I've upgraded to 0.10.20 and I noticed the removal of underscore in the DKIM selector.
I know it's old but I've been using dkim-filter perfectly for 6 years, I don't know if it's coincidence but after the upgrade Google and Outook give a:
See that the tag s=dkim_1 still has the underscore in it.. I suspect the error comes from this.. Could it be that there is a cache on Google and Outlook servers?
I tested the record with "dig" and it seems to be fine.
I also manually deleted the dkim keys from /etc/postfix/dkim and run /usr/bin/php /var/www/froxlor/scripts/froxlor_master_cronjob.php --force --debug to regenerate all the files which it did.
And I did also send an email to auth-results@verifier.port25.com and the result is still showing the underscore on DKIM selector:
DKIM check details:
----------------------------------------------------------
Result: permerror (syntax error in s= tag: Error in "dkim_1": invalid character U+005F ('_') in domain label)
ID(s) verified:
DNS record(s):
NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.
The TXT record is due to 43200 seconds (7 hours) so maybe I have to wait those hours for all the servers to replicate the dkim selector change?
Question
llucps
Hi,
I've upgraded to 0.10.20 and I noticed the removal of underscore in the DKIM selector.
I know it's old but I've been using dkim-filter perfectly for 6 years, I don't know if it's coincidence but after the upgrade Google and Outook give a:
Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@xxxxxxxx.com header.s=dkim_1 header.b=gJgMgR3B; DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=xxxxxxx.com; s=dkim_1; t=1596958620; bh=OcFrXmsxPwiq9nLiqWOthXQmkOsI8oRkgTPZrapwNcQ=; h=To:From:Subject:Message-ID:Date:MIME-Version:Content-Type: Content-Transfer-Encoding; b=i6AsOFO6zo8/9OX4mnKexsYMhCkmmD6kwZKOGlCv841/2/6GnifTBNwb0G22llbj8 l4A55phHEFtxWpxqTeremRJRe0pDB8cFwRZ0gc7LWCH5+wJm+1wiK6IA1pMgMF6uVk WOUqByJPsLB0GFVxwAPr/G1Ri+0HtmdhG8lPtTT8=
See that the tag s=dkim_1 still has the underscore in it.. I suspect the error comes from this.. Could it be that there is a cache on Google and Outlook servers?
I tested the record with "dig" and it seems to be fine.
dig dkim1._domainkey.xxxxxxxx.com IN TXT ; <<>> DiG 9.10.6 <<>> dkim1._domainkey.xxxxxxxx.com IN TXT ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47910 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;dkim1._domainkey.xxxxxxxxx.com. IN TXT ;; ANSWER SECTION: dkim1._domainkey.xxxxxxxxx.com. 41008 IN TXT "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNM1lxpivQagMjp2KAk0wVUw+OeXFKYyzZ1qbTCUQbvWsFmKPasIOq6dK7F+BMYihelr+T4FP5/GFzwcYEZbA9GxOjpW87iVF7qXgOiYndEpu7ELz9sCrx4AQaXwdGMn/4sAIvTtK6hzqehgulWlTAw59grv4WBOx76ss/m0Ui/wIDAQAB;t=s"
I also manually deleted the dkim keys from /etc/postfix/dkim and run /usr/bin/php /var/www/froxlor/scripts/froxlor_master_cronjob.php --force --debug to regenerate all the files which it did.
And I did also send an email to auth-results@verifier.port25.com and the result is still showing the underscore on DKIM selector:
DKIM check details: ---------------------------------------------------------- Result: permerror (syntax error in s= tag: Error in "dkim_1": invalid character U+005F ('_') in domain label) ID(s) verified: DNS record(s): NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions. If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM.
The TXT record is due to 43200 seconds (7 hours) so maybe I have to wait those hours for all the servers to replicate the dkim selector change?
Any idea where else could i look?
Thanks!
10 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now