据我所知,我已遵循 Steve Jenkins 这篇文章中有关如何在 CentOS 下为 sendmail 安装和配置 opendkim 的所有说明。
服务器上的所有内容似乎都正常 - 我在邮件日志中或重新启动 sendmail 或 opendkim 时没有看到任何错误。
但是当我使用Port25的电子邮件检查工具(发送电子邮件至[电子邮件受保护]来自服务器),我得到一个失败,说签名没有验证。
DKIM check details:
----------------------------------------------------------
Result: fail (signature doesn't verify)
ID(s) verified:
Canonicalized Headers:
subject:Test'20'message'20'to'20'see'20'if'20'opendkim'20'is'20'working'0D''0A'
date:Tue,'20'3'20'Jun'20'2014'20'12:52:29'20'-0700'0D''0A'
to:[email protected]'0D''0A'
from:"Adam'20'C.'20'Engst"'20'<[email protected]>'0D''0A'
dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/simple;'20'd=tidbits.com;'20's=default;'20't=1401825149;'20'bh=z6rEhTm6k/MRH02Uwz6CoDfNxAxYcEAZxvynRlx4keQ=;'20'h=Subject:Date:To:From;'20'b=
Canonicalized Body:
Let'27's'20'see'20'what'20'this'20'does.'20'Ignore'20'it'20'if'20'it'20'gets'20'out.'0D''0A'
'0D''0A'
cheers...'20'-Adam='0D''0A'
DNS record(s):
default._domainkey.tidbits.com. 120 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD5c8Qbiw2aLlYk9ewZiVpEL3TwABiRZqIf3tlKtVmkj5QTEfWLjNsnkQ+p+o/IbO7tzXypaGso3dfqVVz/WftpqsXQLT9Yd9VZn8qyeMnOBcSl7Xj0McMFmdGmnpHR8KX+/tiYJL169UPo6EotcLRXbW63ZbNnft5W4FBSvhrP2QIDAQAB"
Public key used for verification: default._domainkey.tidbits.com (1024 bits)
NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.
同样,如果我使用 Brandon Checketts 的电子邮件验证器http://www.brandonchecketts.com/emailtest.php,我收到类似的失败消息,表示消息已被更改:
DKIM Signature
Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tidbits.com;
s=default; t=1401825040;
bh=z6rEhTm6k/MRH02Uwz6CoDfNxAxYcEAZxvynRlx4keQ=;
h=Subject:Date:To:From;
b=B7XhogAmuX1/FsHKdxVQBvYy3x2CXo+RvcmTqgVqUQ3zhee9Wfc5tQf+l+tGPqWSY
4QNIs/G+AwV24o4oOWhmjEORouHbXF6U9jPzallMT6PlJgOxs+t1cXsgyhp7GaFvuJ
d93sPM6PnJRV+CwascsNPfWnYvY8lHoa1cPUJjvs=
Signature Information:
v= Version: 1
a= Algorithm: rsa-sha256
c= Method: relaxed/simple
d= Domain: tidbits.com
s= Selector: default
q= Protocol:
bh= z6rEhTm6k/MRH02Uwz6CoDfNxAxYcEAZxvynRlx4keQ=
h= Signed Headers: Subject:Date:To:From
b= Data: B7XhogAmuX1/FsHKdxVQBvYy3x2CXo+RvcmTqgVqUQ3zhee9Wfc5tQf+l+tGPqWSY
4QNIs/G+AwV24o4oOWhmjEORouHbXF6U9jPzallMT6PlJgOxs+t1cXsgyhp7GaFvuJ
d93sPM6PnJRV+CwascsNPfWnYvY8lHoa1cPUJjvs=
Public Key DNS Lookup
Building DNS Query for default._domainkey.tidbits.com
Retrieved this publickey from DNS: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD5c8Qbiw2aLlYk9ewZiVpEL3TwABiRZqIf3tlKtVmkj5QTEfWLjNsnkQ+p+o/IbO7tzXypaGso3dfqVVz/WftpqsXQLT9Yd9VZn8qyeMnOBcSl7Xj0McMFmdGmnpHR8KX+/tiYJL169UPo6EotcLRXbW63ZbNnft5W4FBSvhrP2QIDAQAB
Validating Signature
result = fail
Details: message has been altered
这些测试消息是从为我们编写的内部工具发送的;它创建供 sendmail 发送的消息。问题是否与 DKIM 标头添加到邮件的时间有关?