On Tue, 22 Nov 2016 15:58:24 +0000 Jeremy Harris wrote:
> On 22/11/16 15:45, Christian Balzer wrote:
> > On Tue, 22 Nov 2016 14:06:28 +0000 Jeremy Harris wrote:
> >
> >> On 21/11/16 08:44, Christian Balzer wrote:
> >>> The problem was with the DNS TXT record after all, but so subtly that
> >>> Exim itself didn't spot it and gave things clean bill of health when
> >>> checking mails signed for that domain.
> >>>
> >>> To wit, the record had "v=DKIM1\\\; k=rsa\\\; ..." in it, instead of a
> >>> single backslash.
> >>
> >> Just to doublecheck... the DNS should return a record with any
> >> backslashes at all, and the need for one is in your path to
> >> loading the record for publication (and someone used 3, resulting
> >> in a record being presented to Google with 1)?
> >
> > Nope, the correct DNS TXT query should have ONE backslash in there.
>
> If I read RFC 4871 correctly, not so. There is no mention of backslash
> as part of the tag-spec separator in a tag-list, and the value for a v=
> tag must be set to exactly "DKIM1" (without the quotes).
>
> Where do you find the requirement for a backslash?
The output of dig should have one backslash in there, the actual record
should have none indeed.
Christian
--
Christian Balzer Network/Systems Engineer
chibi@??? Global OnLine Japan/Rakuten Communications
http://www.gol.com/
