Re: [Ietf-dkim] Looking for a little help testing DKIM failure reports, thank you.
Laura Atkins <laura@wordtothewise.com> Tue, 18 December 2018 10:02 UTC
Return-Path: <laura@wordtothewise.com>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 182A2130E66 for <ietf-dkim@ietfa.amsl.com>; Tue, 18 Dec 2018 02:02:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.367
X-Spam-Level:
X-Spam-Status: No, score=-0.367 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_MIME_MALF=0.01, URIBL_BLOCKED=0.001, URI_HEX=1.122, URI_NOVOWEL=0.5] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=wordtothewise.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id spMfgUbm4qsR for <ietf-dkim@ietfa.amsl.com>; Tue, 18 Dec 2018 02:02:40 -0800 (PST)
Received: from mail.wordtothewise.com (pazu.wordtothewise.com [104.225.223.158]) by ietfa.amsl.com (Postfix) with ESMTP id BFBE8130E09 for <ietf-dkim@ietf.org>; Tue, 18 Dec 2018 02:02:39 -0800 (PST)
Received: from [192.168.0.228] (unknown [37.228.229.87]) by mail.wordtothewise.com (Postfix) with ESMTPSA id 8E11FA0866; Tue, 18 Dec 2018 02:02:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wordtothewise.com; s=aardvark; t=1545127358; bh=tQEOo8Su5G/QtQfJGeHz9CuSZ6yA1GKIH8FSRrB39nk=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From; b=q0WoZAiekKGHQqxDgdQLuDzFNGn1cKO2oOJ5GdCEJvaQVsagFcd5ZeChtaW8CLYuo RJBltdPbCvTwL47km+uavO4a4Ua5VQOXZatJxJIwYGaWiVU9zVot/SzkpQRjt1dJFh Xy7LMT0hfoJ6qXbmn0uuCC8HNYBqnH1PdL+YCdMs=
From: Laura Atkins <laura@wordtothewise.com>
Message-Id: <64B048B6-1355-461E-9E3B-08F5113BEE1E@wordtothewise.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C270F1C7-4E32-47E2-ABAF-645FEDEE8DD9"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Tue, 18 Dec 2018 10:02:34 +0000
In-Reply-To: <BN7PR05MB5859440D9931B79BA6D042CA98BC0@BN7PR05MB5859.namprd05.prod.outlook.com>
Cc: "Murray S. Kucherawy" <superuser@gmail.com>, "ietf-dkim@ietf.org" <ietf-dkim@ietf.org>
To: "Fazzina, Angelo" <angelo.fazzina@uconn.edu>
References: <BN7PR05MB5859247C857BBA67D10324D598BC0@BN7PR05MB5859.namprd05.prod.outlook.com> <CAL0qLwZk8ig5-YHnMuuVfvk0T22_SO31baCCAC0bA1Jy7mmOgg@mail.gmail.com> <BN7PR05MB5859440D9931B79BA6D042CA98BC0@BN7PR05MB5859.namprd05.prod.outlook.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/TiwEvK4bf_EUDRUZai-c2JlRQrM>
Subject: Re: [Ietf-dkim] Looking for a little help testing DKIM failure reports, thank you.
