Re: [exim] DKIM signing with the i= (Identity) tag/header

Top Page
Delete this message
Reply to this message
Author: Christian Balzer
Date:  
To: exim-users
CC: Jeremy Harris
Subject: Re: [exim] DKIM signing with the i= (Identity) tag/header
On Tue, 22 Nov 2016 15:58:24 +0000 Jeremy Harris wrote:

> On 22/11/16 15:45, Christian Balzer wrote:
> > On Tue, 22 Nov 2016 14:06:28 +0000 Jeremy Harris wrote:
> >
> >> On 21/11/16 08:44, Christian Balzer wrote:
> >>> The problem was with the DNS TXT record after all, but so subtly that
> >>> Exim itself didn't spot it and gave things clean bill of health when
> >>> checking mails signed for that domain.
> >>>
> >>> To wit, the record had "v=DKIM1\\\; k=rsa\\\; ..." in it, instead of a
> >>> single backslash.
> >>
> >> Just to doublecheck... the DNS should return a record with any
> >> backslashes at all, and the need for one is in your path to
> >> loading the record for publication (and someone used 3, resulting
> >> in a record being presented to Google with 1)?
> >
> > Nope, the correct DNS TXT query should have ONE backslash in there.
>
> If I read RFC 4871 correctly, not so. There is no mention of backslash
> as part of the tag-spec separator in a tag-list, and the value for a v=
> tag must be set to exactly "DKIM1" (without the quotes).
>
> Where do you find the requirement for a backslash?


The output of dig should have one backslash in there, the actual record
should have none indeed.

Christian
-- 
Christian Balzer        Network/Systems Engineer                
chibi@???       Global OnLine Japan/Rakuten Communications
http://www.gol.com/