我正在运行带有一些“功能”的 postfix 服务器,例如 spf、dmarc 和 DKIM。SPF 和 DMARC 运行良好,当我向我的 gmail 帐户发送电子邮件时,我看到它们通过了,但是 DKIM 显示“失败”,我不确定为什么。我使用了一些在线 DNS 检查,他们声称我的 DKIM DNS 记录没有问题,但像 mail-tester 这样的邮件检查失败了:
The DKIM signature of your message is:
v=1;
a=rsa-sha256;
c=relaxed/simple;
d=mydomain.com;
s=email;
t=1711628971;
bh=Rv2fKWBlNI8YfmXfYIWLRt8FRQfzmecyWP3jcdyv3KQ=;
h=Subject:From:To;
b=Euf/WOxr4EcUxl3MgvTfpod7gkhQ8MPsxm8qULS2lD83fx1PWPeVaB+JTQJk27bQNzXPZcufpB0ANcA3hG34WDzKCefabN/Y97OdyRoI6nAH4JfeXqG3AeloDDc6i6o1961TLNVZr8qjPBe2quQSb+LPY/EpGu1RSRxgQO9ws/Yv92IHV6Lx8tzcQjDKQ3CAkTV+v9FGxp3l/VJDbbUbCU9P/8WuQ1JjluP4zJSJPV9zd6EWRiJgiLomXSlaSI5ekvbJRip1uLFfq8Qr7sXcmlW3mCts3bkS95LU8kFJ8/27TXzJY32sVw2tkX0h9Hx/6YUVOjlbGI590JJ/IsCoIg==
Your public key is:
"v=DKIM1;
k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA24F81SHRpZJ/EA3NAfWRYEwKi6XHx1o/RIGVDuEMvxefDDOtbRQsh4hG7er/Ll3f4ID4aTa99IHWHx/Zik0PBnXwDLbGqDqqU0dgtURYGfRXwuxtvvQfuOaWLa9DwVKiIUOcPtXIdh6a5sM73jQcatCaPwoVZadVb9klQubN+NU3A7JI1FtIk0Lovm7gOr/7VSuibcV6Ni8ZZ/5jM4xo67LpT3rbJpDsmKWRFoe1HmU3pe2+AmG/hFnOvLHkGYt6j0gdHJbIUdjr/ObBzQJ8VSFQJY55ortYMFxR1LO79f5G1CT3bMlLMauH2odzPTSGBeP7ihlP3zFblFd6MOKmrwIDAQAB"
Key length: 2048bits
Your DKIM signature is not valid
文件:opendkim.conf:
root@email:/# cat /etc/opendkim.conf
AutoRestart Yes
AutoRestartRate 10/1h
UMask 002
Syslog yes
SyslogSuccess Yes
LogWhy Yes
RemoveOldSignatures Yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/truhost
InternalHosts refile:/etc/opendkim/truhost
KeyTable /etc/opendkim/keyt
SigningTable refile:/etc/opendkim/sign
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:8891@localhost
OmitHeaders Message-ID, Date, Return-Path, Bounces-To, Received, Comments,
Keywords, Bcc, Resent-Bcc, List-ID, List-Unsubscribe, DKIM-Signature<Paste>
Nameservers 127.0.0.11
文件密钥:
email._domainkey.mydomain.com mydomain.com:email:/etc/opendkim/keys/mydomain.com/email.private
文件: 签名:
*@mydomain.com email._domainkey.mydomain.com
其中一个网站提到:验证签名
结果 = 失败详细信息:错误的 RSA 签名
我从 email.txt 中获取了我的 DKIM 记录,因为 opendkim 自动生成它,它看起来像这样:
"v=DKIM1; h=sha256; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MjR9CMslFUjbjDA7XWVFCcVOS6nVruC9iILNrSAMoozGgqOxp0vCBOFtCmdpVl/AK66wzo6WiCDyO1MqL0r+EKZbHSoSGurQRuq1FTcSDB110gfuyB/EwoAmW1z8YiK5dU7ae/rrpZH5IHr18F/cnMSX6UvjhO52qOkru06YkxXVnunZQ3zsOntpLJgLZ6f3bSbkv1R72/n+A"
"ObOYzx3ZB0j7pUPc4b3NzPycQKd/gIN72GPWixy5RkaKBqc89MR71MfefzmLA2cyedORp0xayMAZRJxD6BA1hLjXJ1DDdufL5rJIIU/R5s2jCWawAXK4Sw+wepsQRfYQra0605EwIDAQAB"
当我尝试将其添加到 dns 中时,它失败了,我必须在 n+A 之后删除“”并将其替换为 /,然后它才能工作,我不知道为什么它不起作用