[exim] Exim DKIM: exim<->Exim verifies but not on Gmail or O…

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MM 
Jeremy Harris at ->
Delete this message
Reply to this message
Author: Robert Bannocks
Date:  
To: exim-users@exim.org
Subject: [exim] Exim DKIM: exim<->Exim verifies but not on Gmail or Office 365
Hi I have exim configured to sign mail from a domain. It does this and passing through another Exim server that other server verifies the signature,but, Gmail and Office 365 fail it. I am using 2048 bit keys all are well published in the DNS. Port 25 reports that the signature check fails, It finds the keys correctly. This is with exim version 4.90_1 #2 built 14-Mar-2018 08:32:15 from EPEL on Redhat 7.3. The transport config is correctly picking the key from a table and signing the message. Port25 reports as below is there some other config I need to do. I have even cutdown the signed headers to


dkim_sign_headers = From:Date:Subject:Message-ID:Content-Type:MIME-Version


to try and avoid problems with headers being mangled. No amount og googeling solves this.


: 




----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         fail (signature doesn't verify)
ID(s) verified:


Canonicalized Headers:
    message-id:1525368258-test.sh@???'0D''0A'
    date:Thu,'20'3'20'May'20'2018'20'16:15:50'20'+0000'0D''0A'
    subject:DKIM'20'Test'20'4'0D''0A'
    from:r.bannocks@???'0D''0A'
    dkim-signature:v=1;'20'a=rsa-sha256;'20'q=dns/txt;'20'c=relaxed/relaxed;'20'd=naln.ac.uk;'20's=537-1525350337-pub.mailrelay;'20'h=Message-id:Date:subject:From:Content-Type:'20'MIME-Version;'20'bh=pZvvKsjXAM/6uncB9f5zyvKqs9c+J7vZeZgqFM0pduk=;'20'b=;


Canonicalized Body:
    TEST'20'MAIL'0D''0A'
    Subject:'20'DKIM'20'Test'20'4'0D''0A'
    ----'20'Diagnostic'20'----'0D''0A'
    HOST=sllv-mr04.arts.local'0D''0A'
    PORT=smtp'0D''0A'
    RECIPIENT=check-auth@???'0D''0A'
    SENDER=r.bannocks@???'0D''0A'
    SUBJECT=DKIM'20'Test'20'4'0D''0A'
    HOSTNAME=sllv-mr03.arts.local'0D''0A'
    MESSAGEID=1525368258-test.sh@???'0D''0A'



DNS record(s):
    537-1525350337-pub.mailrelay._domainkey.naln.ac.uk. 60 IN TXT "v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmV+yM4c/LE4RWwPhXGBotF7AchoNvWsgiJgxUCIGb7CVWbiQFDw0Qthd5jesidVVR1y9YCndHYJWhipHjVrO/5ks5UlAY8ZGbiPAe21yxIfZ4c90C8Pzbf81DhuJChP7MWjjwJEt8b91GQaEKNGcF5psoIbIudkKfzDtShnOdl/uV43ITZslu3wSKoYFS2P+2a4UyBPYQvkhcI/YWEcqYRBfIz3E8AUT+YEH2QquEyZbnrr11baGalIUT8E0eM/pEvUDroquioJSSlvclINhIYs3w8pski7Qv2zZsfFNcKTEfzaqBXwelwwVnDSpPO+uWvhaWmJqISBl7axBnwbmTQIDAQAB"


Public key used for verification: 537-1525350337-pub.mailrelay._domainkey.naln.ac.uk (2048 bits)

NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions. If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM.


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] UTF 8 From headerRe: [exim] Exim DKIM: exim<->Exim verifies but not on Gmail or Office 365->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)