If it's working and you understand it, you're good. ...Todd
On Thu, Jul 10, 2014 at 12:14 AM, Smarthost 432 <[email protected]> wrote: > Hi Todd Lyons, > > Thanks for your response. > > Its working now. I have configured EXIM4 in un-split configuration and added > DKIM entries in /etc/exim4/exim.conf.template file. > > Earlier, exim was on split configuration. I modified the required changes as > per the instruction given in this site on routers and transport, while > adding DKIM entries and restarting exim, it was showing duplicate transport > found. > > My goal was to setup DKIM for single domain, and same key should be validate > to other domains. > > Now, in unsplit configuration, its working. I do not know if this is right > way..I welcome your suggestion and advise on this matter. > > > > > > On Tue, Jul 8, 2014 at 5:37 PM, Todd Lyons <[email protected]> wrote: >> >> On Mon, Jul 7, 2014 at 5:56 AM, Smarthost 432 <[email protected]> >> wrote: >> > Hi, >> > >> > I setup DKIM for one domain and DKIM result is pass. And when I use same >> > DKIM public key for my another domain, DKIM signature is attached but >> > message header shows DKIM=fail. >> > >> > *Mydomain2.com - DKIM results* >> > >> > Authentication-Results: mx.google.com; >> > spf=hardfail (google.com: domain of [email protected] does not >> > designate SERVER-IP as permitted sender) [email protected]; >> > dkim=fail [email protected] >> > DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; >> > d=infiserver.com; s=fusion5; >> > h=Date:From:Message-Id; >> > bh=f7kChJIPrUaTEZXIizmQd6A20Xu2MUdYf3GaZ5bir08=; >> > >> > How do I resolve this., can anyone let me know where and what steps need >> > to >> > take for resolving this issue? >> >> Step 1: Make sure that the DNS record with the public key that you are >> signing with actually exists: >> >> [todd@tlyons ~]$ dig -t txt fusion5._domainkey.infiserver.com >> >> ; <<>> DiG 9.8.1-P1 <<>> -t txt fusion5._domainkey.infiserver.com >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34423 >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 >> >> ;; QUESTION SECTION: >> ;fusion5._domainkey.infiserver.com. IN TXT >> >> ;; AUTHORITY SECTION: >> infiserver.com. 10800 IN SOA ns1.infiserver.com. >> yogendra.m.ligerhost.com. 2014070705 86400 7200 3600000 86400 >> >> ;; Query time: 275 msec >> ;; SERVER: 192.168.100.10#53(192.168.100.10) >> ;; WHEN: Tue Jul 8 05:00:00 2014 >> ;; MSG SIZE rcvd: 112 >> >> Since it does not exist, add that record, reload the zone, and then >> repeat the test. You are still subject to negative cache timeout in >> whatever DNS resolvers are being used by whatever mail service you are >> testing with (appears to be Gmail in this case). The negative cache >> time is defined in your SOA record, which as shown above, is 86400 >> seconds, which is 24 hours. That means it may take up to 24 hours for >> Google's caching resolvers to "forget" the previous answers it got >> from your DNS server and ask for the zone again. You can do a >> relatively accurate check by doing a direct dig against Google's >> public DNS resolvers at 8.8.8.8 and 8.8.4.4. >> >> ...Todd >> -- >> The total budget at all receivers for solving senders' problems is $0. >> If you want them to accept your mail and manage it the way you want, >> send it the way the spec says to. --John Levine > > -- The total budget at all receivers for solving senders' problems is $0. If you want them to accept your mail and manage it the way you want, send it the way the spec says to. --John Levine -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
