您的 DKIM 签名无效 - opendkim

tag-icon tag-icon domain-name-system postfix dkim opendkim
您的 DKIM 签名无效 - opendkim

我正在运行带有一些“功能”的 postfix 服务器,例如 spf、dmarc 和 DKIM。SPF 和 DMARC 运行良好,当我向我的 gmail 帐户发送电子邮件时,我看到它们通过了,但是 DKIM 显示“失败”,我不确定为什么。我使用了一些在线 DNS 检查,他们声称我的 DKIM DNS 记录没有问题,但像 mail-tester 这样的邮件检查失败了:

The DKIM signature of your message is:

v=1;
a=rsa-sha256;
c=relaxed/simple;
d=mydomain.com;
s=email;
t=1711628971;
bh=Rv2fKWBlNI8YfmXfYIWLRt8FRQfzmecyWP3jcdyv3KQ=;
h=Subject:From:To;


b=Euf/WOxr4EcUxl3MgvTfpod7gkhQ8MPsxm8qULS2lD83fx1PWPeVaB+JTQJk27bQNzXPZcufpB0ANcA3hG34WDzKCefabN/Y97OdyRoI6nAH4JfeXqG3AeloDDc6i6o1961TLNVZr8qjPBe2quQSb+LPY/EpGu1RSRxgQO9ws/Yv92IHV6Lx8tzcQjDKQ3CAkTV+v9FGxp3l/VJDbbUbCU9P/8WuQ1JjluP4zJSJPV9zd6EWRiJgiLomXSlaSI5ekvbJRip1uLFfq8Qr7sXcmlW3mCts3bkS95LU8kFJ8/27TXzJY32sVw2tkX0h9Hx/6YUVOjlbGI590JJ/IsCoIg==
Your public key is:

"v=DKIM1;
k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA24F81SHRpZJ/EA3NAfWRYEwKi6XHx1o/RIGVDuEMvxefDDOtbRQsh4hG7er/Ll3f4ID4aTa99IHWHx/Zik0PBnXwDLbGqDqqU0dgtURYGfRXwuxtvvQfuOaWLa9DwVKiIUOcPtXIdh6a5sM73jQcatCaPwoVZadVb9klQubN+NU3A7JI1FtIk0Lovm7gOr/7VSuibcV6Ni8ZZ/5jM4xo67LpT3rbJpDsmKWRFoe1HmU3pe2+AmG/hFnOvLHkGYt6j0gdHJbIUdjr/ObBzQJ8VSFQJY55ortYMFxR1LO79f5G1CT3bMlLMauH2odzPTSGBeP7ihlP3zFblFd6MOKmrwIDAQAB"
Key length: 2048bits

Your DKIM signature is not valid

文件:opendkim.conf:

root@email:/# cat /etc/opendkim.conf 
AutoRestart             Yes
AutoRestartRate         10/1h
UMask                   002
Syslog                  yes
SyslogSuccess           Yes
LogWhy                  Yes
RemoveOldSignatures     Yes

Canonicalization        relaxed/simple

ExternalIgnoreList      refile:/etc/opendkim/truhost
InternalHosts           refile:/etc/opendkim/truhost
KeyTable                /etc/opendkim/keyt
SigningTable            refile:/etc/opendkim/sign

Mode                    sv
PidFile                 /var/run/opendkim/opendkim.pid
SignatureAlgorithm      rsa-sha256

UserID                  opendkim:opendkim

Socket                  inet:8891@localhost
OmitHeaders             Message-ID, Date, Return-Path, Bounces-To, Received, Comments, 

Keywords, Bcc, Resent-Bcc, List-ID, List-Unsubscribe, DKIM-Signature<Paste>
    Nameservers 127.0.0.11

文件密钥:

email._domainkey.mydomain.com mydomain.com:email:/etc/opendkim/keys/mydomain.com/email.private

文件: 签名:

*@mydomain.com email._domainkey.mydomain.com

其中一个网站提到:验证签名

结果 = 失败详细信息:错误的 RSA 签名

我从 email.txt 中获取了我的 DKIM 记录,因为 opendkim 自动生成它,它看起来像这样:

"v=DKIM1; h=sha256; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MjR9CMslFUjbjDA7XWVFCcVOS6nVruC9iILNrSAMoozGgqOxp0vCBOFtCmdpVl/AK66wzo6WiCDyO1MqL0r+EKZbHSoSGurQRuq1FTcSDB110gfuyB/EwoAmW1z8YiK5dU7ae/rrpZH5IHr18F/cnMSX6UvjhO52qOkru06YkxXVnunZQ3zsOntpLJgLZ6f3bSbkv1R72/n+A"
    "ObOYzx3ZB0j7pUPc4b3NzPycQKd/gIN72GPWixy5RkaKBqc89MR71MfefzmLA2cyedORp0xayMAZRJxD6BA1hLjXJ1DDdufL5rJIIU/R5s2jCWawAXK4Sw+wepsQRfYQra0605EwIDAQAB"

当我尝试将其添加到 dns 中时,它失败了,我必须在 n+A 之后删除“”并将其替换为 /,然后它才能工作,我不知道为什么它不起作用

相关内容