Comments on: Using DKIM in Exim http://mikepultz.com/2010/02/using-dkim-in-exim/ personal and professional blog of mike pultz, technology specialist and serial entrepreneur; Thu, 12 Aug 2010 07:39:29 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: John http://mikepultz.com/2010/02/using-dkim-in-exim/comment-page-1/#comment-203 John Sun, 20 Jun 2010 06:53:17 +0000 http://mikepultz.com/?p=384#comment-203 Hi Mike, Thanks for this great topic, I did that but I got permerror (key failed) for dkim and no sig for domainkeys. Authentication-Results: mta1045.mail.sk1.yahoo.com from=developers-heaven.net; domainkeys=neutral (no sig); from=developers-heaven.net; dkim=permerror (key failed) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=developers-heaven.net; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:To:From; bh=dZwg0roqeT4Z81/Gk6beBXednOetUVdfKD0HSi0smMw=; b=iwjc2Fu7aQAZ3nSb9Asu1DaPh27Lut0Ig2xEZ9FS5Frwnq57fJa8Vo4iaOKu/RokAIDVtgMUtZoh0JyBlpG18yJJILwuPO4ORzstS/fP9EGxfyLZBDZLtcSQOFRhc/dr; DKIM check details: ———————————————————- Result: permerror (invalid key: error reading public key: 3071417264:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:142:;3071417264:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1281:;3071417264:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509_PUBKEY;) May you please guide me how to fix. Hi Mike,

Thanks for this great topic, I did that but I got permerror (key failed) for dkim and no sig for domainkeys.

Authentication-Results: mta1045.mail.sk1.yahoo.com from=developers-heaven.net; domainkeys=neutral (no sig); from=developers-heaven.net; dkim=permerror (key failed)

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=developers-heaven.net; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:To:From; bh=dZwg0roqeT4Z81/Gk6beBXednOetUVdfKD0HSi0smMw=; b=iwjc2Fu7aQAZ3nSb9Asu1DaPh27Lut0Ig2xEZ9FS5Frwnq57fJa8Vo4iaOKu/RokAIDVtgMUtZoh0JyBlpG18yJJILwuPO4ORzstS/fP9EGxfyLZBDZLtcSQOFRhc/dr;

DKIM check details:
———————————————————-
Result: permerror (invalid key: error reading public key: 3071417264:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:142:;3071417264:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1281:;3071417264:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509_PUBKEY;)

May you please guide me how to fix.

]]> By: Exim smarthost with DKIM http://mikepultz.com/2010/02/using-dkim-in-exim/comment-page-1/#comment-186 Exim smarthost with DKIM Thu, 13 May 2010 10:14:15 +0000 http://mikepultz.com/?p=384#comment-186 [...] Never mind - I found some info. I just had a lapse in my search-fu. This page has what I need: http://mikepultz.com/2010/02/using-dkim-in-exim/ [...] [...] Never mind – I found some info. I just had a lapse in my search-fu. This page has what I need: http://mikepultz.com/2010/02/using-dkim-in-exim/ [...]

]]> By: mike http://mikepultz.com/2010/02/using-dkim-in-exim/comment-page-1/#comment-185 mike Wed, 12 May 2010 17:37:22 +0000 http://mikepultz.com/?p=384#comment-185 <a href="#comment-184" rel="nofollow">@Beau</a> Hey Beau, I'm not 100% familiar with the Debian install; it seems to break the file up into components- usually I install from source and have just one big configure file- but this looks like the right spot. 1) That should be all you need to at least sign out-going messages. 2) Yup, the selector is just a random word that is specified in your config; it uses this word to do the DNS lookup against your domain- most of the time it's kept really short (like a single character), but as long as it's a valid hostname, it's fine. 3) Yes, that's the full path to the private key; so in your example, your private key would have to be in /- is that correct? maybe it's not signing your e-mails because it can't find the key? Also, have you confirmed that messages are being sent through exim? can you see messages coming in/out in your main exim log file? Mike @Beau

Hey Beau,

I’m not 100% familiar with the Debian install; it seems to break the file up into components- usually I install from source and have just one big configure file- but this looks like the right spot.

1) That should be all you need to at least sign out-going messages.

2) Yup, the selector is just a random word that is specified in your config; it uses this word to do the DNS lookup against your domain- most of the time it’s kept really short (like a single character), but as long as it’s a valid hostname, it’s fine.

3) Yes, that’s the full path to the private key; so in your example, your private key would have to be in /- is that correct? maybe it’s not signing your e-mails because it can’t find the key?

Also, have you confirmed that messages are being sent through exim? can you see messages coming in/out in your main exim log file?

Mike

]]> By: Beau http://mikepultz.com/2010/02/using-dkim-in-exim/comment-page-1/#comment-184 Beau Mon, 10 May 2010 19:00:12 +0000 http://mikepultz.com/?p=384#comment-184 Thanks a bunch for this great tutorial. I have a couple questions though. For starters, I'm on Debian and Nginx and I installed exim with this command: "apt-get -t lenny-backports install exim4" which installed version 4.71. I then followed your tutorial for signing emails but my emails still don't get signed. Step 1 seems to have gone off without a hitch as I can verify that both those files now exist and have data that looks right. I added the following lines to /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp under driver = smtp: dkim_domain = dostuffright.com dkim_selector = whizbang-dkim dkim_private_key = /dkim.private.key dkim_canon = relaxed And restarted exim. I then added the txt record to my domain as you instructed. The problem is that my emails don't seem to be getting signed. I've tried looking at the raw headers and sending emails to six different rotator services and I'm quite positive my emails aren't getting signed. So my questions are: 1) Is there something I need to do to turn signing on besides adding those lines to that file? 2) What is the "selector"? Is it just some random word that has to be in both the header and the txt record? 3) Is dkim_private_key just the path to the dkim public key on my server? That's what I'm assuming it is. Thanks a bunch! Beau Thanks a bunch for this great tutorial. I have a couple questions though. For starters, I’m on Debian and Nginx and I installed exim with this command: “apt-get -t lenny-backports install exim4″ which installed version 4.71. I then followed your tutorial for signing emails but my emails still don’t get signed. Step 1 seems to have gone off without a hitch as I can verify that both those files now exist and have data that looks right.

I added the following lines to /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp under driver = smtp:
dkim_domain = dostuffright.com
dkim_selector = whizbang-dkim
dkim_private_key = /dkim.private.key
dkim_canon = relaxed

And restarted exim. I then added the txt record to my domain as you instructed. The problem is that my emails don’t seem to be getting signed. I’ve tried looking at the raw headers and sending emails to six different rotator services and I’m quite positive my emails aren’t getting signed. So my questions are:

1) Is there something I need to do to turn signing on besides adding those lines to that file?
2) What is the “selector”? Is it just some random word that has to be in both the header and the txt record?
3) Is dkim_private_key just the path to the dkim public key on my server? That’s what I’m assuming it is.

Thanks a bunch!
Beau

]]> By: Jim http://mikepultz.com/2010/02/using-dkim-in-exim/comment-page-1/#comment-177 Jim Sun, 07 Mar 2010 18:21:15 +0000 http://mikepultz.com/?p=384#comment-177 <a href="#comment-173" rel="nofollow">@mike</a> Thanks. I am using the same domain/selector and getting a "pass" from check-auth@verifier.port25.com for "DKIM check" for all domains. Again, thanks for the excellent tutorial. @mike
Thanks. I am using the same domain/selector and getting a “pass” from check-auth@verifier.port25.com for “DKIM check” for all domains.

Again, thanks for the excellent tutorial.

]]>