我在 Linode 上运行 Ubuntu 12.04,带有 Postfix 和 opendkim。
当我在以下位置测试时,我的 DKIM 签名正在验证/通过http://www.brandonchecketts.com/emailtest.php但当我测试时失败了[电子邮件保护]。
该问题与正确查找 DNS 记录有关。elandsys 测试正在查找 DNS 记录错误地。我认为这是我的配置,我想知道如何修复它。
brandonchecketts.com 上的测试查找 DNS 记录正确地使用:
为 list._domainkey.my_example.common 构建 DNS 查询
elandsys 上的测试查找记录错误地使用:
_domainkey.list.my_example.com 没有 DNS 记录
我的 opendkim SigningTable 包含以下条目:
*@list.my_example.com list._domainkey.my_example.common
我的 opendkim KeyTable 包含以下条目:
list._domainkey.my_example.com list.my_example.com:list:/etc/opendkim/list.private
我将在下面详细发布这两项测试。第一个测试显示 DKIM 验证正确。第二个测试显示 elandsys 报告的问题。
brandonchecketts.com DKIM 签名 - PASS
Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=my_example.com;
s=list; t=1336xx239;
bh=cS8QYxxxsPwl7ZB=;
h=Subject:From:To:Date:List-Id;
b=VYpXM...rBHWA+
Signature Information:
v= Version: 1
a= Algorithm: rsa-sha256
c= Method: relaxed/simple
d= Domain: my_example.com
s= Selector: list
q= Protocol:
bh= aS8QYiOQ..sPwl8ZE+
h= Signed Headers: Subject:From:To:Date:List-Id
b= Data: VYpXM...rBHWA+
Public Key DNS Lookup
Building DNS Query for list._domainkey.my_example.com
Retrieved this publickey from DNS: v=DKIM1;k=rsa; t=y; p=TIGfMA..AQAC
Validating Signature
result = pass
elandsys DKIM 签名 - 失败
Date: Sat, 11 May 2012 11:45:05 -0700 (PDT)
Message-Id: <[email protected]>
From: [email protected]
To: [email protected]_example.com
Subject: Auto-response from dk.elandsys.com
Sender: [email protected]
Auto-Submitted: auto-replied
This is an automatic response. Replies to this message will not generate
an automatic response.
Do not reply to this message except for reporting a problem.
The results are as follows:
DKIM Signature validation: DKIM-Signature could not be verified
DomainKeys Signature validation: not available
DomainKeys Policy: no DNS record for _domainkey.list.my_example.com
DKIM Author Domain Signing Practices: no DNS record for _adsp._domainkey.list.my_example.com
ADSP is not required for DKIM signature validation.
Note: The authentication results are not available as there was no signature header or the signature could not be verified
以下是一些版本信息:
opendkim -V
opendkim: OpenDKIM Filter v2.5.2
Compiled with OpenSSL 1.0.1 14 Mar 2012
SMFI_VERSION 0x1000001
libmilter version 1.0.1
Supported signing algorithms:
rsa-sha1
rsa-sha256
Supported canonicalization algorithms:
relaxed
simple
Active code options:
USE_DB
USE_LUA
USE_UNBOUND
_FFR_REPLACE_RULES
_FFR_SELECTOR_HEADER
_FFR_STATS
libopendkim 2.5.2:
dpkg -s postfix
Package: postfix
Status: install ok installed
Priority: extra
Section: mail
Installed-Size: 3353
Maintainer: LaMont Jones <[email protected]>
Architecture: amd64
Version: 2.9.1-4
Replaces: mail-transport-agent
Provides: default-mta, mail-transport-agent
Depends: libc6 (>= 2.14), libdb5.1, libsasl2-2, libsqlite3-0 (>= 3.5.9), libssl1.0.0 (>= 1.0.0), debconf (>= 0.5) | debconf-2.0, netbase, adduser (>= 3.48), dpkg (>= 1.8.3), lsb-base (>= 3.0-6), ssl-cert, cpio
Recommends: python
Suggests: procmail, postfix-mysql, postfix-pgsql, postfix-ldap, postfix-pcre, sasl2-bin, libsasl2-modules, dovecot-common, resolvconf, postfix-cdb, mail-reader, ufw
Conflicts: libnss-db (<< 2.2-3), mail-transport-agent, smail
Conffiles:
/etc/init.d/postfix 4af3a2532cddca3e6d0bc5f7b4fc2f75
/etc/insserv.conf.d/postfix 7fe2d086ff4822fc9fe13adab1090dce
/etc/ppp/ip-up.d/postfix fccc53fc4eeeab46941ebcc95a71e766
/etc/ppp/ip-down.d/postfix 52275dc23864f3bfca412c7558e28fe6
/etc/network/if-up.d/postfix fccc53fc4eeeab46941ebcc95a71e766
/etc/network/if-down.d/postfix 52275dc23864f3bfca412c7558e28fe6
/etc/postfix/postfix-script 0d01860b2f0778cf41951c801f538b30
/etc/postfix/post-install 4e9b37279a95246a5fe68afdbbbfd035
/etc/postfix/postfix-files ad34dcc8c31d057f6f20268b0aa16f29
/etc/rsyslog.d/postfix.conf d8a09827fff2a22311e4dd4a83e95c83
/etc/ufw/applications.d/postfix 5c7e746dc9255e750b8f50460de11a32
/etc/resolvconf/update-libc.d/postfix cfdfa512e14e80ab89cac7cc44b3a521
Description: High-performance mail transport agent
Postfix is Wietse Venema's mail transport agent that started life as an
alternative to the widely-used Sendmail program. Postfix attempts to
be fast, easy to administer, and secure, while at the same time being
sendmail compatible enough to not upset existing users. Thus, the outside
has a sendmail-ish flavor, but the inside is completely different.
答案1
我相信[电子邮件保护]坏了。这似乎是问题所在。除非修复,否则不要使用它。使用其他的。
我们的 DKIM 正在通过:
- Brandon Checketts 电子邮件验证器 -http://www.brandonchecketts.com/emailtest.php
- 发送签名电子邮件至:[电子邮件保护]
- 发送签名电子邮件至:[电子邮件保护]
它唯一未通过的测试是:
- 发送签名电子邮件至:[电子邮件保护]