Subject: The mailing list for listmasters using Sympa
List archive
- From: Adam Bernstein <address@concealed>
- To: address@concealed
- Subject: [sympa-users] dkim in 6.1.1
- Date: Fri, 10 Dec 2010 15:29:39 -0800
We're excited to start using Sympa's DKIM feature, but having real trouble getting it working. I've set all the necessary parameters in sympa.conf, created the DNS record with the public key, etc., and I can get it to sign messages. But the signatures are apparently not valid; sending them to a DKIM evaluation autoresponder like address@concealed results in a response saying:
This is the overall result of the message verification:
fail (message has been altered)
I've tested replicating my DKIM setup (keys and DNS record) on another server and sending signed messages directly to the autoresponder, and then it all works fine. So something on our Sympa system is somehow modifying the message, *after* it's sent to DKIM for signing, which I don't understand because the DKIM signing is literally the line before the SMTP handoff in bulk.pl.
I've also tried reducing the number of headers that are signed, and editing tools.pm to relax the whitespace sensitivity (literally, changing the "relaxed" setting to "relaxed/relaxed", so it applies to both headers and body). But still no success. I get signed messages, but the signature is not valid.
Here's the sympa.conf setup:
dkim_feature on
dkim_add_signature_to robot
dkim_header_list from
dkim_selector npogroups
dkim_signer_domain npogroups.org
dkim_private_key_path /usr/local/etc/certs/dkim-private.key
And my certs look like:
npogroups# ls -l /usr/local/etc/certs/
-rw------- 1 sympa sympa 887 Dec 9 17:15 dkim-private.key
-rw-r--r-- 1 sympa sympa 272 Dec 9 17:16 dkim-public.key
And my public key in the npogroups.org DNS:
npogroups._domainkey IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgmyvwYDwrhkxkbidHwrJfGj24I76THWMGt+Z7jTN7vaH4IeeJw6hv
p2Sp3q5/6YbGvlkbzutrMfhOxU6lD5CLyv2BgOr6C6WQCLKjWCPCieNF4OPs2lrc8jd+zChPxNQSVd5zWOTyTWXQDH8d9D1MoyoO2Kn4oV+MO3FmTv9oTwIDAQAB; t=y;"
Thanks, Sympa folks or anyone else, for any help at all!
adam
-
[sympa-users] dkim in 6.1.1,
Adam Bernstein, 12/10/2010
-
Re: [sympa-users] dkim in 6.1.1,
micah anderson, 12/12/2010
- Re: [sympa-users] dkim in 6.1.1, Serge Aumont, 12/13/2010
-
Re: [sympa-users] dkim in 6.1.1,
Adam Bernstein, 12/13/2010
-
Re: [sympa-users] dkim in 6.1.1,
micah anderson, 12/14/2010
-
Re: [sympa-users] dkim in 6.1.1,
Adam Bernstein, 12/14/2010
-
Re: [sympa-users] dkim in 6.1.1,
Adam Bernstein, 12/14/2010
-
Re: [sympa-users] dkim in 6.1.1,
Rolf E. Sonneveld, 12/14/2010
- Re: [sympa-users] dkim in 6.1.1, Adam Bernstein, 12/16/2010
-
Re: [sympa-users] dkim in 6.1.1,
Rolf E. Sonneveld, 12/14/2010
-
Re: [sympa-users] dkim in 6.1.1,
micah anderson, 12/18/2010
- Re: [sympa-users] dkim in 6.1.1, Jose-Marcio Martins da Cruz, 12/18/2010
-
Re: [sympa-users] dkim in 6.1.1,
Adam Bernstein, 12/14/2010
-
Re: [sympa-users] dkim in 6.1.1,
Adam Bernstein, 12/14/2010
-
Re: [sympa-users] dkim in 6.1.1,
micah anderson, 12/14/2010
-
Re: [sympa-users] dkim in 6.1.1,
micah anderson, 12/12/2010
Archive powered by MHonArc 2.6.19+.