March 29, 2024, 06:27:17 AM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: Can't get DKIM to work with Sendmail, please help  (Read 3308 times)

Offline ethic

  • New Member
  • Posts: 1
Can't get DKIM to work with Sendmail, please help
« on: May 18, 2009, 03:10:55 PM »
I am using sendmail as my MTA and dkim-filter to sign my mails with DKIM, I already able to sign the messages, that means that at least dkim-filter seems to be working but the problem is that when I run the test (sending mails to test emails) I keep getting errors.
What I did:
(My mail server ethic.sempresariales.com)

1. Create my keys private/publilc, rename them and move it to the appropiate directory
openssl genrsa -out rsa.private 1024
openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM
mv rsa.private mails.key.pem
mv mails.key.pem /var/db/dkim
(selector name "mails")

2. Add public key to a TXT record in the DNS
mails._domainkey IN TXT
"v=DKIM1; g=*; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCGIRExnR3vbXjaOGnIpsYO+IeSP/WGmdAuplJsiNC/NbOHOh+06mKFuSUP0ZYCRUuJjLwtqD36trhFajHxeVDIDDyfHFMsQmkGfOqEXE3Owm4SomIt2la8K+/v06zRidecNIAkEffERqD32QxPI9iOnufRBRdvNV9dNDDcKvltQIDAQAB"

3.
dkim-filter -s s -k /var/db/dkim/s.key.pem -p inet:8892@localhost -d sempresariales.com -D

I added the -D option becausse I noticed that if I didn't the message weren't signed because the FQDN of the mail server is ethic.sempresariales.com once I did it the messages were signed.

4.
Add this line to the sendmail.mc and do "make"
INPUT_MAIL_FILTER(`dkim-filter', `S=inet:8892@localhost')

5. Restar sendmail
service sendmail restart

6. Finally send an email to see if my mails were being signed, and it actually did but my happiness didn't last because once I did the test to sa-test@sendmail.net and check-auth@verifier.port25.com I got a failed test. Here is an example of what I got from port25.com

-------------------------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         fail (signature doesn't verify)
ID(s) verified:
Canonicalized Headers:
    Date:'20'Thu,'20'14'20'May'20'2009'20'17:24:46'20'-0500'0D''0A'
    From:'20'Alfredo'20'Osorio'20'<ethic@sempresariales.com>'0D''0A'
    Message-Id:'20'<200905142224.n4EMOkR9006100@ethic.sempresariales.com>'0D''0A'
    To:'20'check-auth@verifier.port25.com'0D''0A'
    Subject:'20'sd'0D''0A'
    DKIM-Signature:'20'v=1;'20'a=rsa-sha256;'20'c=simple/simple;'20'd=sempresariales.com;'0D''0A'
    '09's=mails;'20't=1242339887;'20'i=@sempresariales.com;'0D''0A'
    '09'bh=GFCzb5dKQEn9tG2PMLRwQeSoJQ5tLnk22PLwiDUXtSg=;'0D''0A'
    '09'h=Date:From:Message-Id:To:Subject;'0D''0A'
    '09'b=

Canonicalized Body:
    sd'0D''0A'
   

DNS record(s):
    mails._domainkey.sempresariales.com. 3600 IN TXT "v=DKIM1; g=*; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCGIRExnR3vbXjaOGnIpsYO+IeSP/WGmdAuplJsiNC/NbOHOh+06mKFuSUP0ZYCRUuJjLwtqD36trhFajHxeVDIDDyfHFMsQmkGfOqEXE3Owm4SomIt2la8K+/v06zRidecNIAkEffERqD32QxPI9iOnufRBRdvNV9dNDDcKvltQIDAQAB"

NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions.  If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM.
-------------------------------------------------------------------------
As you can see it says "fail (signature doesn't verify)", and I've been checking that my public key in the DNS is not misspelled or anything (spaces, etc) and actually it appears to be fine.

mails._domainkey.sempresariales.com     text = "v=DKIM1\; g=*\; k=rsa\; t=y\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCGIRExnR3vbXjaOGnIpsYO+IeSP/WGmdAuplJsiNC/NbOHOh+06mKFuSUP0ZYCRUuJjLwtqD36trhFajHxeVDIDDyfHFMsQmkGfOqEXE3Owm4SomIt2la8K+/v06zRidecNIAkEffERqD32QxPI9iOnufRBRdvNV9dNDDcKvltQIDAQAB"

I don't know what else to do, so please help me out,

Thank You in advance

Alfredo

Offline fleece

  • New Member
  • Posts: 1
Re: Can't get DKIM to work with Sendmail, please help
« Reply #1 on: June 07, 2009, 11:51:36 AM »
ethic, sorry i can't help you with the problem -- I'm bit of a newbie. 

... but i hope someone on this forum can help because i'm struggling to get a DKIM milter 2.5.1 implementation working on my Fedora 9 system with sendmail.  once i get dkim-milter working on v2.5.1, i'll upgrade/patch security DOS hole.

anyone know of a good fedora-dkim-sendmail "howto" for newbies?

most of my mail send without SPF and DKIM gets flagged by many ISPs as spam/junk/bulk.