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Dec 2018 10:02:44 -0000
You never published your DKIM key in DNS. https://tools.wordtothewise.com/dkim/check/mta5.uits.uconn.edu;/dkim1 <https://tools.wordtothewise.com/dkim/check/mta5.uits.uconn.edu;/dkim1> So the mail is being signed, but the signature is failing because there’s no public key to use to verify. laura > On 17 Dec 2018, at 18:18, Fazzina, Angelo <angelo.fazzina@uconn.edu> wrote: > > Hi, thank you. > Here are the headers of the test email I sent. > I sent it with Thunderbird through mta5 which signed it, and relayed it to next hop, and it was delivered. > > I think you are saying since I configured the server to both verify and sign emails, it won’t bother verifying an email the server itself signed, so I won’t ever get a report ? I think I read something like that in the RFC’s ? > > > Sounds like my testing method may be flawed. L > > > Received: from BYASPR01MB1.namprd05.prod.outlook.com <http://byaspr01mb1.namprd05.prod.outlook.com/> (2603:10b6:406:80::38) by > BN7PR05MB5859.namprd05.prod.outlook.com <http://bn7pr05mb5859.namprd05.prod.outlook.com/> with HTTPS via > BN7PR06CA0025.NAMPRD06.PROD.OUTLOOK.COM <http://bn7pr06ca0025.namprd06.prod.outlook.com/>; Fri, 14 Dec 2018 20:50:45 +0000 > Received: from CO2PR05CA0064.namprd05.prod.outlook.com <http://co2pr05ca0064.namprd05.prod.outlook.com/> (2603:10b6:102:2::32) > by BYASPR01MB1.namprd05.prod.outlook.com <http://byaspr01mb1.namprd05.prod.outlook.com/> (2603:10b6:a02:ce::33) with > Microsoft SMTP Server (version=TLS1_2, > cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1446.9; Fri, 14 Dec > 2018 20:50:44 +0000 > Received: from SN1NAM01FT045.eop-nam01.prod.protection.outlook.com <http://eop-nam01.prod.protection.outlook.com/> > (2a01:111:f400:7e40::209) by CO2PR05CA0064.outlook.office365.com <http://co2pr05ca0064.outlook.office365.com/> > (2603:10b6:102:2::32) with Microsoft SMTP Server (version=TLS1_2, > cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1446.10 via Frontend > Transport; Fri, 14 Dec 2018 20:50:43 +0000 > Authentication-Results: spf=none (sender IP is 137.99.25.249) > smtp.mailfrom=appmail.uconn.edu <http://appmail.uconn.edu/>; uconn.mail.onmicrosoft.com <http://uconn.mail.onmicrosoft.com/>; dkim=fail > (invalid public key) header.d=mta5.uits.uconn.edu <http://mta5.uits.uconn.edu/>;uconn.mail.onmicrosoft.com <http://uconn.mail.onmicrosoft.com/>; > dmarc=none action=none header.from=appmail.uconn.edu <http://appmail.uconn.edu/>;compauth=pass reason=105 > Received-SPF: None (protection.outlook.com <http://protection.outlook.com/>: appmail.uconn.edu <http://appmail.uconn.edu/> does not > designate permitted sender hosts) > Received: from mta5.uits.uconn.edu <http://mta5.uits.uconn.edu/> (137.99.25.249) by > SN1NAM01FT045.mail.protection.outlook.com <http://sn1nam01ft045.mail.protection.outlook.com/> (10.152.65.226) with Microsoft SMTP > Server id 15.20.1446.11 via Frontend Transport; Fri, 14 Dec 2018 20:50:43 > +0000 > Received: from [137.99.80.129] (angelo.uits.uconn.edu <http://angelo.uits.uconn.edu/> [137.99.80.129]) > by mta5.uits.uconn.edu <http://mta5.uits.uconn.edu/> (Postfix) with ESMTP id 088EA3000A2C > for <angelo.fazzina@uconn.edu <mailto:angelo.fazzina@uconn.edu>>; Fri, 14 Dec 2018 15:50:43 -0500 (EST) > DKIM-Filter: OpenDKIM Filter v2.11.0 