
>
> > lbsmtp.org._domainkey.r02.lbsmtp.org
> > "k=rsa; t=y;
> >
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+Nk+qAXShe92GLTe8sXXHFeH+
> >
> lqZpxWMqCPqRdowGTx3Scrq7mgqEPnc49Po5cS0NjZI/eWF/rzD7/qpbpKLR2eZx
> >
> 3/8JEn67EtjKmuVc/uyejL5WSxkHsj4rhHFnX96yqV0iS+odGqy4c/QWvbbF+LB/
> > rcOXDkvOR544O4LGgwIDAQAB"
>
> Congratulations, you're configured a 1024-bit RSA key (many sites have
> foolishly created 512-bit RSA keys, which are too easily factored). That
> said, your DNS does not in fact publish this RR to the world at large:
>
> $ dig -t txt lbsmtp.org._domainkey.r02.lbsmtp.org
> <http://domainkey.r02.lbsmtp.org>
> >
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+Nk+qAXShe92GLTe8sXXHFeH+
> >
> lqZpxWMqCPqRdowGTx3Scrq7mgqEPnc49Po5cS0NjZI/eWF/rzD7/qpbpKLR2eZx
> >
> 3/8JEn67EtjKmuVc/uyejL5WSxkHsj4rhHFnX96yqV0iS+odGqy4c/QWvbbF+LB/
> > rcOXDkvOR544O4LGgwIDAQAB"
>
> Congratulations, you're configured a 1024-bit RSA key (many sites have
> foolishly created 512-bit RSA keys, which are too easily factored). That
> said, your DNS does not in fact publish this RR to the world at large:
>
> $ dig -t txt lbsmtp.org._domainkey.r02.lbsmtp.org
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18036
> lbsmtp.org <http://lbsmtp.org>. 7200 IN SOA
> enow.mercury.orderbox-dns.com
> <http://enow.mercury.orderbox-dns.com>. ...
>
> So your DKIM public key is not available for verification. Over
> and out.
>
> --
> Viktor.
>
>
> So your DKIM public key is not available for verification. Over
> and out.
>
> --
> Viktor.
>
>
Viktor Dukhovni
Jul 17, 2012, 6:39:01 PM7/17/12
to
On Tue, Jul 17, 2012 at 09:45:10PM +0530, Naval saini wrote:
> Actually my Domain name is lbsmtp.org and i relay mails from my domain as
of the form "please explain everything to me with step-by-step
instructions" are too much to ask of a community of volunteers.
You can search for a step-by-step guide via your favourite search
engine.
> Please explain me about which and what kind of entries required in dns. If
> any tutorial please send me the link...
This is the Postfix users list. Perhaps you can find a DKIM forum
that will help you with the specifics of DKIM. You're already
signing your messages with DKIM, so the Postfix part is done.
The remaining issues are not Postfix related.
Your domain was created on Jul 06 2012 via privacyprotect.org. This
makes it look a bit suspect...
--
Viktor.
> Actually my Domain name is lbsmtp.org and i relay mails from my domain as
> relayhost through MX record in my dns zone file now i want to sign outbound
> mails Since i am new postfix user so please can explain me how can i get
> DKIM signing mails.
The best way to get help is to ask specific questions. Questions
> mails Since i am new postfix user so please can explain me how can i get
> DKIM signing mails.
of the form "please explain everything to me with step-by-step
instructions" are too much to ask of a community of volunteers.
You can search for a step-by-step guide via your favourite search
engine.
> Please explain me about which and what kind of entries required in dns. If
> any tutorial please send me the link...
that will help you with the specifics of DKIM. You're already
signing your messages with DKIM, so the Postfix part is done.
The remaining issues are not Postfix related.
Your domain was created on Jul 06 2012 via privacyprotect.org. This
makes it look a bit suspect...
--
Viktor.
Naval saini
Jul 18, 2012, 12:58:55 AM7/18/12
to
Thank u all i'll try to resolve my problem ...if i'll have any query then i'll come here again...
romur...@gmail.com
Nov 13, 2016, 9:54:43 PM11/13/16
to
testmili...@gmail.com
Aug 21, 2019, 2:35:45 PM8/21/19
to
0 new messages