DKIM is driving me nuts

Tue Sep 4 15:32:12 UTC 2018

Zoneminder only lets me create a TXT record for machine names of
the form "something.casano.com".  Their "default" SPF record is attached
to "*.casano.com".  I created additional TXT SPF records for "
dudley.casano.com"
and "mail.casano.com", but that made no difference in the DKIM performance.

dig -t txt '*.casano.com'

; <<>> DiG 9.10.3-P4-Ubuntu <<>> -t txt *.casano.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22642
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;*.casano.com.                  IN      TXT

;; ANSWER SECTION:
*.casano.com.           21599   IN      TXT     "v=spf1 a mx -all"

;; Query time: 88 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Sep 04 11:21:40 EDT 2018
;; MSG SIZE  rcvd: 70

Google is happy with my SPF records, all my emails to gmail pass SPF checks.
Somehow, they know to lookup *.casano.com.

The problem I'm having is that SOME of my DKIM mail passes the check,
and some doesn't.  The difference appears to be based on what MUA/client
I use to send the email.

Email sent using Thunderbird on another machine on my LAN passes DKIM
checks.
Emails sent using "mailx" or my mailman list server fail DKIM checks.

For both the Thunderbird case and the mailx case, the "From:" field is "
dud at casano.com",
and yet in one case, DKIM passes, and in the other, it doesn't.

Chris' assertion that the DKIM key is chosen based on the From: field is
backed up by the man page for opendkim.conf(5), but there's a lot in the
paragraphs on SigningTable and I'll be staring at that until little drops
of blood
appear on my forehead.

Thanks,
Bill Dudley

This email is free of malware because I run Linux.

On Tue, Sep 4, 2018 at 10:41 AM, James B. Byrne <byrnejb at harte-lyne.ca>
wrote:

>
> On Tue, September 4, 2018 10:28, William Dudley wrote:
> > my domain is not "casaMo.com", so all of your research is irrelevant.
> >
> drill casano.com txt
> ;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 39400
> ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;; casano.com.  IN      TXT
>
> ;; ANSWER SECTION:
>
> ;; AUTHORITY SECTION:
>
> ;; ADDITIONAL SECTION:
>
> ;; Query time: 2 msec
> ;; SERVER: 216.185.71.33
> ;; WHEN: Tue Sep  4 10:30:40 2018
> ;; MSG SIZE  rcvd: 28
>
> If your senders have from addresses like username at casano.com then I
> believe that this is still a problem, if not the only one.
>
> --
> ***          e-Mail is NOT a SECURE channel          ***
>         Do NOT transmit sensitive data via e-Mail
>  Do NOT open attachments nor follow links sent by e-Mail
>
> James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
> Harte & Lyne Limited          http://www.harte-lyne.ca
> 9 Brockley Drive              vox: +1 905 561 1241
> Hamilton, Ontario             fax: +1 905 561 0757
> Canada  L8E 3C3
>
>