Re: [Ietf-dkim] Looking for a little help testing DKIM failure reports, thank you.
Steve Atkins <steve@wordtothewise.com> Tue, 18 December 2018 11:25 UTC
Return-Path: <steve@wordtothewise.com>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE9E7131105 for <ietf-dkim@ietfa.amsl.com>; Tue, 18 Dec 2018 03:25:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=wordtothewise.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LIEogV-O1Iyy for <ietf-dkim@ietfa.amsl.com>; Tue, 18 Dec 2018 03:25:24 -0800 (PST)
Received: from mail.wordtothewise.com (pazu.wordtothewise.com [104.225.223.158]) by ietfa.amsl.com (Postfix) with ESMTP id DFB3C1310FE for <ietf-dkim@ietf.org>; Tue, 18 Dec 2018 03:25:23 -0800 (PST)
Received: from [192.168.0.87] (unknown [37.228.229.87]) by mail.wordtothewise.com (Postfix) with ESMTPSA id BB377A0866 for <ietf-dkim@ietf.org>; Tue, 18 Dec 2018 03:25:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wordtothewise.com; s=aardvark; t=1545132323; bh=ZrHgzb73J+IRdi9pZzUnwlMYrk+5+WXvmJd98sonNIk=; h=From:Subject:Date:References:To:In-Reply-To:From; b=QxAY+JbL+XBvk1+eoGnEaD9blP1lmNfu49pXI9HcA8InnhXg2z7MUDA2TMUlwWcLg nGPURicwMa7PNHUL+AjuDwObfMbv0CDQhRtTKniJmo4v3Ae4cvOlZFh7wpg3S/q0Mk 5aHlcSpeI4PPQf6NMfo7OhdHaoWDUN6f+Gms8eps=
From: Steve Atkins <steve@wordtothewise.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.1 \(3445.101.1\))
Date: Tue, 18 Dec 2018 11:25:18 +0000
References: <BN7PR05MB5859247C857BBA67D10324D598BC0@BN7PR05MB5859.namprd05.prod.outlook.com> <CAL0qLwZk8ig5-YHnMuuVfvk0T22_SO31baCCAC0bA1Jy7mmOgg@mail.gmail.com> <BN7PR05MB5859440D9931B79BA6D042CA98BC0@BN7PR05MB5859.namprd05.prod.outlook.com> <64B048B6-1355-461E-9E3B-08F5113BEE1E@wordtothewise.com>
To: "ietf-dkim@ietf.org" <ietf-dkim@ietf.org>
In-Reply-To: <64B048B6-1355-461E-9E3B-08F5113BEE1E@wordtothewise.com>
Message-Id: <5A996937-0F6E-481C-A367-85EE8E42AEB9@wordtothewise.com>
X-Mailer: Apple Mail (2.3445.101.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/unPLo6G1n5G8Y-8GGB0RTRNk_rY>
Subject: Re: [Ietf-dkim] Looking for a little help testing DKIM failure reports, thank you.
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Dec 2018 11:25:29 -0000
> On Dec 18, 2018, at 10:02 AM, Laura Atkins <laura@wordtothewise.com> wrote: > > You never published your DKIM key in DNS. > > https://tools.wordtothewise.com/dkim/check/mta5.uits.uconn.edu;/dkim1 > > So the mail is being signed, but the signature is failing because there’s no public key to use to verify. No, it's published. You accidentally copied a semicolon with the hostname. But it seems to be missing the leading "M" in p= relative to what's listed below now, which seems to be causing my tools to barf on it, and maybe validators too. Cheers, Steve > > laura > > >> On 17 Dec 2018, at 18:18, Fazzina, Angelo <angelo.fazzina@uconn.edu> wrote: >> >> Hi, thank you. >> Here are the headers of the test email I sent. >> I sent it with Thunderbird through mta5 which signed it, and relayed it to next hop, and it was delivered. >> >> I think you are saying since I configured the server to both verify and sign emails, it won’t bother verifying an email the server itself signed, so I won’t ever get a report ? I think I read something like that in the RFC’s ? >> >> >> Sounds like my testing method may be flawed. L >> >> >> Received: from BYASPR01MB1.namprd05.prod.outlook.com (2603:10b6:406:80::38) by >> BN7PR05MB5859.namprd05.prod.outlook.com with HTTPS via >> BN7PR06CA0025.NAMPRD06.PROD.OUTLOOK.COM; Fri, 14 Dec 2018 20:50:45 +0000 >> Received: from CO2PR05CA0064.namprd05.prod.outlook.com (2603:10b6:102:2::32) >> by BYASPR01MB1.namprd05.prod.outlook.com (2603:10b6:a02:ce::33) with >> Microsoft SMTP Server (version=TLS1_2, >> cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1446.9; Fri, 14 Dec >> 2018 20:50:44 +0000 >> Received: from SN1NAM01FT045.eop-nam01.prod.protection.outlook.com >> (2a01:111:f400:7e40::209) by CO2PR05CA0064.outlook.office365.com >> (2603:10b6:102:2::32) with Microsoft SMTP Server (version=TLS1_2, >> cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1446.10 via Frontend >> Transport; Fri, 14 Dec 2018 20:50:43 +0000 >> Authentication-Results: spf=none (sender IP is 137.99.25.249) >> smtp.mailfrom=appmail.uconn.edu; uconn.mail.onmicrosoft.com; dkim=fail >> (invalid public key) header.d=mta5.uits.uconn.edu;uconn.mail.onmicrosoft.com; >> dmarc=none action=none header.from=appmail.uconn.edu;compauth=pass reason=105 >> Received-SPF: None (protection.outlook.com: appmail.uconn.edu does not >> designate permitted sender hosts) >> Received: from mta5.uits.uconn.edu (137.99.25.249) by >> SN1NAM01FT045.mail.protection.outlook.com (10.152.65.226) with Microsoft SMTP >> Server id 15.20.1446.11 via Frontend Transport; Fri, 14 Dec 2018 20:50:43 >> +0000 >> Received: from [137.99.80.129] (angelo.uits.uconn.edu [137.99.80.129]) >> by mta5.uits.uconn.edu (Postfix) with ESMTP id 088EA3000A2C >> for <angelo.fazzina@uconn.edu>; Fri, 14 Dec 2018 15:50:43 -0500 (EST) >> DKIM-Filter: OpenDKIM Filter v2.11.0 mta5.uits.uconn.edu 088EA3000A2C >> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mta5.uits.uconn.edu; >> s=dkim1; t=1544820643; r=y; >> bh=9ZoLOUiYT9ubu7ykLiU305ZLqHeoTNV83po4QgGRepU=; >> h=To:From:Subject:Date:From; >> b=uPOMfVq7Ilr0/e2GEwEIiRotuX1gacod2Tmk7c1lfcYUpNTUznjUXPyNidTlbhrLA >> ylDHc1xE1P/B1NBo0awxBN4Qbwjz8UWUC1vQpQsrenWnhr+Rp46g7KKqWWZ2Sjw0O0 >> 0RV2EF9aD1UP5bd7qLtuQHQ9gye5cVCBv6uVdM7g= >> To: angelo.fazzina@uconn.edu >> From: "Fazzina, Angelo" <alf02013@appmail.uconn.edu> >> Subject: broken test number 2 >> Message-ID: <68467787-7ba6-71dd-3548-0269e900d274@appmail.uconn.edu> >> Date: Fri, 14 Dec 2018 15:50:42 -0500 >> User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 >> Thunderbird/60.3.3 >> MIME-Version: 1.0 >> Content-Type: text/plain; charset="utf-8"; format=flowed >> Content-Transfer-Encoding: 7bit >> Content-Language: en-US >> Return-Path: alf02013@appmail.uconn.edu >> >> -ANGELO FAZZINA >> >> ITS Service Manager: >> Spam and Virus Prevention >> Mass Mailing >> G Suite/Gmail >> >> angelo@uconn.edu >> University of Connecticut, ITS, SSG, Server Systems >> 860-486-9075 >> >> From: Murray S. Kucherawy <superuser@gmail.com> >> Sent: Monday, December 17, 2018 12:03 PM >> To: Fazzina, Angelo <angelo.fazzina@uconn.edu> >> Cc: ietf-dkim@ietf.org >> Subject: Re: [Ietf-dkim] Looking for a little help testing DKIM failure reports, thank you. >> >> DKIM verifiers are