mta5.uits.uconn.edu <http://mta5.uits.uconn.edu/> 088EA3000A2C > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mta5.uits.uconn.edu <http://mta5.uits.uconn.edu/>; > s=dkim1; t=1544820643; r=y; > bh=9ZoLOUiYT9ubu7ykLiU305ZLqHeoTNV83po4QgGRepU=; > h=To:From:Subject:Date:From; > b=uPOMfVq7Ilr0/e2GEwEIiRotuX1gacod2Tmk7c1lfcYUpNTUznjUXPyNidTlbhrLA > ylDHc1xE1P/B1NBo0awxBN4Qbwjz8UWUC1vQpQsrenWnhr+Rp46g7KKqWWZ2Sjw0O0 > 0RV2EF9aD1UP5bd7qLtuQHQ9gye5cVCBv6uVdM7g= > To: angelo.fazzina@uconn.edu <mailto:angelo.fazzina@uconn.edu> > From: "Fazzina, Angelo" <alf02013@appmail.uconn.edu <mailto:alf02013@appmail.uconn.edu>> > Subject: broken test number 2 > Message-ID: <68467787-7ba6-71dd-3548-0269e900d274@appmail.uconn.edu <mailto:68467787-7ba6-71dd-3548-0269e900d274@appmail.uconn.edu>> > Date: Fri, 14 Dec 2018 15:50:42 -0500 > User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 > Thunderbird/60.3.3 > MIME-Version: 1.0 > Content-Type: text/plain; charset="utf-8"; format=flowed > Content-Transfer-Encoding: 7bit > Content-Language: en-US > Return-Path: alf02013@appmail.uconn.edu <mailto:alf02013@appmail.uconn.edu> > > -ANGELO FAZZINA > > ITS Service Manager: > Spam and Virus Prevention > Mass Mailing > G Suite/Gmail > > angelo@uconn.edu <mailto:angelo@uconn.edu> > University of Connecticut, ITS, SSG, Server Systems > 860-486-9075 > > From: Murray S. Kucherawy <superuser@gmail.com <mailto:superuser@gmail.com>> > Sent: Monday, December 17, 2018 12:03 PM > To: Fazzina, Angelo <angelo.fazzina@uconn.edu <mailto:angelo.fazzina@uconn.edu>> > Cc: ietf-dkim@ietf.org <mailto:ietf-dkim@ietf.org> > Subject: Re: [Ietf-dkim] Looking for a little help testing DKIM failure reports, thank you. > > DKIM verifiers are not required to generate reports. It's completely optional. Does the place you're sending to advertise somehow that they will be generated? > > On Mon, Dec 17, 2018 at 8:36 AM Fazzina, Angelo <angelo.fazzina@uconn.edu <mailto:angelo.fazzina@uconn.edu>> wrote: > Hi, I am trying to test my TXT records for the ability to report failures. Talking about RFC 6651 > > These are my records > > dkim1._domainkey.mta5.uits.uconn.edu <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdomainkey.mta5.uits.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916294577&sdata=vM9oIARyakkvr%2B0MEePmLHTRA4O2thX57KWW4mgR9cI%3D&reserved=0> text = "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/YIuJIABa9M7Ox5AXs6CP6z26d/i9JDrHW58YU/OzfsEr6yADboIOydCaiiVaNuwtkbx > catzd6/iutxWbAiY51rRAvVdBs2YIoGO6Glzeev66ft8IfMnHgxND438KIsdOjUmJZuglFJUWGzCYDSC1eq/zqDVncFwTxWkKW/qtxQIDAQAB" > > _report._domainkey.mta5.uits.uconn.edu <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdomainkey.mta5.uits.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916304590&sdata=MGqgIykiwGftuN%2BEBOF2PGI73WCTf5zqzWaX4ywI7T4%3D&reserved=0> text = "ra=dkim-errors\; rp=100\; rr=all" > > > Here is a test email sig header > v=1; a=rsa-sha256; c=relaxed/simple; d=mta5.uits.uconn.edu <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmta5.uits.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916304590&sdata=Tnts9TCcl5Ew4iUUBm%2BgarAzWkfEoFiKADMaIh4UI%2Fc%3D&reserved=0>; s=dkim1; t=1544820643; r=y; bh=9ZoLOUiYT9ubu7ykLiU305ZLqHeoTNV83po4QgGRepU=; h=To:From:Subject:Date:From; b=uPOMfVq7Ilr0/e2GEwEIiRotuX1gacod2Tmk7c1lfcYUpNTUznjUXPyNidTlbhrLA ylDHc1xE1P/B1NBo0awxBN4Qbwjz8UWUC1vQpQsrenWnhr+Rp46g7KKqWWZ2Sjw0O0 0RV2EF9aD1UP5bd7qLtuQHQ9gye5cVCBv6uVdM7g= > > Here is a test email result header > spf=none (sender IP is 137.99.25.249) smtp.mailfrom=appmail.uconn.edu <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fappmail.