DKIM 密钥无效 - RSA 签名错误
DKIM key not valid - Bad RSA signature
我使用 opendkim 和 postfix 在 Ubuntu 14.04 机器上安装了 DKIM。我生成了 RSA 密钥对并更新了 TXT 记录。
在 www.mail-tester.com or www.dkimvalidator.com 等任何 DKIM 测试仪上测试设置时,出现 "result = fail, bad RSA signature" 等错误。
这是一个示例邮件(来自 dkimvalidator.com 的信息)。我用 mail.example.com.
替换了真实域
DKIM Signature
Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mail.example.com;
h=content-type:content-type:mime-version:subject:subject
:message-id:to:reply-to:from:from; s=dkim; t=1505761379; x=
1506625380; bh=xp3gKk5P39UaB7IV9Rj58h82gFaIiEDAqCbmUtWe2Yo=; b=s
ErbZFhFhPQjrOz2dH2RlYMAaN0oUKT7SBJe/bQg5Uxq86VHr7HkHRnnqtw1lkRL6
Ha6Qd2rXAV+ftc5vL3K3TYojBz8HFigZtmJetjgY1/evk9XnRHtTaRBD6/ZrXtii
Rsa87O6RsoM7om9brPP8QW01/84nPSonJIIQtobLt0=
Signature Information:
v= Version: 1
a= Algorithm: rsa-sha256
c= Method: relaxed/simple
d= Domain: mail.example.com
s= Selector: dkim
q= Protocol:
bh= xp3gKk5P39UaB7IV9Rj58h82gFaIiEDAqCbmUtWe2Yo=
h= Signed Headers: content-type:content-type:mime-version:subject:subject
:message-id:to:reply-to:from:from
b= Data: s
ErbZFhFhPQjrOz2dH2RlYMAaN0oUKT7SBJe/bQg5Uxq86VHr7HkHRnnqtw1lkRL6
Ha6Qd2rXAV+ftc5vL3K3TYojBz8HFigZtmJetjgY1/evk9XnRHtTaRBD6/ZrXtii
Rsa87O6RsoM7om9brPP8QW01/84nPSonJIIQtobLt0=
Public Key DNS Lookup
Building DNS Query for dkim._domainkey.mail.example.com
Retrieved this publickey from DNS: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIbe1WBW7hf4IbeW8acNXKzi6uQb2UXagkJoLWqGqLaXbnrLmwEjgxzoJQRR7iLq4/niGmI76Nzbc0aASTGYRdAK62/Enjove3W70vl92VSgGy1Tm0oZ+9/4+Z8qLiwikPs+HL961CshehcAMu1aLnVSyMwe77pOlf6ZPG7Lxj5QIDAQAB
Validating Signature
result = fail
Details: bad RSA signature
这里是 /etc/opendimk.conf:
# Log to syslog
Syslog yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask 002
Domain mail.example.com
KeyFile /etc/dkimkeys/dkim.key
Selector dkim
# Commonly-used options; the commented-out versions show the defaults.
#Canonicalization simple
#Mode sv
#SubDomains no
OversignHeaders From
TrustAnchorFile /usr/share/dns/root.key
会不会因为我使用像 johndoe@mail.example.com 这样的子域来发送电子邮件而出现问题?
问题是因为 opendkim 没有监听指定的套接字; Postfix 无法访问 opendkim,因此电子邮件未签名。
我使用 opendkim 和 postfix 在 Ubuntu 14.04 机器上安装了 DKIM。我生成了 RSA 密钥对并更新了 TXT 记录。
在 www.mail-tester.com or www.dkimvalidator.com 等任何 DKIM 测试仪上测试设置时,出现 "result = fail, bad RSA signature" 等错误。
这是一个示例邮件(来自 dkimvalidator.com 的信息)。我用 mail.example.com.
DKIM Signature
Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mail.example.com;
h=content-type:content-type:mime-version:subject:subject
:message-id:to:reply-to:from:from; s=dkim; t=1505761379; x=
1506625380; bh=xp3gKk5P39UaB7IV9Rj58h82gFaIiEDAqCbmUtWe2Yo=; b=s
ErbZFhFhPQjrOz2dH2RlYMAaN0oUKT7SBJe/bQg5Uxq86VHr7HkHRnnqtw1lkRL6
Ha6Qd2rXAV+ftc5vL3K3TYojBz8HFigZtmJetjgY1/evk9XnRHtTaRBD6/ZrXtii
Rsa87O6RsoM7om9brPP8QW01/84nPSonJIIQtobLt0=
Signature Information:
v= Version: 1
a= Algorithm: rsa-sha256
c= Method: relaxed/simple
d= Domain: mail.example.com
s= Selector: dkim
q= Protocol:
bh= xp3gKk5P39UaB7IV9Rj58h82gFaIiEDAqCbmUtWe2Yo=
h= Signed Headers: content-type:content-type:mime-version:subject:subject
:message-id:to:reply-to:from:from
b= Data: s
ErbZFhFhPQjrOz2dH2RlYMAaN0oUKT7SBJe/bQg5Uxq86VHr7HkHRnnqtw1lkRL6
Ha6Qd2rXAV+ftc5vL3K3TYojBz8HFigZtmJetjgY1/evk9XnRHtTaRBD6/ZrXtii
Rsa87O6RsoM7om9brPP8QW01/84nPSonJIIQtobLt0=
Public Key DNS Lookup
Building DNS Query for dkim._domainkey.mail.example.com
Retrieved this publickey from DNS: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIbe1WBW7hf4IbeW8acNXKzi6uQb2UXagkJoLWqGqLaXbnrLmwEjgxzoJQRR7iLq4/niGmI76Nzbc0aASTGYRdAK62/Enjove3W70vl92VSgGy1Tm0oZ+9/4+Z8qLiwikPs+HL961CshehcAMu1aLnVSyMwe77pOlf6ZPG7Lxj5QIDAQAB
Validating Signature
result = fail
Details: bad RSA signature
这里是 /etc/opendimk.conf:
# Log to syslog
Syslog yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask 002
Domain mail.example.com
KeyFile /etc/dkimkeys/dkim.key
Selector dkim
# Commonly-used options; the commented-out versions show the defaults.
#Canonicalization simple
#Mode sv
#SubDomains no
OversignHeaders From
TrustAnchorFile /usr/share/dns/root.key
会不会因为我使用像 johndoe@mail.example.com 这样的子域来发送电子邮件而出现问题?
问题是因为 opendkim 没有监听指定的套接字; Postfix 无法访问 opendkim,因此电子邮件未签名。