Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

problem with Domainkey signing

Hi,

Im actually testing signing outgoing mails with domainkeys, but have some trouble.
I configured the DKIM features like in the E-learning module described.
I also inserted the RSA key in TXT section of the DNS-server.

If I send a mail to yahoo, it is recognized as SPAM and seems to have no valid DKIM signature.

here you see a part of the Ironport mail-log:


...
Dec 17 09:56:20 antispam-iat mail_logs: Info: MID 32848 DomainKeys: cannot sign - no profile matches akr@iat-db-group.com
Dec 17 09:56:20 antispam-iat mail_logs: Info: MID 32848 DKIM: signing with MyProfile1 - matches akr@iat-db-group.com
...



Where is the fault ?

3 REPLIES
Cisco Employee

Re: problem with Domainkey signing

Make sure in your testing emails that you are including an actual header.

If this is not present, you can experience the error you see in your mail logs.

Here are two portions of example telnet sessions showing this in action. The first session produces an error because the header is missing.


mail from:

250 sender ok

rcpt to:

250 recipient ok

data

354 go ahead

<<<<<<<< Pay attention to this line Yes it's blank

Subject: DKIM test from ironport


This produces the error you experienced.


The following snippet shows a successful test.



250 SIZE 104857600

mail from:

250 sender ok

rcpt to:

250 recipient ok

data

354 go ahead

From: <<<

To: <<<

Subject: DKIM test from ironport

Community Member

Re: problem with Domainkey signing

Thank you for help.
Unfortunately this seems not to be the problem:

Here you see the full header (I only removed the valid recipient addresses)


Return-Path:
X-Flags: 1001
Delivered-To: GMX delivery to
Received: (qmail invoked by alias); 18 Dec 2008 09:06:29 -0000
Received: from unknown (EHLO ftp-iat.db-group.com) [81.200.192.123]
by mx0.gmx.net (mx118) with SMTP; 18 Dec 2008 10:06:29 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=iat-db-group.com; i=akr@iat-db-group.com; q=dns/txt;
s=ftp-iat; t=1229591189; x=1261127189;
h=from:sender:reply-to:subject:date:message-id:to:cc:
mime-version:content-transfer-encoding:content-id:
content-description:resent-date:resent-from:resent-sender:
resent-to:resent-cc:resent-message-id:in-reply-to:
references:list-id:list-help:list-unsubscribe:
list-subscribe:list-post:list-owner:list-archive;
z=From:=20Andreas=20Krueger=20
|Subject:=20Test=20DKIM=2010:06|Date:=20Thu,=2018=20Dec
=202008=2010:06:17=20+0100|Message-ID:=20<494A1289>|To:(mailrecipient removed)|MIME-Version:=201.0
|Content-Transfer-Encoding:=207bit;
bh=EImuXQZy1fsECdtGrNj/rn29QSL9Y57SZDtMOtk9Ei4=;
b=bU7Fbf7cG39yN+EFmvkZ42Puxe/FSXAnCBOFtPCHKkpBeIvE5R6JaNN9
b209Oey92laEQVVxPGXNyw4ud4Hg6a6yZJHGg+b4MeuJvkID/ctNvFjp4
aTsYUZSHyeYVjWD;
X-IronPort-AV: E=Sophos;i="4.36,242,1228086000";
d="scan'208";a="32869"
Received: from unknown (HELO pirna.unix.db.de) ([172.21.167.139])
by antispam-iat.smtp.db.de with ESMTP; 18 Dec 2008 10:06:17 +0100
Received: from [127.0.0.1] (172.16.39.149) by pirna.unix.db.de (7.3.121)
id 48FCA09900000085; Thu, 18 Dec 2008 10:06:17 +0100
Message-ID: <494A1289>
Date: Thu, 18 Dec 2008 10:06:17 +0100
From: Andreas Krueger
User-Agent: Thunderbird 2.0.0.18 (Windows/20081105)
MIME-Version: 1.0
To:
Subject: Test DKIM 10:06
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
X-GMX-Antivirus: 0 (no virus found)
X-GMX-Antispam: 0 (Mail was not recognized as spam)
X-GMX-UID: pSV4eEgCIyd0vZWAKWdrzf9aa2FkZpX9

Community Member

Re: problem with Domainkey signing

Sorry !

I found the problem.
I added a valid DKIM profile, but no Domainkeys profile :oops:
I added a Domainkeys profile with the same key and it works :D
thanks for your help !

1134
Views
0
Helpful
3
Replies
CreatePlease to create content