Re: [exim] Public key syntax error with some DKIM keys?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Mike Brudenell
Date:  
À: Exim User List
Sujet: Re: [exim] Public key syntax error with some DKIM keys?
Hi, Mike -

The value of the TXT record for mysmtp._domainkey.1click-email.com looks a
bit dodgy to me: dig is displaying the value enclose within double-quotes.
If you look at the end you'll see the value (within the double-quotes)
finishes with

\"


I can't remember off the top of my head whether the public key can be
enclosed within double-quotes in the value, but usually it isn't. Certainly
having one double-quote at the end and none at its start is wrong: it's not
balanced!

Try having a look at our key if you like to see how our public key is
listed:

dig 20160523.google._domainkey.york.ac.uk. txt


Note that because we use a 2048-bit key the value is long so is broken into
two parts, each enclosed within double-quotes. However the p= public key
value itself is *not* enclosed in double-quotes within the overall record.

Cheers,
Mike B-)

On 31 March 2017 at 17:20, Mike Tubby <mike@???> wrote:

> I'm getting DKIM public key parse errors with a few sites such as
> 1click-email.com:
>
>
> 2017-03-31 16:01:25 CONNECT: Accepting connection from: 185.163.190.90 -
> not blocked by any RBL
> 2017-03-31 16:01:25 HELO: Accepted HELO/EHLO relay843.mysmtp3.com from
> remote host: 185.163.190.90 (relay843.mysmtp3.com)
> 2017-03-31 16:01:25 MAIL: SPF Result=pass (1click-email.com /
> relay843.mysmtp3.com [185.163.190.90])
> 2017-03-31 16:01:25 MAIL: Accept from: bounce-a806-20059-20395-96d520
> c8=250090239=8@??? host: relay843.mysmtp3.com
> [185.163.190.90]
> 2017-03-31 16:01:25 no IP address found for host localhost.localdomain
> (during SMTP connection from relay843.mysmtp3.com [185.163.190.90])
> 2017-03-31 16:01:25 RCPT: SPF Result2=pass (1click-email.com /
> relay843.mysmtp3.com [185.163.190.90])
> 2017-03-31 16:01:26 1cty3J-0003DR-Ok DKIM: d=1click-email.com s=mysmtp
> c=simple/simple a=rsa-sha256 b=1024 t=1490957772 [invalid - syntax error in
> public key record]
>
>
> Digging into it a bit further ;-)    I find:

>
>
> root@relay1:/var/log/exim# dig mysmtp._domainkey.1click-email.com txt
>
> ; <<>> DiG 9.9.5-3ubuntu0.13-Ubuntu <<>> mysmtp._domainkey.1click-email
> .com txt
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5348
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;mysmtp._domainkey.1click-email.com. IN TXT
>
> ;; ANSWER SECTION:
> mysmtp._domainkey.1click-email.com. 3448 IN TXT "v=DKIM1\; k=rsa\;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjhzHudEPNFL21OHfqaD
> Z6BR2tHdFanOLg/EdFDIXzBGMBdzNPkYIHlsT/Wj+QVwy81k+0VQ+lnHzNpi
> 50R/NE6mzemXTfUROp93iErT8QZsDLCN2Iwyumhh81miit3+362xNgUDF0t3
> C7URff0gsQi61GLsk8JrUuYxvhaDN3AwIDAQAB\""
>
> ;; AUTHORITY SECTION:
> 1click-email.com.       153782  IN      NS ns41.domaincontrol.com.
> 1click-email.com.       153782  IN      NS ns42.domaincontrol.com.

>
> ;; ADDITIONAL SECTION:
> ns41.domaincontrol.com. 65728   IN      AAAA    2607:f208:206::15
> ns42.domaincontrol.com. 65728   IN      AAAA    2607:f208:302::15

>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Fri Mar 31 17:13:11 BST 2017
> ;; MSG SIZE rcvd: 419
>
>
>
> ... and over at ProtoDave.com his DKIM public key checker checks out with
> 'success' and says the key is okay.
>
>
> Who to believe? Is Exim correct or ProtoDave correct or is there a corner
> case and Exim is being a bit too picky?
>
>
>
> Mike
>
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>




--
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811 <01904%20323811>

Web: www.york.ac.uk/it-services
Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm