Re: [Ietf-dkim] Looking for a little help testing DKIM failure reports, thank you.

Steve Atkins <steve@wordtothewise.com> Tue, 18 December 2018 11:25 UTC

Return-Path: <steve@wordtothewise.com>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE9E7131105 for <ietf-dkim@ietfa.amsl.com>; Tue, 18 Dec 2018 03:25:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=wordtothewise.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LIEogV-O1Iyy for <ietf-dkim@ietfa.amsl.com>; Tue, 18 Dec 2018 03:25:24 -0800 (PST)
Received: from mail.wordtothewise.com (pazu.wordtothewise.com [104.225.223.158]) by ietfa.amsl.com (Postfix) with ESMTP id DFB3C1310FE for <ietf-dkim@ietf.org>; Tue, 18 Dec 2018 03:25:23 -0800 (PST)
Received: from [192.168.0.87] (unknown [37.228.229.87]) by mail.wordtothewise.com (Postfix) with ESMTPSA id BB377A0866 for <ietf-dkim@ietf.org>; Tue, 18 Dec 2018 03:25:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wordtothewise.com; s=aardvark; t=1545132323; bh=ZrHgzb73J+IRdi9pZzUnwlMYrk+5+WXvmJd98sonNIk=; h=From:Subject:Date:References:To:In-Reply-To:From; b=QxAY+JbL+XBvk1+eoGnEaD9blP1lmNfu49pXI9HcA8InnhXg2z7MUDA2TMUlwWcLg nGPURicwMa7PNHUL+AjuDwObfMbv0CDQhRtTKniJmo4v3Ae4cvOlZFh7wpg3S/q0Mk 5aHlcSpeI4PPQf6NMfo7OhdHaoWDUN6f+Gms8eps=
From: Steve Atkins <steve@wordtothewise.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.1 \(3445.101.1\))
Date: Tue, 18 Dec 2018 11:25:18 +0000
References: <BN7PR05MB5859247C857BBA67D10324D598BC0@BN7PR05MB5859.namprd05.prod.outlook.com> <CAL0qLwZk8ig5-YHnMuuVfvk0T22_SO31baCCAC0bA1Jy7mmOgg@mail.gmail.com> <BN7PR05MB5859440D9931B79BA6D042CA98BC0@BN7PR05MB5859.namprd05.prod.outlook.com> <64B048B6-1355-461E-9E3B-08F5113BEE1E@wordtothewise.com>
To: "ietf-dkim@ietf.org" <ietf-dkim@ietf.org>
In-Reply-To: <64B048B6-1355-461E-9E3B-08F5113BEE1E@wordtothewise.com>
Message-Id: <5A996937-0F6E-481C-A367-85EE8E42AEB9@wordtothewise.com>
X-Mailer: Apple Mail (2.3445.101.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/unPLo6G1n5G8Y-8GGB0RTRNk_rY>
Subject: Re: [Ietf-dkim] Looking for a little help testing DKIM failure reports, thank you.
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Dec 2018 11:25:29 -0000


> On Dec 18, 2018, at 10:02 AM, Laura Atkins <laura@wordtothewise.com>; wrote:
> 
> You never published your DKIM key in DNS.
> 
> https://tools.wordtothewise.com/dkim/check/mta5.uits.uconn.edu;/dkim1
> 
> So the mail is being signed, but the signature is failing because there’s no public key to use to verify. 

No, it's published. You accidentally copied a semicolon with the hostname.

But it seems to be missing the leading "M" in p= relative to what's listed below now, which seems to be causing my tools to barf on it, and maybe validators too.

Cheers,
  Steve

> 
> laura 
> 
> 
>> On 17 Dec 2018, at 18:18, Fazzina, Angelo <angelo.fazzina@uconn.edu>; wrote:
>> 
>> Hi, thank you.
>> Here are the headers of the test email I sent.
>> I sent it with Thunderbird through mta5 which signed it, and relayed it to next hop, and it was delivered.
>>  
>> I think you are saying since I configured the server to both verify and sign emails, it won’t bother verifying an email the server itself signed, so I won’t ever get a report ? I think I read something like that in the RFC’s ?
>>  
>>  
>> Sounds like my testing method may be flawed.  L
>>  
>>  
>> Received: from BYASPR01MB1.namprd05.prod.outlook.com (2603:10b6:406:80::38) by
>> BN7PR05MB5859.namprd05.prod.outlook.com with HTTPS via
>> BN7PR06CA0025.NAMPRD06.PROD.OUTLOOK.COM; Fri, 14 Dec 2018 20:50:45 +0000
>> Received: from CO2PR05CA0064.namprd05.prod.outlook.com (2603:10b6:102:2::32)
>> by BYASPR01MB1.namprd05.prod.outlook.com (2603:10b6:a02:ce::33) with
>> Microsoft SMTP Server (version=TLS1_2,
>> cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1446.9; Fri, 14 Dec
>> 2018 20:50:44 +0000
>> Received: from SN1NAM01FT045.eop-nam01.prod.protection.outlook.com
>> (2a01:111:f400:7e40::209) by CO2PR05CA0064.outlook.office365.com
>> (2603:10b6:102:2::32) with Microsoft SMTP Server (version=TLS1_2,
>> cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1446.10 via Frontend
>> Transport; Fri, 14 Dec 2018 20:50:43 +0000
>> Authentication-Results: spf=none (sender IP is 137.99.25.249)
>> smtp.mailfrom=appmail.uconn.edu; uconn.mail.onmicrosoft.com; dkim=fail
>> (invalid public key) header.d=mta5.uits.uconn.edu;uconn.mail.onmicrosoft.com;
>> dmarc=none action=none header.from=appmail.uconn.edu;compauth=pass reason=105
>> Received-SPF: None (protection.outlook.com: appmail.uconn.edu does not
>> designate permitted sender hosts)
>> Received: from mta5.uits.uconn.edu (137.99.25.249) by
>> SN1NAM01FT045.mail.protection.outlook.com (10.152.65.226) with Microsoft SMTP
>> Server id 15.20.1446.11 via Frontend Transport; Fri, 14 Dec 2018 20:50:43
>> +0000
>> Received: from [137.99.80.129] (angelo.uits.uconn.edu [137.99.80.129])
>>                 by mta5.uits.uconn.edu (Postfix) with ESMTP id 088EA3000A2C
>>                 for <angelo.fazzina@uconn.edu>;; Fri, 14 Dec 2018 15:50:43 -0500 (EST)
>> DKIM-Filter: OpenDKIM Filter v2.11.0 mta5.uits.uconn.edu 088EA3000A2C
>> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mta5.uits.uconn.edu;
>>                 s=dkim1; t=1544820643; r=y;
>>                 bh=9ZoLOUiYT9ubu7ykLiU305ZLqHeoTNV83po4QgGRepU=;
>>                 h=To:From:Subject:Date:From;
>>                 b=uPOMfVq7Ilr0/e2GEwEIiRotuX1gacod2Tmk7c1lfcYUpNTUznjUXPyNidTlbhrLA
>>                 ylDHc1xE1P/B1NBo0awxBN4Qbwjz8UWUC1vQpQsrenWnhr+Rp46g7KKqWWZ2Sjw0O0
>>                 0RV2EF9aD1UP5bd7qLtuQHQ9gye5cVCBv6uVdM7g=
>> To: angelo.fazzina@uconn.edu
>> From: "Fazzina, Angelo" <alf02013@appmail.uconn.edu>;
>> Subject: broken test number 2
>> Message-ID: <68467787-7ba6-71dd-3548-0269e900d274@appmail.uconn.edu>;
>> Date: Fri, 14 Dec 2018 15:50:42 -0500
>> User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
>> Thunderbird/60.3.3
>> MIME-Version: 1.0
>> Content-Type: text/plain; charset="utf-8"; format=flowed
>> Content-Transfer-Encoding: 7bit
>> Content-Language: en-US
