PDA

View Full Version : [ubuntu] dkim: permerror (no key)



Calimo
February 4th, 2012, 03:54 PM
Hello,

I am trying to configure my server (xavier.robin.name, Ubuntu Lucid server) to display DKIM signature on outgoing emails. I mostly followed the Postfix/DKIM (https://help.ubuntu.com/community/Postfix/DKIM) tutorial, only with opendkim as suggested.

I generated the key with:


opendkim-genkey -t -d xavier.robin.name I configured my DNS entries as indicated in the txt file generated by opendkim-genkey. This looks good:

dig default._domainkey.xavier.robin.name TXT

; <<>> DiG 9.7.0-P1 <<>> default._domainkey.xavier.robin.name TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32701
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;default._domainkey.xavier.robin.name. IN TXT

;; ANSWER SECTION:
default._domainkey.xavier.robin.name. 99 IN TXT "v=DKIM1\; g=*\; k=rsa\; t=y\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUDupgySMi uaRy5AkPM7nxZP5HCZeuo3cyCnoT3NNO9q7GW5Y3s0Rdg/RfJ3pWyxXcEzFNQHaYOBfT2WWvOLEFwplTpIAGJcAGTrA4mRCY zVRlPWX7jnc7oyaQyJtg8k4/ENgwJIj4a+Sy26D8TE51EqjK7udHCajhPXG/wIQXdwIDAQAB"

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Feb 4 15:39:50 2012
;; MSG SIZE rcvd: 311Outgoing emails display a DKIM-Signature header.
So far so good.

Then I tested with Yahoo (I have an address there). The full header show the following (exerpts):

Authentication-Results: mta1040.mail.ukl.yahoo.com from=xavier.robin.name; domainkeys=neutral (no sig); from=xavier.robin.name; dkim=permerror (no key)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=xavier.robin.name;
s=2012; t=1328365676;
bh=fiTAGUpDznObmwzCvBMRNLWmZE99WP9P6r1B4CGOnLQ=;
h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
Content-Transfer-Encoding;
b=uR1vguKlqRxSrwxdqrfQyQnOVCdBNm1Xi8q0D8m43oEXF1td ISJHn3c3LT5TWgv0E
/yTQYV3xpmNcbOmmDhl8b0mUBkLaFwrY5hq5CuSWGasRPi5L/TdfICp9caSF+EaZU/
gD4i9MPvY0EaLzNTyyeALe6JtscmP/G1/38IqbXU=

I have this "dkim=permerror (no key)" error.

I read over the Internet that this error appears when the DNS record isn't set up. However I checked above that it is...
I guess something is wrong in my DNS config, but what?

All ideas are welcome ;)

Calimo

Calimo
February 16th, 2012, 10:41 AM
I finally solved the problem. I had defined the selector as 2012 in opendkim.conf. However the DNS record was default._domainkey. Changing it to 2012._domainkey solves the issue.

Now I get
dkim=neutral (no sig)I don't really understand why either.

Calimo
February 16th, 2012, 01:37 PM
I removed t=y; in the DNS entry. And now:
dkim=pass (ok):D