Re: [Ietf-dkim] Looking for a little help testing DKIM failure reports, thank you.

Laura Atkins <laura@wordtothewise.com> Tue, 18 December 2018 10:02 UTC

Return-Path: <laura@wordtothewise.com>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 182A2130E66 for <ietf-dkim@ietfa.amsl.com>; Tue, 18 Dec 2018 02:02:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.367
X-Spam-Level:
X-Spam-Status: No, score=-0.367 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_MIME_MALF=0.01, URIBL_BLOCKED=0.001, URI_HEX=1.122, URI_NOVOWEL=0.5] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=wordtothewise.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id spMfgUbm4qsR for <ietf-dkim@ietfa.amsl.com>; Tue, 18 Dec 2018 02:02:40 -0800 (PST)
Received: from mail.wordtothewise.com (pazu.wordtothewise.com [104.225.223.158]) by ietfa.amsl.com (Postfix) with ESMTP id BFBE8130E09 for <ietf-dkim@ietf.org>; Tue, 18 Dec 2018 02:02:39 -0800 (PST)
Received: from [192.168.0.228] (unknown [37.228.229.87]) by mail.wordtothewise.com (Postfix) with ESMTPSA id 8E11FA0866; Tue, 18 Dec 2018 02:02:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wordtothewise.com; s=aardvark; t=1545127358; bh=tQEOo8Su5G/QtQfJGeHz9CuSZ6yA1GKIH8FSRrB39nk=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From; b=q0WoZAiekKGHQqxDgdQLuDzFNGn1cKO2oOJ5GdCEJvaQVsagFcd5ZeChtaW8CLYuo RJBltdPbCvTwL47km+uavO4a4Ua5VQOXZatJxJIwYGaWiVU9zVot/SzkpQRjt1dJFh Xy7LMT0hfoJ6qXbmn0uuCC8HNYBqnH1PdL+YCdMs=
From: Laura Atkins <laura@wordtothewise.com>
Message-Id: <64B048B6-1355-461E-9E3B-08F5113BEE1E@wordtothewise.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C270F1C7-4E32-47E2-ABAF-645FEDEE8DD9"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Tue, 18 Dec 2018 10:02:34 +0000
In-Reply-To: <BN7PR05MB5859440D9931B79BA6D042CA98BC0@BN7PR05MB5859.namprd05.prod.outlook.com>
Cc: "Murray S. Kucherawy" <superuser@gmail.com>, "ietf-dkim@ietf.org" <ietf-dkim@ietf.org>
To: "Fazzina, Angelo" <angelo.fazzina@uconn.edu>
References: <BN7PR05MB5859247C857BBA67D10324D598BC0@BN7PR05MB5859.namprd05.prod.outlook.com> <CAL0qLwZk8ig5-YHnMuuVfvk0T22_SO31baCCAC0bA1Jy7mmOgg@mail.gmail.com> <BN7PR05MB5859440D9931B79BA6D042CA98BC0@BN7PR05MB5859.namprd05.prod.outlook.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/TiwEvK4bf_EUDRUZai-c2JlRQrM>
Subject: Re: [Ietf-dkim] Looking for a little help testing DKIM failure reports, thank you.
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Dec 2018 10:02:44 -0000

You never published your DKIM key in DNS.

https://tools.wordtothewise.com/dkim/check/mta5.uits.uconn.edu;/dkim1 <https://tools.wordtothewise.com/dkim/check/mta5.uits.uconn.edu;/dkim1>

So the mail is being signed, but the signature is failing because there’s no public key to use to verify. 

laura 


> On 17 Dec 2018, at 18:18, Fazzina, Angelo <angelo.fazzina@uconn.edu>; wrote:
> 
> Hi, thank you.
> Here are the headers of the test email I sent.
> I sent it with Thunderbird through mta5 which signed it, and relayed it to next hop, and it was delivered.
>  
> I think you are saying since I configured the server to both verify and sign emails, it won’t bother verifying an email the server itself signed, so I won’t ever get a report ? I think I read something like that in the RFC’s ?
>  
>  
> Sounds like my testing method may be flawed.  L
>  
>  
> Received: from BYASPR01MB1.namprd05.prod.outlook.com <http://byaspr01mb1.namprd05.prod.outlook.com/> (2603:10b6:406:80::38) by
> BN7PR05MB5859.namprd05.prod.outlook.com <http://bn7pr05mb5859.namprd05.prod.outlook.com/> with HTTPS via
> BN7PR06CA0025.NAMPRD06.PROD.OUTLOOK.COM <http://bn7pr06ca0025.namprd06.prod.outlook.com/>;; Fri, 14 Dec 2018 20:50:45 +0000
> Received: from CO2PR05CA0064.namprd05.prod.outlook.com <http://co2pr05ca0064.namprd05.prod.outlook.com/> (2603:10b6:102:2::32)
> by BYASPR01MB1.namprd05.prod.outlook.com <http://byaspr01mb1.namprd05.prod.outlook.com/> (2603:10b6:a02:ce::33) with
> Microsoft SMTP Server (version=TLS1_2,
> cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1446.9; Fri, 14 Dec
> 2018 20:50:44 +0000
> Received: from SN1NAM01FT045.eop-nam01.prod.protection.outlook.com <http://eop-nam01.prod.protection.outlook.com/>
> (2a01:111:f400:7e40::209) by CO2PR05CA0064.outlook.office365.com <http://co2pr05ca0064.outlook.office365.com/>
> (2603:10b6:102:2::32) with Microsoft SMTP Server (version=TLS1_2,
> cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1446.10 via Frontend
> Transport; Fri, 14 Dec 2018 20:50:43 +0000
> Authentication-Results: spf=none (sender IP is 137.99.25.249)
> smtp.mailfrom=appmail.uconn.edu <http://appmail.uconn.edu/>;; uconn.mail.onmicrosoft.com <http://uconn.mail.onmicrosoft.com/>;; dkim=fail
> (invalid public key) header.d=mta5.uits.uconn.edu <http://mta5.uits.uconn.edu/>;uconn.mail.onmicrosoft.com <http://uconn.mail.onmicrosoft.com/>;;
> dmarc=none action=none header.from=appmail.uconn.edu <http://appmail.uconn.edu/>;compauth=pass reason=105
> Received-SPF: None (protection.outlook.com <http://protection.outlook.com/>;: appmail.uconn.edu <http://appmail.uconn.edu/> does not
> designate permitted sender hosts)
> Received: from mta5.uits.uconn.edu <http://mta5.uits.uconn.edu/> (137.99.25.249) by
> SN1NAM01FT045.mail.protection.outlook.com <http://sn1nam01ft045.mail.protection.outlook.com/> (10.152.65.226) with Microsoft SMTP
> Server id 15.20.1446.11 via Frontend Transport; Fri, 14 Dec 2018 20:50:43
> +0000
> Received: from [137.99.80.129] (angelo.uits.uconn.edu <http://angelo.uits.uconn.edu/> [137.99.80.129])
>                 by mta5.uits.uconn.edu <http://mta5.uits.uconn.edu/> (Postfix) with ESMTP id 088EA3000A2C
>                 for <angelo.fazzina@uconn.edu <mailto:angelo.fazzina@uconn.edu>>; Fri, 14 Dec 2018 15:50:43 -0500 (EST)
> DKIM-Filter: OpenDKIM Filter v2.11.0 mta5.uits.uconn.edu <http://mta5.uits.uconn.edu/> 088EA3000A2C
