Re: [exim] DKIM signing with the i= (Identity) tag/header

Top Page
Delete this message
Reply to this message
Author: Jasen Betts
Date:  
To: exim-users
New-Topics: [exim] dig and backslash - was Re: DKIM signing with the i= (Identity) tag/header
Subject: Re: [exim] DKIM signing with the i= (Identity) tag/header
On 2016-11-22, Christian Balzer <chibi@???> wrote:
> On Tue, 22 Nov 2016 15:58:24 +0000 Jeremy Harris wrote:
>
>> On 22/11/16 15:45, Christian Balzer wrote:
>> > On Tue, 22 Nov 2016 14:06:28 +0000 Jeremy Harris wrote:
>> >
>> >> On 21/11/16 08:44, Christian Balzer wrote:
>> >>> The problem was with the DNS TXT record after all, but so subtly that
>> >>> Exim itself didn't spot it and gave things clean bill of health when
>> >>> checking mails signed for that domain.
>> >>>
>> >>> To wit, the record had "v=DKIM1\\\; k=rsa\\\; ..." in it, instead of a
>> >>> single backslash.
>> >>
>> >> Just to doublecheck... the DNS should return a record with any
>> >> backslashes at all, and the need for one is in your path to
>> >> loading the record for publication (and someone used 3, resulting
>> >> in a record being presented to Google with 1)?
>> >
>> > Nope, the correct DNS TXT query should have ONE backslash in there.
>>
>> If I read RFC 4871 correctly, not so. There is no mention of backslash
>> as part of the tag-spec separator in a tag-list, and the value for a v=
>> tag must be set to exactly "DKIM1" (without the quotes).
>>
>> Where do you find the requirement for a backslash?
>
> The output of dig should have one backslash in there, the actual record
> should have none indeed.


dig txt 20120113._domainkey.gmail.com 8.8.4.4 | grep ^20120113
20120113._domainkey.gmail.com. 281 IN    TXT    "k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Kd87/UeJjenpabgbFwh+eBCsSTrqmwIYYvywlbhbqoo2DymndFkbjOVIPIldNs/m40KF+yzMn1skyoxcTUGCQs8g3FgD2Ap3ZB5DekAo5wMmk4wimDO+U8QzI3SD0" "7y2+07wlNWwIt8svnxgdxGkVbbhzY8i+RQ9DpSVpPbF7ykQxtKXkv/ahW3KjViiAH+ghvvIhkx4xYSIc9oSwVmAl5OctMEeWUwg8Istjqz8BZeTWbf41fbNhte7Y+YqZOwq1Sd0DbvYAD9NOZK9vlfuac0598HY+vtSBczUiKERHv1yRbcaQtZFh5wtiRrN04BLUTD21MycBX5jYchHjPY/wIDAQAB"


No backslashes. Am I doing something wrong.

I, too seem to recall backslashes from dig in the past, but I can't
provoke them today.

--
This email has not been checked by half-arsed antivirus software