Comments on: Using DKIM in Exim http://mikepultz.com/2010/02/using-dkim-in-exim/ personal and professional blog of mike pultz, technology specialist and serial entrepreneur. Fri, 11 May 2012 19:07:44 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: mike http://mikepultz.com/2010/02/using-dkim-in-exim/comment-page-1/#comment-2468 mike Thu, 03 May 2012 21:16:14 +0000 http://mikepultz.com/?p=384#comment-2468 Hey Jon, The error: "DKIM: signing failed (RC -101)" is the error code PDKIM_ERR_RSA_PRIVKEY (from src/pdkim/pdkim.h) /* Function success / error codes */ #define PDKIM_OK 0 #define PDKIM_FAIL -1 #define PDKIM_ERR_OOM -100 #define PDKIM_ERR_RSA_PRIVKEY -101 #define PDKIM_ERR_RSA_SIGNING -102 #define PDKIM_ERR_LONG_LINE -103 #define PDKIM_ERR_BUFFER_TOO_SMALL -104 and is only returned in one place - in src/pdkim/pdkim.c /* Perform private key operation */ if (rsa_parse_key(&rsa, (unsigned char *)sig->rsa_privkey, strlen(sig->rsa_privkey), NULL, 0) != 0) { return PDKIM_ERR_RSA_PRIVKEY; } So it looks like there is a problem parsing the RSA key that you generated for Exim. This could be because the key generation failed, or because exim doesn't have access to the file (file permissions). I would start by trying to re-generate your certificates. Mike Hey Jon,

The error: “DKIM: signing failed (RC -101)”

is the error code PDKIM_ERR_RSA_PRIVKEY (from src/pdkim/pdkim.h)

/* Function success / error codes */
#define PDKIM_OK 0
#define PDKIM_FAIL -1
#define PDKIM_ERR_OOM -100
#define PDKIM_ERR_RSA_PRIVKEY -101
#define PDKIM_ERR_RSA_SIGNING -102
#define PDKIM_ERR_LONG_LINE -103
#define PDKIM_ERR_BUFFER_TOO_SMALL -104

and is only returned in one place – in src/pdkim/pdkim.c

/* Perform private key operation */
if (rsa_parse_key(&rsa, (unsigned char *)sig->rsa_privkey,
strlen(sig->rsa_privkey), NULL, 0) != 0) {
return PDKIM_ERR_RSA_PRIVKEY;
}

So it looks like there is a problem parsing the RSA key that you generated for Exim.

This could be because the key generation failed, or because exim doesn’t have access to the file (file permissions).

I would start by trying to re-generate your certificates.

Mike

]]> By: Jon http://mikepultz.com/2010/02/using-dkim-in-exim/comment-page-1/#comment-2458 Jon Tue, 01 May 2012 17:02:13 +0000 http://mikepultz.com/?p=384#comment-2458 I have been banging my head on this. Here is what I get from running the following command: /usr/sbin/exim -d -r "sysadmin@fromdomain.com" -odf jon@mydomain.com PDKIM >> Hashed body data, canonicalized >>>>>>>>>>>>>>>>>>>>>>>>>>>>> d{CR}{LF}PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<> Hashed header data, canonicalized, in sequence >>>>>>>>>>>>>> Date:{SP}Tue,{SP}01{SP}May{SP}2012{SP}12:55:11{SP}-0400{CR}{LF} From:{SP}sysadmin@fromdomain.com{CR}{LF} Message-Id:{SP}{CR}{LF} PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<> Signed DKIM-Signature header, canonicalized >>>>>>>>>>>>>>>>> DKIM-Signature:{SP}v=1;{SP}a=rsa-sha256;{SP}q=dns/txt;{SP}c=simple/simple;{SP}d=fromdomain.com;{SP}s=clips4sale.key._domainkey.fromdomain.com;{CR}{LF}{TB}h=Date:From:Message-Id;{SP}bh=b5BH63Qu/J1JXFMePN0RyHtCC1kT3uTiiTxs8JU5XRY=;{CR}{LF}{TB}b=; PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< PDKIM [fromdomain.com] hh computed: 15525e51535f45caea0668d70b115c21e89beeada4f652aae48fb7beca8c9788 LOG: MAIN PANIC DKIM: signing failed (RC -101) Any help would be greatly appreciated. Thanks Mike. I have been banging my head on this. Here is what I get from running the following command:
/usr/sbin/exim -d -r “sysadmin@fromdomain.com” -odf jon@mydomain.com

PDKIM >> Hashed body data, canonicalized >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
d{CR}{LF}PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<> Hashed header data, canonicalized, in sequence >>>>>>>>>>>>>>
Date:{SP}Tue,{SP}01{SP}May{SP}2012{SP}12:55:11{SP}-0400{CR}{LF}
From:{SP}sysadmin@fromdomain.com{CR}{LF}
Message-Id:{SP}{CR}{LF}
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<> Signed DKIM-Signature header, canonicalized >>>>>>>>>>>>>>>>>
DKIM-Signature:{SP}v=1;{SP}a=rsa-sha256;{SP}q=dns/txt;{SP}c=simple/simple;{SP}d=fromdomain.com;{SP}s=clips4sale.key._domainkey.fromdomain.com;{CR}{LF}{TB}h=Date:From:Message-Id;{SP}bh=b5BH63Qu/J1JXFMePN0RyHtCC1kT3uTiiTxs8JU5XRY=;{CR}{LF}{TB}b=;
PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PDKIM [fromdomain.com] hh computed: 15525e51535f45caea0668d70b115c21e89beeada4f652aae48fb7beca8c9788
LOG: MAIN PANIC
DKIM: signing failed (RC -101)

Any help would be greatly appreciated. Thanks Mike.

]]> By: mike http://mikepultz.com/2010/02/using-dkim-in-exim/comment-page-1/#comment-2457 mike Mon, 30 Apr 2012 19:13:59 +0000 http://mikepultz.com/?p=384#comment-2457 I don't think it should show up under Authenticators; DKIM isn't an authentication method. Mike I don’t think it should show up under Authenticators; DKIM isn’t an authentication method.

Mike

]]> By: Jon http://mikepultz.com/2010/02/using-dkim-in-exim/comment-page-1/#comment-2456 Jon Mon, 30 Apr 2012 18:47:37 +0000 http://mikepultz.com/?p=384#comment-2456 I do see it under the Support sections: Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc TCPwrappers OpenSSL Content_Scanning DKIM Old_Demime Experimental_SPF Experimental_SRS Still getting signing failures 2012-04-30 12:46:08 1SOtjf-0007WF-EY DKIM: signing failed (RC -101) I do see it under the Support sections:

Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc TCPwrappers OpenSSL Content_Scanning DKIM Old_Demime Experimental_SPF Experimental_SRS

Still getting signing failures
2012-04-30 12:46:08 1SOtjf-0007WF-EY DKIM: signing failed (RC -101)

]]> By: Jon http://mikepultz.com/2010/02/using-dkim-in-exim/comment-page-1/#comment-2455 Jon Mon, 30 Apr 2012 18:37:29 +0000 http://mikepultz.com/?p=384#comment-2455 When running exim in debug mode, should you see the reference to dkim under the Authenticators: near the top? Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa When running exim in debug mode, should you see the reference to dkim under the Authenticators: near the top?

Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa

]]>