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mta5.uits.uconn.edu <http://mta5.uits.uconn.edu/>;;
>                 s=dkim1; t=1544820643; r=y;
>                 bh=9ZoLOUiYT9ubu7ykLiU305ZLqHeoTNV83po4QgGRepU=;
>                 h=To:From:Subject:Date:From;
>                 b=uPOMfVq7Ilr0/e2GEwEIiRotuX1gacod2Tmk7c1lfcYUpNTUznjUXPyNidTlbhrLA
>                 ylDHc1xE1P/B1NBo0awxBN4Qbwjz8UWUC1vQpQsrenWnhr+Rp46g7KKqWWZ2Sjw0O0
>                 0RV2EF9aD1UP5bd7qLtuQHQ9gye5cVCBv6uVdM7g=
> To: angelo.fazzina@uconn.edu <mailto:angelo.fazzina@uconn.edu>
> From: "Fazzina, Angelo" <alf02013@appmail.uconn.edu <mailto:alf02013@appmail.uconn.edu>>
> Subject: broken test number 2
> Message-ID: <68467787-7ba6-71dd-3548-0269e900d274@appmail.uconn.edu <mailto:68467787-7ba6-71dd-3548-0269e900d274@appmail.uconn.edu>>
> Date: Fri, 14 Dec 2018 15:50:42 -0500
> User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
> Thunderbird/60.3.3
> MIME-Version: 1.0
> Content-Type: text/plain; charset="utf-8"; format=flowed
> Content-Transfer-Encoding: 7bit
> Content-Language: en-US
> Return-Path: alf02013@appmail.uconn.edu <mailto:alf02013@appmail.uconn.edu>
>  
> -ANGELO FAZZINA
>  
> ITS Service Manager:
> Spam and Virus Prevention
> Mass Mailing
> G Suite/Gmail
>  
> angelo@uconn.edu <mailto:angelo@uconn.edu>
> University of Connecticut,  ITS, SSG, Server Systems
> 860-486-9075
>  
> From: Murray S. Kucherawy <superuser@gmail.com <mailto:superuser@gmail.com>> 
> Sent: Monday, December 17, 2018 12:03 PM
> To: Fazzina, Angelo <angelo.fazzina@uconn.edu <mailto:angelo.fazzina@uconn.edu>>
> Cc: ietf-dkim@ietf.org <mailto:ietf-dkim@ietf.org>
> Subject: Re: [Ietf-dkim] Looking for a little help testing DKIM failure reports, thank you.
>  
> DKIM verifiers are not required to generate reports.  It's completely optional.  Does the place you're sending to advertise somehow that they will be generated?
>  
> On Mon, Dec 17, 2018 at 8:36 AM Fazzina, Angelo <angelo.fazzina@uconn.edu <mailto:angelo.fazzina@uconn.edu>> wrote:
> Hi, I am trying to test my TXT records for the ability to report failures. Talking about RFC 6651
>  
> These are my records
>  
> dkim1._domainkey.mta5.uits.uconn.edu <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdomainkey.mta5.uits.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916294577&sdata=vM9oIARyakkvr%2B0MEePmLHTRA4O2thX57KWW4mgR9cI%3D&reserved=0>    text = "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/YIuJIABa9M7Ox5AXs6CP6z26d/i9JDrHW58YU/OzfsEr6yADboIOydCaiiVaNuwtkbx
> catzd6/iutxWbAiY51rRAvVdBs2YIoGO6Glzeev66ft8IfMnHgxND438KIsdOjUmJZuglFJUWGzCYDSC1eq/zqDVncFwTxWkKW/qtxQIDAQAB"
>  
> _report._domainkey.mta5.uits.uconn.edu <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdomainkey.mta5.uits.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916304590&sdata=MGqgIykiwGftuN%2BEBOF2PGI73WCTf5zqzWaX4ywI7T4%3D&reserved=0>  text = "ra=dkim-errors\; rp=100\; rr=all"
>  
>  
> Here is a test email sig header
