cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3982
Views
0
Helpful
3
Replies

problem with Domainkey signing

Andreas Krueger
Level 1
Level 1

Hi,

Im actually testing signing outgoing mails with domainkeys, but have some trouble.
I configured the DKIM features like in the E-learning module described.
I also inserted the RSA key in TXT section of the DNS-server.

If I send a mail to yahoo, it is recognized as SPAM and seems to have no valid DKIM signature.

here you see a part of the Ironport mail-log:


...
Dec 17 09:56:20 antispam-iat mail_logs: Info: MID 32848 DomainKeys: cannot sign - no profile matches akr@iat-db-group.com
Dec 17 09:56:20 antispam-iat mail_logs: Info: MID 32848 DKIM: signing with MyProfile1 - matches akr@iat-db-group.com
...



Where is the fault ?

3 Replies 3

Douglas Hardison
Cisco Employee
Cisco Employee

Make sure in your testing emails that you are including an actual header.

If this is not present, you can experience the error you see in your mail logs.

Here are two portions of example telnet sessions showing this in action. The first session produces an error because the header is missing.


mail from:

250 sender ok

rcpt to:

250 recipient ok

data

354 go ahead

<<<<<<<< Pay attention to this line Yes it's blank

Subject: DKIM test from ironport


This produces the error you experienced.


The following snippet shows a successful test.



250 SIZE 104857600

mail from:

250 sender ok

rcpt to:

250 recipient ok

data

354 go ahead

From: <<<

To: <<<

Subject: DKIM test from ironport

Andreas Krueger
Level 1
Level 1

Thank you for help.
Unfortunately this seems not to be the problem:

Here you see the full header (I only removed the valid recipient addresses)


Return-Path:
X-Flags: 1001
Delivered-To: GMX delivery to
Received: (qmail invoked by alias); 18 Dec 2008 09:06:29 -0000
Received: from unknown (EHLO ftp-iat.db-group.com) [81.200.192.123]
by mx0.gmx.net (mx118) with SMTP; 18 Dec 2008 10:06:29 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=iat-db-group.com; i=akr@iat-db-group.com; q=dns/txt;
s=ftp-iat; t=1229591189; x=1261127189;
h=from:sender:reply-to:subject:date:message-id:to:cc:
mime-version:content-transfer-encoding:content-id:
content-description:resent-date:resent-from:resent-sender:
resent-to:resent-cc:resent-message-id:in-reply-to:
references:list-id:list-help:list-unsubscribe:
list-subscribe:list-post:list-owner:list-archive;
z=From:=20Andreas=20Krueger=20
|Subject:=20Test=20DKIM=2010:06|Date:=20Thu,=2018=20Dec
=202008=2010:06:17=20+0100|Message-ID:=20<494A1289>|To:(mailrecipient removed)|MIME-Version:=201.0
|Content-Transfer-Encoding:=207bit;
bh=EImuXQZy1fsECdtGrNj/rn29QSL9Y57SZDtMOtk9Ei4=;
b=bU7Fbf7cG39yN+EFmvkZ42Puxe/FSXAnCBOFtPCHKkpBeIvE5R6JaNN9
b209Oey92laEQVVxPGXNyw4ud4Hg6a6yZJHGg+b4MeuJvkID/ctNvFjp4
aTsYUZSHyeYVjWD;
X-IronPort-AV: E=Sophos;i="4.36,242,1228086000";
d="scan'208";a="32869"
Received: from unknown (HELO pirna.unix.db.de) ([172.21.167.139])
by antispam-iat.smtp.db.de with ESMTP; 18 Dec 2008 10:06:17 +0100
Received: from [127.0.0.1] (172.16.39.149) by pirna.unix.db.de (7.3.121)
id 48FCA09900000085; Thu, 18 Dec 2008 10:06:17 +0100
Message-ID: <494A1289>
Date: Thu, 18 Dec 2008 10:06:17 +0100
From: Andreas Krueger
User-Agent: Thunderbird 2.0.0.18 (Windows/20081105)
MIME-Version: 1.0
To:
Subject: Test DKIM 10:06
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
X-GMX-Antivirus: 0 (no virus found)
X-GMX-Antispam: 0 (Mail was not recognized as spam)
X-GMX-UID: pSV4eEgCIyd0vZWAKWdrzf9aa2FkZpX9

Andreas Krueger
Level 1
Level 1

Sorry !

I found the problem.
I added a valid DKIM profile, but no Domainkeys profile :oops:
I added a Domainkeys profile with the same key and it works :D
thanks for your help !

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: