james-server-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jerry Malcolm <techst...@malcolms.com>
Subject Re: jDKIM Signature is invalid
Date Tue, 28 Oct 2014 17:37:56 GMT
Robert,

Thank you so much for all of your help on both of these issues.  You 
have been a lifesaver for me.  I just got a 10/10 score on 
mail-tester.com (hooray, finally!).  I couldn't have done this without you.

BTW.... re the public key in my DNS.... I regenerated the keys a few 
times desperately trying to figure out how to get it working.  One 
generator assigned its own selector.  So the DNS key had a different 
selector than the one I had in my earlier post.  It's all working now.

Thanks again.

Jerry


On 10/28/2014 3:16 AM, Robert Munn wrote:
> I checked your DNS, looks like you removed your DKIM record.
>
> Also, mxtoolbox.com says your SPF record type is deprecated.
>
> I just got jDKIM working on my domain. Looks like another tutorial in the works. It took
a little investigation, but mail-tester.com is happy now. Here is how you fix your broken
sig problem.
>
>   <mailet match="All" class="org.apache.james.jdkim.mailets.ConvertTo7Bit"/>
>
>         <mailet match="All" class="org.apache.james.jdkim.mailets.DKIMSign">
>           <signatureTemplate>v=1; s=201410281226.pm; d=legacyavatar.com; c=relaxed/relaxed;
h=Message-ID:Date:Subject:From:To:MIME-Version:Content-Type; a=rsa-sha256; bh=; b=;</signatureTemplate>
>
> Note my changes to h= and addition of c= in my sig template. I hit the same error you
hit before I made these changes, based on this article:
>
> http://www.gettingemaildelivered.com/dkim-explained-how-to-set-up-and-use-domainkeys-identified-mail-effectively
>
> Make sure these mailers are just before the RemoteDelivery mailet. Looks like you probably
had that right already.
>
>
> Thanks for making me aware of the sender issue and motivating me to add DKIM.
>
>
>
>
> On Oct 27, 2014, at 3:30 PM, Jerry Malcolm <techstuff@malcolms.com> wrote:
>
>
>> With the HELO problem finally resolved and behind me, I'm on to the next issue that
mail-tester.com is yelling at me about.  It say my DKIM signature is invalid.  I have tried
replacing the public/private keys in my DNS and in the mailet config.  I've tried different
syntax options for the DNS record, etc.  Still nothing. Normally, I would assume that it's
something I'm doing wrong.  But after the HELO problem, I first want to verify that others
are indeed using jDKIM with James 3 b5 successfully.  (BTW... I said last night in a post
that I'm on b4.... incorrect... i'm on b5).
>>
>> My dns server is ISC BIND.  I'm assuming that could make a difference with defining
the dkim public key in the dns record.
>>
>> Is anyone using this successfully?
>>
>> Here's the latest report I get from mail-tester.com:
>>
>> ====================================
>>
>> The DKIM signature of your message is:
>>
>> 	v=1;
>> 	d=jwmhosting.com;
>> 	b=ST3jn85HmyWjjPoIxojUKGMMCvtFzlrgqJiVwZ/bd5bzZuVWK/gviYIBXHFuc1iTZ/0NHdGW0TgRk9E7tRsXXPYM4yOP9zna7WTDC20VrsBu/LQbyktpsINAbRDzJbaNmSGjcLlAUODnaFLJPpwktpNkJu4EbFtKyYT3Exb4mfs=;
>> 	s=primary;
>> 	a=rsa-sha256;
>> 	bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
>> 	h=from:to:received:received;
>> 	
>>
>> Your public key is:
>>
>> "k=rsa;
>> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfRF6NEFFahhyOSiy+ufRU6PMvUVzP31wJ16zNaLKG8ipL1S8rIDr7ZjkGiUdwqZ6BjNTddbmcH4AxTupNhANyXvJs+MxyJbMN3mkYHYn1evJGVqT85DrM7XrYMSVPK3Y4dfY4vhokQwATv+BwrW7K8QuwrDgvu8JdxM0muS/7lQIDAQAB"
>>
>> Key length: 1024bits
>>
>> Your DKIM signature is not valid
>>
>> ==================================
>>
>> from my mailet config file:
>>
>> <mailet match="All" class="org.apache.james.jdkim.mailets.ConvertTo7Bit"/>
>>
>> <mailet match="All" class="org.apach1e.james.jdkim.mailets.DKIMSign">
>>     <signatureTemplate>v=1; s=primary; d=jwmhosting.com; h=from:to:received:received;
a=rsa-sha256; bh=; b=;</signatureTemplate>
>>
>>     <privateKey>
>>         -----BEGIN RSA PRIVATE KEY-----
>> MIICXgIBAAKBgQDfRF6NEFFahhyOSiy+ufRU6PMvUVzP31wJ16zNaLKG8ipL1S8r
>> IDr7ZjkGiUdwqZ6BjNTddbmcH4AxTupNhANyXvJs+MxyJbMN3mkYHYn1evJGVqT8
>>         .......etc
>>         .......etc
>> ASnFebXvbrI3MQzrvgz3AkEAs1Tn0TfzsKmri6zrqJak1EDojHPdbPAjEFCpunt4
>>         +dRCWhtnwEGZ1REeEBiQsk9CM24VNknO0uJOKF3ZYb3lFA==
>>         -----END RSA PRIVATE KEY-----
>>     </privateKey>
>>   </mailet>
>>
>>
>> Help??
>>
>> Thx again.
>>
>> Jerry
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
>> For additional commands, e-mail: server-user-help@james.apache.org
>>
>
>
>
> -----
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 2015.0.5315 / Virus Database: 4189/8469 - Release Date: 10/28/14
>


---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org


Mime
View raw message