[exim] Exim 4.90 + DKIM patch [bug]

Top Page
Delete this message
Reply to this message
Author: Torsten Tributh
Date:  
To: Exim-users
Subject: [exim] Exim 4.90 + DKIM patch [bug]
Hi,
I use actually Exim 4.90 with DKIM patch.
It is a good idea to check for v=DKIM1 in the TXT record, but it has now
also some disadvantages.

For domains where they have several TXT records in place it is good to
match for v=DKIM1 to use only the DKIM record, but
to use v=DKIM1 is only RECOMMENDED.

See RFC6376 Chapter 3.6.1

The only REQUIRED tag is p=

Actually the DKIM check is no longer working for example with amazonses.com

from the exim-log:
...DKIM: d=amazonses.com s=shh3fegwg5fppqsuzphvschd53n6ihuv
c=relaxed/simple a=rsa-sha256 b=1024 t=1515931975 [invalid - public key
record (currently?) unavailable]

If you check by hand, you see:

dig TXT +short shh3fegwg5fppqsuzphvschd53n6ihuv._domainkey.amazonses.com

shh3fegwg5fppqsuzphvschd53n6ihuv.dkim.amazonses.com.
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCR1ASUk0rJK0Udcn8ebYV42GH4ktEn+pST7FuNCuiZyjGu6mTxnBiQLTrc/zKVhbkeu2mGrP60kUiAiSOoZaRbJ5qKgLNKAIZwSGePDL0K5rJz5bPCQjruuNCHiz7uYFi55Fye5We5tzqXztHYF2E4gSnpkk32stBiQS2PTkpAMwIDAQAB"

Amazon is only using p= in their DKIM records.
We need an extra matching for that.

Kind regards
    Torsten


--
Torsten