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916314590&sdata=fETLZXDMtAavWtbHlB6CWVCDniKTTLV3nLM8KFgHEVw%3D&reserved=0>;uconn.mail.onmicrosoft.com <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fuconn.mail.onmicrosoft.com&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916314590&sdata=1LzykOrAlxDAmmIkkmYGWS0SaVqdAZ3kZT0VJlhcQQA%3D&reserved=0>; dkim=fail (invalid public key) header.d=mta5.uits.uconn.edu <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmta5.uits.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916324595&sdata=3r180lJRsbT%2F4rvsbeDbOMfhYbsE3%2BJgwIbkYvu5o3Y%3D&reserved=0>;uconn.mail.onmicrosoft.com <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fuconn.mail.onmicrosoft.com&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916324595&sdata=mlL9WGOqI2meDT0NW9nIYUFSD1HKYgswQW286lF5XkY%3D&reserved=0>; dmarc=none action=none header.from=appmail.uconn.edu <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fappmail.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916334604&sdata=CPfOWrDlnuTeyjcfrYfk6xhMmXVzwFIwtdL14Ou9m2Y%3D&reserved=0>;compauth=pass reason=105 > > > So I can simulate a failure, but cannot seem to get a report emailed to dkim-errors@mta5.uits.uconn.edu <mailto:dkim-errors@mta5.uits.uconn.edu> ? > > I made sure account exists on server: > [root@mta5 home]# ls -l /home/|grep dkim > drwx------. 2 dkim-errors dkim-errors 78 Dec 10 16:21 dkim-errors > > > > How often are the failure reports generated ? did not see that mentioned in the RFC’s ? > > Does anyone see anything obvious that I am doing wrong ? > Thank you. > > > -ANGELO FAZZINA > > ITS Service Manager: > Spam and Virus Prevention > Mass Mailing > G Suite/Gmail > > angelo@uconn.edu <mailto:angelo@uconn.edu> > University of Connecticut, ITS, SSG, Server Systems > 860-486-9075 > > _______________________________________________ > Ietf-dkim mailing list > Ietf-dkim@ietf.org <mailto:Ietf-dkim@ietf.org> > https://www.ietf.org/mailman/listinfo/ietf-dkim <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fietf-dkim&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916334604&sdata=oYg%2BrdpATbemNnI6afrabJYGmtuvJJZ6gSAbr%2Bd2Yeo%3D&reserved=0>_______________________________________________ > Ietf-dkim mailing list > Ietf-dkim@ietf.org <mailto:Ietf-dkim@ietf.org> > https://www.ietf.org/mailman/listinfo/ietf-dkim <https://www.ietf.org/mailman/listinfo/ietf-dkim> -- Having an Email Crisis? We can help! 800 823-9674 Laura Atkins Word to the Wise laura@wordtothewise.com (650) 437-0741 Email Delivery Blog: https://wordtothewise.com/blog
- [Ietf-dkim] Looking for a little help testing DKI… Fazzina, Angelo
- Re: [Ietf-dkim] Looking for a little help testing… Murray S. Kucherawy
- Re: [Ietf-dkim] Looking for a little help testing… Fazzina, Angelo
- Re: [Ietf-dkim] Looking for a little help testing… Alessandro Vesely
- Re: [Ietf-dkim] Looking for a little help testing… Laura Atkins
- Re: [Ietf-dkim] Looking for a little help testing… Steve Atkins
- Re: [Ietf-dkim] Looking for a little help testing… Fazzina, Angelo