DKIM failure troubleshooting

Unanswered Question
Feb 5th, 2009
User Badges:

I just created a DKIM content filter looking for HARDFAILs. Am I diagnosing the enclosed headers properly?

It seems like a properly signed gmail message is getting hosed as it makes its way to us via a mailing list processor.


Received-SPF: None identity=mailfrom; client-ip=66.158.92.124;
receiver=ironportpriv.merrimack.edu;
envelope-from="[email protected]";
x-sender="[email protected]";
x-conformance=spf_only
Received-SPF: None identity=helo; client-ip=66.158.92.124;
receiver=ironportpriv.merrimack.edu;
envelope-from="[email protected]";
x-sender="[email protected]";
x-conformance=spf_only
Authentication-Results: ironportpriv.merrimack.edu; dkim=hardfail (body hash did not verify [final]) [email protected]
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AqgBAHvzhklCnlx8kWdsb2JhbACCQTCQFWE/AQEBAQkLCgcRBapRMAEJhECIQgEDAQECgl6BMwaDbg
X-IronPort-AV: E=Sophos;i="4.37,367,1231131600";
d="scan'208";a="3535121"
Received: from ala3.ala.org ([66.158.92.124])
by ironportpriv.merrimack.edu with SMTP; 02 Feb 2009 16:24:49 -0500
Received: by ala3.ala.org (Postfix, from userid 1001)
id 7A5931707FC; Mon, 2 Feb 2009 15:24:44 -0600 (CST)
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from ala1.ala.org (ala1.ala.org [66.158.92.66])
by ala3.ala.org (Postfix) with ESMTP id AF284170792
for <ili>; Mon, 2 Feb 2009 11:39:39 -0600 (CST)
Received: from [64.233.170.185] (helo=rn-out-0910.google.com)
by ala1.ala.org with esmtp (Exim 4.62)
(envelope-from <helentlane>)
id 1LU2kl-00086f-GP
for [email protected]; Mon, 02 Feb 2009 11:38:35 -0600
Received: by rn-out-0910.google.com with SMTP id j78so1032268rne.2
for <ili>; Mon, 02 Feb 2009 09:39:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:sender:received:in-reply-to
:references:date:x-google-sender-auth:message-id:subject:from:to
:content-type;
bh=QRuwHgIym/O/SFaD3vvderJkAVRuw/ZUX+YA5U9k37g=;
b=r/iGkvdwzlqvEZw/h6vd3iFAcpRk+k/GX9KRL8jklHyn+TK9aNk8d2BX2JREbxD5yy
1ndFgzC2/GjqmqtDY7IO/Nc59POuhYJtdy9Dxg7v1d6vXLBmd9L5gs9J++px56f7MRlt
QIEEt0ntbwIBWmpLIdoeN2PSAlaSJS/cYMPck=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=mime-version:sender:in-reply-to:references:date
:x-google-sender-auth:message-id:subject:from:to:content-type;
b=FhC/9Zt3s4tqL5iwSDzXvdJV9dWk5PDBCu0T0oxlxctU7LpbxxzjQC1O1z3Y9Cki/q
tPpu+Jgu/HcRWaFsrndN9o1D4BkF4FBnGwxe3YyYUj4Oqx9y9kYqA0CIIwSeYSP5IWpD
GNuazuyAiiMXw+QkdL61/TUrVNKVCA/ZMMsT8=
MIME-Version: 1.0
Sender: [email protected]
Received: by 10.100.255.9 with SMTP id c9mr212792ani.135.1233596378783; Mon,
02 Feb 2009 09:39:38 -0800 (PST)
In-Reply-To: <7g9s4t>
References: <49836CE0>
<7g9s4t>
Date: Mon, 2 Feb 2009 12:39:38 -0500
X-Google-Sender-Auth: 50851bf88f75c0d0
Message-ID: <119de7590902020939n21a822e2xbf3dc3f8e99fa38>
From: Helen Lane <htl2108>
To: [email protected]
Content-Type: multipart/alternative; boundary=0016368e1e5cf421520461f309ef
Subject: [ili-l] Re: RE: recommended web directories?
Reply-To: [email protected]
X-Loop: [email protected]
X-Sequence: 7162
Errors-to: [email protected]
Precedence: list
X-no-archive: yes
List-Id: <ili>
List-Help: <mailto>
List-Subscribe: <mailto>
List-Unsubscribe: <mailto>
List-Post: <mailto>
List-Owner: <mailto>
List-Archive: <http>

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Douglas Hardison Fri, 02/06/2009 - 13:56
User Badges:
  • Cisco Employee,

Hi,

If the headers of the message changed at all between the gmail server, and the IronPort, then the DKIM hash will be incorrect, and it will fail.

You mentioned a mailing list server, and I can see the list headers in your sample. I assume these were added "in between" gmail and the IronPort, thus causing the DKIM hash to be incorrect.

-whardison

Actions

This Discussion