> v=1; a=rsa-sha256; c=relaxed/simple; d=mta5.uits.uconn.edu <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmta5.uits.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916304590&sdata=Tnts9TCcl5Ew4iUUBm%2BgarAzWkfEoFiKADMaIh4UI%2Fc%3D&reserved=0>;; s=dkim1; t=1544820643; r=y; bh=9ZoLOUiYT9ubu7ykLiU305ZLqHeoTNV83po4QgGRepU=; h=To:From:Subject:Date:From; b=uPOMfVq7Ilr0/e2GEwEIiRotuX1gacod2Tmk7c1lfcYUpNTUznjUXPyNidTlbhrLA ylDHc1xE1P/B1NBo0awxBN4Qbwjz8UWUC1vQpQsrenWnhr+Rp46g7KKqWWZ2Sjw0O0 0RV2EF9aD1UP5bd7qLtuQHQ9gye5cVCBv6uVdM7g=
>  
> Here is a test email result header
> spf=none (sender IP is 137.99.25.249) smtp.mailfrom=appmail.uconn.edu <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fappmail.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916314590&sdata=fETLZXDMtAavWtbHlB6CWVCDniKTTLV3nLM8KFgHEVw%3D&reserved=0>;uconn.mail.onmicrosoft.com <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fuconn.mail.onmicrosoft.com&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916314590&sdata=1LzykOrAlxDAmmIkkmYGWS0SaVqdAZ3kZT0VJlhcQQA%3D&reserved=0>;; dkim=fail (invalid public key) header.d=mta5.uits.uconn.edu <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmta5.uits.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916324595&sdata=3r180lJRsbT%2F4rvsbeDbOMfhYbsE3%2BJgwIbkYvu5o3Y%3D&reserved=0>;uconn.mail.onmicrosoft.com <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fuconn.mail.onmicrosoft.com&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916324595&sdata=mlL9WGOqI2meDT0NW9nIYUFSD1HKYgswQW286lF5XkY%3D&reserved=0>;; dmarc=none action=none header.from=appmail.uconn.edu <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fappmail.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916334604&sdata=CPfOWrDlnuTeyjcfrYfk6xhMmXVzwFIwtdL14Ou9m2Y%3D&reserved=0>;compauth=pass reason=105
>  
>  
> So I can simulate a failure, but cannot seem to get a report emailed to dkim-errors@mta5.uits.uconn.edu <mailto:dkim-errors@mta5.uits.uconn.edu> ?
>  
> I made sure account exists on server:
> [root@mta5 home]# ls -l /home/|grep dkim
> drwx------. 2 dkim-errors       dkim-errors         78 Dec 10 16:21 dkim-errors
>  
>  
>  
> How often are the failure reports generated ? did not see that mentioned in the RFC’s ?
>  
> Does anyone see anything obvious that I am doing wrong ?
> Thank you.
>  
>  
> -ANGELO FAZZINA
>  
> ITS Service Manager:
> Spam and Virus Prevention
> Mass Mailing
> G Suite/Gmail
>  
> angelo@uconn.edu <mailto:angelo@uconn.edu>
> University of Connecticut,  ITS, SSG, Server Systems
> 860-486-9075
>  
> _______________________________________________
> Ietf-dkim mailing list
> Ietf-dkim@ietf.org <mailto:Ietf-dkim@ietf.org>
> https://www.ietf.org/mailman/listinfo/ietf-dkim <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fietf-dkim&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916334604&sdata=oYg%2BrdpATbemNnI6afrabJYGmtuvJJZ6gSAbr%2Bd2Yeo%3D&reserved=0>_______________________________________________
> Ietf-dkim mailing list
> Ietf-dkim@ietf.org <mailto:Ietf-dkim@ietf.org>
> https://www.ietf.org/mailman/listinfo/ietf-dkim <https://www.ietf.org/mailman/listinfo/ietf-dkim>
-- 
Having an Email Crisis?  We can help! 800 823-9674 

Laura Atkins
Word to the Wise
laura@wordtothewise.com
(650) 437-0741		

Email Delivery Blog: https://wordtothewise.com/blog