>> Return-Path: alf02013@appmail.uconn.edu
>>  
>> -ANGELO FAZZINA
>>  
>> ITS Service Manager:
>> Spam and Virus Prevention
>> Mass Mailing
>> G Suite/Gmail
>>  
>> angelo@uconn.edu
>> University of Connecticut,  ITS, SSG, Server Systems
>> 860-486-9075
>>  
>> From: Murray S. Kucherawy <superuser@gmail.com>; 
>> Sent: Monday, December 17, 2018 12:03 PM
>> To: Fazzina, Angelo <angelo.fazzina@uconn.edu>;
>> Cc: ietf-dkim@ietf.org
>> Subject: Re: [Ietf-dkim] Looking for a little help testing DKIM failure reports, thank you.
>>  
>> DKIM verifiers are not required to generate reports.  It's completely optional.  Does the place you're sending to advertise somehow that they will be generated?
>>  
>> On Mon, Dec 17, 2018 at 8:36 AM Fazzina, Angelo <angelo.fazzina@uconn.edu>; wrote:
>> Hi, I am trying to test my TXT records for the ability to report failures. Talking about RFC 6651
>>  
>> These are my records
>>  
>> dkim1._domainkey.mta5.uits.uconn.edu    text = "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/YIuJIABa9M7Ox5AXs6CP6z26d/i9JDrHW58YU/OzfsEr6yADboIOydCaiiVaNuwtkbx
>> catzd6/iutxWbAiY51rRAvVdBs2YIoGO6Glzeev66ft8IfMnHgxND438KIsdOjUmJZuglFJUWGzCYDSC1eq/zqDVncFwTxWkKW/qtxQIDAQAB"
>>  
>> _report._domainkey.mta5.uits.uconn.edu  text = "ra=dkim-errors\; rp=100\; rr=all"
>>  
>>  
>> Here is a test email sig header
>> v=1; a=rsa-sha256; c=relaxed/simple; d=mta5.uits.uconn.edu; s=dkim1; t=1544820643; r=y; bh=9ZoLOUiYT9ubu7ykLiU305ZLqHeoTNV83po4QgGRepU=; h=To:From:Subject:Date:From; b=uPOMfVq7Ilr0/e2GEwEIiRotuX1gacod2Tmk7c1lfcYUpNTUznjUXPyNidTlbhrLA ylDHc1xE1P/B1NBo0awxBN4Qbwjz8UWUC1vQpQsrenWnhr+Rp46g7KKqWWZ2Sjw0O0 0RV2EF9aD1UP5bd7qLtuQHQ9gye5cVCBv6uVdM7g=
>>  
>> Here is a test email result header
>> spf=none (sender IP is 137.99.25.249) smtp.mailfrom=appmail.uconn.edu;uconn.mail.onmicrosoft.com; dkim=fail (invalid public key) header.d=mta5.uits.uconn.edu;uconn.mail.onmicrosoft.com; dmarc=none action=none header.from=appmail.uconn.edu;compauth=pass reason=105
>>  
>>  
>> So I can simulate a failure, but cannot seem to get a report emailed to dkim-errors@mta5.uits.uconn.edu ?
>>  
>> I made sure account exists on server:
>> [root@mta5 home]# ls -l /home/|grep dkim
>> drwx------. 2 dkim-errors       dkim-errors         78 Dec 10 16:21 dkim-errors
>>  
>>  
>>  
>> How often are the failure reports generated ? did not see that mentioned in the RFC’s ?
>>  
>> Does anyone see anything obvious that I am doing wrong ?
>> Thank you.
>>  
>>  
>> -ANGELO FAZZINA
>>  
>> ITS Service Manager:
>> Spam and Virus Prevention
>> Mass Mailing
>> G Suite/Gmail
>>  
>> angelo@uconn.edu
>> University of Connecticut,  ITS, SSG, Server Systems
>> 860-486-9075
>>  
>> _______________________________________________
>> Ietf-dkim mailing list
>> Ietf-dkim@ietf.org
>> https://www.ietf.org/mailman/listinfo/ietf-dkim
>> _______________________________________________
>> Ietf-dkim mailing list
>> Ietf-dkim@ietf.org
>> https://www.ietf.org/mailman/listinfo/ietf-dkim
> 
> -- 
> Having an Email Crisis?  We can help! 800 823-9674 
> 
> Laura Atkins
> Word to the Wise
> laura@wordtothewise.com
> (650) 437-0741		
> 
> Email Delivery Blog: https://wordtothewise.com/blog	
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Ietf-dkim mailing list
> Ietf-dkim@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-dkim