DKIM is driving me nuts
wfdudley at gmail.com
Tue Sep 4 15:32:12 UTC 2018
Zoneminder only lets me create a TXT record for machine names of
the form "something.casano.com". Their "default" SPF record is attached
to "*.casano.com". I created additional TXT SPF records for "
and "mail.casano.com", but that made no difference in the DKIM performance.
dig -t txt '*.casano.com'
; <<>> DiG 9.10.3-P4-Ubuntu <<>> -t txt *.casano.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22642
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;*.casano.com. IN TXT
;; ANSWER SECTION:
*.casano.com. 21599 IN TXT "v=spf1 a mx -all"
;; Query time: 88 msec
;; SERVER: 220.127.116.11#53(18.104.22.168)
;; WHEN: Tue Sep 04 11:21:40 EDT 2018
;; MSG SIZE rcvd: 70
Google is happy with my SPF records, all my emails to gmail pass SPF checks.
Somehow, they know to lookup *.casano.com.
The problem I'm having is that SOME of my DKIM mail passes the check,
and some doesn't. The difference appears to be based on what MUA/client
I use to send the email.
Email sent using Thunderbird on another machine on my LAN passes DKIM
Emails sent using "mailx" or my mailman list server fail DKIM checks.
For both the Thunderbird case and the mailx case, the "From:" field is "
dud at casano.com",
and yet in one case, DKIM passes, and in the other, it doesn't.
Chris' assertion that the DKIM key is chosen based on the From: field is
backed up by the man page for opendkim.conf(5), but there's a lot in the
paragraphs on SigningTable and I'll be staring at that until little drops
appear on my forehead.
This email is free of malware because I run Linux.
On Tue, Sep 4, 2018 at 10:41 AM, James B. Byrne <byrnejb at harte-lyne.ca>
> On Tue, September 4, 2018 10:28, William Dudley wrote:
> > my domain is not "casaMo.com", so all of your research is irrelevant.
> drill casano.com txt
> ;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 39400
> ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;; casano.com. IN TXT
> ;; ANSWER SECTION:
> ;; AUTHORITY SECTION:
> ;; ADDITIONAL SECTION:
> ;; Query time: 2 msec
> ;; SERVER: 22.214.171.124
> ;; WHEN: Tue Sep 4 10:30:40 2018
> ;; MSG SIZE rcvd: 28
> If your senders have from addresses like username at casano.com then I
> believe that this is still a problem, if not the only one.
> *** e-Mail is NOT a SECURE channel ***
> Do NOT transmit sensitive data via e-Mail
> Do NOT open attachments nor follow links sent by e-Mail
> James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
> Harte & Lyne Limited http://www.harte-lyne.ca
> 9 Brockley Drive vox: +1 905 561 1241
> Hamilton, Ontario fax: +1 905 561 0757
> Canada L8E 3C3
More information about the freebsd-questions