使用 opendkim,什么可能会导致 Port25 的 DKIM 电子邮件测试器出现“签名未验证”错误?

使用 opendkim,什么可能会导致 Port25 的 DKIM 电子邮件测试器出现“签名未验证”错误?

据我所知,我已遵循 Steve Jenkins 这篇文章中有关如何在 CentOS 下为 sendmail 安装和配置 opendkim 的所有说明。

http://stevejenkins.com/blog/2011/08/installing-opendkim-rpm-via-yum-with-postfix-or-sendmail-for-rhel-centos-fedora/

服务器上的所有内容似乎都正常 - 我在邮件日志中或重新启动 sendmail 或 opendkim 时没有看到任何错误。

但是当我使用Port25的电子邮件检查工具(发送电子邮件至[电子邮件受保护]来自服务器),我得到一个失败,说签名没有验证。

DKIM check details:
----------------------------------------------------------
Result:         fail (signature doesn't verify)
ID(s) verified:
Canonicalized Headers:
    subject:Test'20'message'20'to'20'see'20'if'20'opendkim'20'is'20'working'0D''0A'
    date:Tue,'20'3'20'Jun'20'2014'20'12:52:29'20'-0700'0D''0A'
    to:[email protected]'0D''0A'
    from:"Adam'20'C.'20'Engst"'20'<[email protected]>'0D''0A'
    dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/simple;'20'd=tidbits.com;'20's=default;'20't=1401825149;'20'bh=z6rEhTm6k/MRH02Uwz6CoDfNxAxYcEAZxvynRlx4keQ=;'20'h=Subject:Date:To:From;'20'b=

Canonicalized Body:
    Let'27's'20'see'20'what'20'this'20'does.'20'Ignore'20'it'20'if'20'it'20'gets'20'out.'0D''0A'
    '0D''0A'
    cheers...'20'-Adam='0D''0A'


DNS record(s):
    default._domainkey.tidbits.com. 120 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD5c8Qbiw2aLlYk9ewZiVpEL3TwABiRZqIf3tlKtVmkj5QTEfWLjNsnkQ+p+o/IbO7tzXypaGso3dfqVVz/WftpqsXQLT9Yd9VZn8qyeMnOBcSl7Xj0McMFmdGmnpHR8KX+/tiYJL169UPo6EotcLRXbW63ZbNnft5W4FBSvhrP2QIDAQAB"

Public key used for verification: default._domainkey.tidbits.com (1024 bits)

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions.  If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

同样,如果我使用 Brandon Checketts 的电子邮件验证器http://www.brandonchecketts.com/emailtest.php,我收到类似的失败消息,表示消息已被更改:

DKIM Signature


Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tidbits.com;
    s=default; t=1401825040;
    bh=z6rEhTm6k/MRH02Uwz6CoDfNxAxYcEAZxvynRlx4keQ=;
    h=Subject:Date:To:From;
    b=B7XhogAmuX1/FsHKdxVQBvYy3x2CXo+RvcmTqgVqUQ3zhee9Wfc5tQf+l+tGPqWSY
     4QNIs/G+AwV24o4oOWhmjEORouHbXF6U9jPzallMT6PlJgOxs+t1cXsgyhp7GaFvuJ
     d93sPM6PnJRV+CwascsNPfWnYvY8lHoa1cPUJjvs=


Signature Information:
v= Version:         1
a= Algorithm:       rsa-sha256
c= Method:          relaxed/simple
d= Domain:          tidbits.com
s= Selector:        default
q= Protocol:        
bh=                 z6rEhTm6k/MRH02Uwz6CoDfNxAxYcEAZxvynRlx4keQ=
h= Signed Headers:  Subject:Date:To:From
b= Data:            B7XhogAmuX1/FsHKdxVQBvYy3x2CXo+RvcmTqgVqUQ3zhee9Wfc5tQf+l+tGPqWSY
     4QNIs/G+AwV24o4oOWhmjEORouHbXF6U9jPzallMT6PlJgOxs+t1cXsgyhp7GaFvuJ
     d93sPM6PnJRV+CwascsNPfWnYvY8lHoa1cPUJjvs=
Public Key DNS Lookup


Building DNS Query for default._domainkey.tidbits.com
Retrieved this publickey from DNS: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD5c8Qbiw2aLlYk9ewZiVpEL3TwABiRZqIf3tlKtVmkj5QTEfWLjNsnkQ+p+o/IbO7tzXypaGso3dfqVVz/WftpqsXQLT9Yd9VZn8qyeMnOBcSl7Xj0McMFmdGmnpHR8KX+/tiYJL169UPo6EotcLRXbW63ZbNnft5W4FBSvhrP2QIDAQAB
Validating Signature


result = fail
Details: message has been altered

这些测试消息是从为我们编写的内部工具发送的;它创建供 sendmail 发送的消息。问题是否与 DKIM 标头添加到邮件的时间有关?

相关内容