not required to generate reports. It's completely optional. Does the place you're sending to advertise somehow that they will be generated? >> >> On Mon, Dec 17, 2018 at 8:36 AM Fazzina, Angelo <angelo.fazzina@uconn.edu> wrote: >> Hi, I am trying to test my TXT records for the ability to report failures. Talking about RFC 6651 >> >> These are my records >> >> dkim1._domainkey.mta5.uits.uconn.edu text = "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/YIuJIABa9M7Ox5AXs6CP6z26d/i9JDrHW58YU/OzfsEr6yADboIOydCaiiVaNuwtkbx >> catzd6/iutxWbAiY51rRAvVdBs2YIoGO6Glzeev66ft8IfMnHgxND438KIsdOjUmJZuglFJUWGzCYDSC1eq/zqDVncFwTxWkKW/qtxQIDAQAB" >> >> _report._domainkey.mta5.uits.uconn.edu text = "ra=dkim-errors\; rp=100\; rr=all" >> >> >> Here is a test email sig header >> v=1; a=rsa-sha256; c=relaxed/simple; d=mta5.uits.uconn.edu; s=dkim1; t=1544820643; r=y; bh=9ZoLOUiYT9ubu7ykLiU305ZLqHeoTNV83po4QgGRepU=; h=To:From:Subject:Date:From; b=uPOMfVq7Ilr0/e2GEwEIiRotuX1gacod2Tmk7c1lfcYUpNTUznjUXPyNidTlbhrLA ylDHc1xE1P/B1NBo0awxBN4Qbwjz8UWUC1vQpQsrenWnhr+Rp46g7KKqWWZ2Sjw0O0 0RV2EF9aD1UP5bd7qLtuQHQ9gye5cVCBv6uVdM7g= >> >> Here is a test email result header >> spf=none (sender IP is 137.99.25.249) smtp.mailfrom=appmail.uconn.edu;uconn.mail.onmicrosoft.com; dkim=fail (invalid public key) header.d=mta5.uits.uconn.edu;uconn.mail.onmicrosoft.com; dmarc=none action=none header.from=appmail.uconn.edu;compauth=pass reason=105 >> >> >> So I can simulate a failure, but cannot seem to get a report emailed to dkim-errors@mta5.uits.uconn.edu ? >> >> I made sure account exists on server: >> [root@mta5 home]# ls -l /home/|grep dkim >> drwx------. 2 dkim-errors dkim-errors 78 Dec 10 16:21 dkim-errors >> >> >> >> How often are the failure reports generated ? did not see that mentioned in the RFC’s ? >> >> Does anyone see anything obvious that I am doing wrong ? >> Thank you. >> >> >> -ANGELO FAZZINA >> >> ITS Service Manager: >> Spam and Virus Prevention >> Mass Mailing >> G Suite/Gmail >> >> angelo@uconn.edu >> University of Connecticut, ITS, SSG, Server Systems >> 860-486-9075 >> >> _______________________________________________ >> Ietf-dkim mailing list >> Ietf-dkim@ietf.org >> https://www.ietf.org/mailman/listinfo/ietf-dkim >> _______________________________________________ >> Ietf-dkim mailing list >> Ietf-dkim@ietf.org >> https://www.ietf.org/mailman/listinfo/ietf-dkim > > -- > Having an Email Crisis? We can help! 800 823-9674 > > Laura Atkins > Word to the Wise > laura@wordtothewise.com > (650) 437-0741 > > Email Delivery Blog: https://wordtothewise.com/blog > > > > > > > > _______________________________________________ > Ietf-dkim mailing list > Ietf-dkim@ietf.org > https://www.ietf.org/mailman/listinfo/ietf-dkim
- [Ietf-dkim] Looking for a little help testing DKI… Fazzina, Angelo
- Re: [Ietf-dkim] Looking for a little help testing… Murray S. Kucherawy
- Re: [Ietf-dkim] Looking for a little help testing… Fazzina, Angelo
- Re: [Ietf-dkim] Looking for a little help testing… Alessandro Vesely
- Re: [Ietf-dkim] Looking for a little help testing… Laura Atkins
- Re: [Ietf-dkim] Looking for a little help testing… Steve Atkins
- Re: [Ietf-dkim] Looking for a little help testing… Fazzina, Angelo