Jump to content
Froxlor Forum
  • 0

Underscore in DKIM Selector Froxlor 0.10.20


Question

Hi,

I've upgraded to 0.10.20 and I noticed the removal of underscore in the DKIM selector.

I know it's old but I've been using dkim-filter perfectly for 6 years, I don't know if it's coincidence but after the upgrade Google and Outook give a:

Authentication-Results: mx.google.com;
    dkim=temperror (no key for signature) header.i=@xxxxxxxx.com header.s=dkim_1 header.b=gJgMgR3B;

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=xxxxxxx.com;
	s=dkim_1; t=1596958620;
	bh=OcFrXmsxPwiq9nLiqWOthXQmkOsI8oRkgTPZrapwNcQ=;
	h=To:From:Subject:Message-ID:Date:MIME-Version:Content-Type:
	 Content-Transfer-Encoding;
	b=i6AsOFO6zo8/9OX4mnKexsYMhCkmmD6kwZKOGlCv841/2/6GnifTBNwb0G22llbj8
	 l4A55phHEFtxWpxqTeremRJRe0pDB8cFwRZ0gc7LWCH5+wJm+1wiK6IA1pMgMF6uVk
	 WOUqByJPsLB0GFVxwAPr/G1Ri+0HtmdhG8lPtTT8=

See that the tag s=dkim_1 still has the underscore in it.. I suspect the error comes from this.. Could it be that there is a cache on Google and Outlook servers?

I tested the record with "dig" and it seems to be fine.

dig dkim1._domainkey.xxxxxxxx.com IN TXT

; <<>> DiG 9.10.6 <<>> dkim1._domainkey.xxxxxxxx.com IN TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47910
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;dkim1._domainkey.xxxxxxxxx.com. IN	TXT

;; ANSWER SECTION:
dkim1._domainkey.xxxxxxxxx.com. 41008 IN TXT "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNM1lxpivQagMjp2KAk0wVUw+OeXFKYyzZ1qbTCUQbvWsFmKPasIOq6dK7F+BMYihelr+T4FP5/GFzwcYEZbA9GxOjpW87iVF7qXgOiYndEpu7ELz9sCrx4AQaXwdGMn/4sAIvTtK6hzqehgulWlTAw59grv4WBOx76ss/m0Ui/wIDAQAB;t=s"

I also manually  deleted the dkim keys from /etc/postfix/dkim and run /usr/bin/php /var/www/froxlor/scripts/froxlor_master_cronjob.php --force --debug to regenerate all the files which it did.

And I did also send an  email to auth-results@verifier.port25.com and the result is still showing the underscore on DKIM selector:

DKIM check details:
----------------------------------------------------------
Result:         permerror (syntax error in s= tag: Error in "dkim_1": invalid character U+005F ('_') in domain label)
ID(s) verified: 

DNS record(s):

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions.  If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

The TXT record is due to 43200 seconds (7 hours) so maybe I have to wait those hours for all the servers to replicate the dkim selector change?

Any idea where else could i look?

Thanks!

 

Link to post
Share on other sites

10 answers to this question

Recommended Posts

  • 0

nice, it's a valid entry and the dns records are just fine, so i'd say give it a bit more time, most likely dns-cache stuff

Link to post
Share on other sites
  • 0

Yes.. I'll wait and check again at the end of the day or tomorrow and see if it's a cache problem. I hope it is and it seems so, otherwise I don't know where else to look at. As you see the entry is valid and all looks good :) fingers crossed!

Thanks and I let you know!

 

Link to post
Share on other sites
  • 0

as my server resolves the entry correctly, you might want to send a test-mail to mk@froxlor.support and I can tell you whether it all works fine

Link to post
Share on other sites
  • 0

hm, still sends the wrong identifiert: 

dkim=none (invalid DKIM record) header.d=yourdomain.com header.s=dkim_1 header.b=Us+Rd1Zt;

So the problem seems to be a wrong config, i wasnt aware of the way dkim-filter works (way too old :P never used that anyway), the manpages say:

Quote

[...] The selector used in the signature will be the filename portion of keypath.  If the file referenced by keypath cannot be opened, the filter will try again by appending ".pem" and then ".private" before giving up.

So this means, the following changes to lib/Froxlor/Cron/Dns/DnsBase.php.php are necessary:

diff --git a/lib/Froxlor/Cron/Dns/DnsBase.php b/lib/Froxlor/Cron/Dns/DnsBase.php
index f51ff6bc..820c9df2 100644
--- a/lib/Froxlor/Cron/Dns/DnsBase.php
+++ b/lib/Froxlor/Cron/Dns/DnsBase.php
@@ -195,8 +195,8 @@ abstract class DnsBase
 
                        while ($domain = $result_domains_stmt->fetch(\PDO::FETCH_ASSOC)) {
 
-                               $privkey_filename = \Froxlor\FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim_' . $domain['dkim_id']);
-                               $pubkey_filename = \Froxlor\FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim_' . $domain['dkim_id'] . '.public');
+                               $privkey_filename = \Froxlor\FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim' . $domain['dkim_id']);
+                               $pubkey_filename = \Froxlor\FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim' . $domain['dkim_id'] . '.public');
 
                                if ($domain['dkim_privkey'] == '' || $domain['dkim_pubkey'] == '') {
                                        $max_dkim_id_stmt = Database::query("SELECT MAX(`dkim_id`) as `max_dkim_id` FROM `" . TABLE_PANEL_DOMAINS . "`");

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...