OpenSSL error: data too large for key size

Ralf Hildebrandt

unread,

Sep 30, 2011, 8:09:33 AM9/30/11

to

In my log I'm getting:

Sep 30 13:43:18 mail amavis[11001]: (11001-11) dkim: FAILED Author+Sender+MailFrom signature by d=galahotels.com, From:
<promo...@galahotels.com>, a=rsa-sha1, c=simple, s=mail, i=promo...@galahotels.com,
m.list(ml:http://www.helenemail.com/Unsubscribe.aspx?Email=torsten....@charite.de&id=5066>,<mailto:unsub...@helenemail.com?subject=5066_1),
fail (OpenSSL error: data too large for key size)

and

Sep 30 14:02:00 mail amavis[17575]: (17575-10) dkim: FAILED Author+Sender+MailFrom signature by d=jobmensa.de, From:
<Jobvor...@jobmensa.de>, a=rsa-sha256, c=relaxed/relaxed, s=mail, i=@jobmensa.de, invalid (public key: OpenSSL error: too long)

What are those errors?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hil...@charite.de | http://www.charite.de

Michael Scheidell

unread,

Sep 30, 2011, 8:52:00 AM9/30/11

to

On 9/30/11 8:09 AM, Ralf Hildebrandt wrote:

In my log I'm getting:

Sep 30 13:43:18 mail amavis[11001]: (11001-11) dkim: FAILED Author+Sender+MailFrom signature by d=galahotels.com, From:
<promo...@galahotels.com>, a=rsa-sha1, c=simple, s=mail, i=promo...@galahotels.com,
m.list(ml:http://www.helenemail.com/Unsubscribe.aspx?Email=torsten....@charite.de&id=5066>,<mailto:unsub...@helenemail.com?subject=5066_1),
fail (OpenSSL error: data too large for key size)

and

Sep 30 14:02:00 mail amavis[17575]: (17575-10) dkim: FAILED Author+Sender+MailFrom signature by d=jobmensa.de, From:
<Jobvor...@jobmensa.de>, a=rsa-sha256, c=relaxed/relaxed, s=mail, i=@jobmensa.de, invalid (public key: OpenSSL error: too long)

What are those errors?

They are DKIM related.

s-, d=:

host -t txt mail._domainkey.jobmensa.de

compare with mine:
looks like maybe their dkim txt record is wrong, formatted incorrectly (or mine is)

dkim._domainkey.secnap.com descriptive text "v=DKIM1\; p=" "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2r6Czgs9w0Ita+6OvGukuzoEF" "cqHsA7DPfM8K8oteWZmdjOql9qC0IN5eTvzM/QSjgXvnOyVzvlisqYNeQmDSldaj" "ikT/Phxm+RANLu4YVeN2QDQ2yPTTXYlxT7AHutkFJeeU4ewn0cVt3Nby2uSQzzjq" "B08snGVF5sKC88WtbwIDAQAB"

mail._domainkey.jobmensa.de descriptive text "v=DKIM1\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsP32lhEtiWosEm7hbI1yk0GX/XLXki4vs5r84+MSILzGwINEOWNXQBVG9X8KiQ17vM7JvhKCaQFDJ16iZ+Aj8C/lO0jePNo3ch0/rij2FuQxZSKx+TOka3gOAeY4hgzt4RPIxE4d0Qfw5i/3h63/wRal6XoJq5OqE+QIO0LxwGXRpMa5fiiEVwWeqmR70FmFUwTFK4NN"

--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
> | SECNAP Network Security Corporation

Best Mobile Solutions Product of 2011
Best Intrusion Prevention Product
Hot Company Finalist 2011
Best Email Security Product
Certified SNORT Integrator

This email has been scanned and certified safe by SpammerTrap®.

For Information please see http://www.spammertrap.com/

Michael Scheidell

unread,

Sep 30, 2011, 9:01:58 AM9/30/11

to

On 9/30/11 8:09 AM, Ralf Hildebrandt wrote:

In my log I'm getting:

Sep 30 13:43:18 mail amavis[11001]: (11001-11) dkim: FAILED Author+Sender+MailFrom signature by d=galahotels.com, From:
<promo...@galahotels.com>, a=rsa-sha1, c=simple, s=mail, i=promo...@galahotels.com,
m.list(ml:http://www.helenemail.com/Unsubscribe.aspx?Email=torsten....@charite.de&id=5066>,<mailto:unsub...@helenemail.com?subject=5066_1),
fail (OpenSSL error: data too large for key size)

and

Sep 30 14:02:00 mail amavis[17575]: (17575-10) dkim: FAILED Author+Sender+MailFrom signature by d=jobmensa.de, From:
<Jobvor...@jobmensa.de>, a=rsa-sha256, c=relaxed/relaxed, s=mail, i=@jobmensa.de, invalid (public key: OpenSSL error: too long)

What are those errors?

sender has a borked dkim public key.

<http://dkimcore.org/c/keycheck>

put in 'mail' for selector
put in jobmensa.de for domain.