I have just discovered that Exim DKIM appears to fail to parse some DKIM
keys that other systems claim are okay:
19 00:50:18 RCPT: SPF Result2=pass (Partnersresponse.dell.com /
mail04.response.dell.com [142.0.168.187])
19 00:50:19 1hHGnL-0002nj-0r PDKIM: d=dell.com s=dk2016 [failed key import]
19 00:50:19 1hHGnL-0002nj-0r DKIM START:
domain=Partnersresponse.dell.com possible_signer=dell.com status=invalid
(reason=pubkey_dns_syntax)
19 00:50:19 1hHGnL-0002nj-0r no IP address found for host
localhost.localdomain
19 00:50:19 1hHGnL-0002nj-0r DKIM DEFER:
domain=Partnersresponse.dell.com cannot obtain public key
Running Exim 4.92, compiled from source on Devuan Beowulf with GCC8.3
... everything compile clean and works.
We have a strict DKIM policy that is "you sign it - we check and enforce
it", for failed keys ('pub_key_unavailable' and 'failed_key_import') we
defer with a 421 and appropriate message in the hope that the other
party will fix their problem(s).
The problem is that ProtoDave.com says 'Success' when parsing Dell's key:
SELECTOR
Selectors <
http://www.dkim.org/info/dkim-faq.html#technical>enable a
single domain to have multiple keys. Some domains, like Twitter and
eBay, use “*dkim*”. Google Apps domains typically use “*google*”. Others
simply use “*default*”. Enter yours here. (Note: Do not include
“_domainkey”)
DOMAIN
Base Domain Name. (e.g. example.com)
DNS QUERY:dk2016._domainkey.dell.com
QUERY STATUS:Success
TXT RECORD:
"v=DKIM1; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDn7EiK3r/vRRde/oD9XAsACz44UTrt2j+hGKdqQ093/QBbPZS99TKxBkcKeWEnu+TzV+WigS8eD424pZVNP2Y4Ta5qbWdtJa+jtoc9953m7WOkTYMM4/iiDxPzhg2yxWdxu3VvuyiZBLhPXzX54mj8rXaTyXXWry2+CRQqDds9pwIDAQAB\\; t=s"
KEY LENGTH (BITS):1024
VERSION:DKIM1
KEY TYPE:
GRANULARITY:
HASHES:sha256
SERVICE TYPE:
FLAGS:
NOTES:
PUBLIC KEY:
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDn7EiK3r/vRRde/oD9XAsACz44
UTrt2j+hGKdqQ093/QBbPZS99TKxBkcKeWEnu+TzV+WigS8eD424pZVNP2Y4Ta5q
bWdtJa+jtoc9953m7WOkTYMM4/iiDxPzhg2yxWdxu3VvuyiZBLhPXzX54mj8rXaT
yXXWry2+CRQqDds9pwIDAQAB
-----END PUBLIC KEY-----
How to fix?
Mike