The double backslash at the end of Dell's dell.com DKIM record is not correct; this was presumably added incorrectly to escape the escaped semicolon, resulting in a bad key.
You can confirm this at https://dkimcore.org/c/keycheck instead of protodave. With no backslash (which of course is not in the base64 character set) their record should be: v=DKIM1; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDn7EiK3r/vRRde/oD9XAsACz44UTrt2j+hGKdqQ093/QBbPZS99TKxBkcKeWEnu+TzV+WigS8eD424pZVNP2Y4Ta5qbWdtJa+jtoc9953m7WOkTYMM4/iiDxPzhg2yxWdxu3VvuyiZBLhPXzX54mj8rXaTyXXWry2+CRQqDds9pwIDAQAB; t=s Andrew El vie., 19 abr. 2019 a las 11:05, Mike Tubby via Exim-users (< exim-users@exim.org>) escribió: > I have just discovered that Exim DKIM appears to fail to parse some DKIM > keys that other systems claim are okay: > > 19 00:50:18 RCPT: SPF Result2=pass (Partnersresponse.dell.com / > mail04.response.dell.com [142.0.168.187]) > 19 00:50:19 1hHGnL-0002nj-0r PDKIM: d=dell.com s=dk2016 [failed key > import] > 19 00:50:19 1hHGnL-0002nj-0r DKIM START: > domain=Partnersresponse.dell.com possible_signer=dell.com status=invalid > (reason=pubkey_dns_syntax) > 19 00:50:19 1hHGnL-0002nj-0r no IP address found for host > localhost.localdomain > 19 00:50:19 1hHGnL-0002nj-0r DKIM DEFER: > domain=Partnersresponse.dell.com cannot obtain public key > > Running Exim 4.92, compiled from source on Devuan Beowulf with GCC8.3 > ... everything compile clean and works. > > We have a strict DKIM policy that is "you sign it - we check and enforce > it", for failed keys ('pub_key_unavailable' and 'failed_key_import') we > defer with a 421 and appropriate message in the hope that the other > party will fix their problem(s). > > The problem is that ProtoDave.com says 'Success' when parsing Dell's key: > > SELECTOR > Selectors <http://www.dkim.org/info/dkim-faq.html#technical>enable a > single domain to have multiple keys. Some domains, like Twitter and > eBay, use “*dkim*”. Google Apps domains typically use “*google*”. Others > simply use “*default*”. Enter yours here. (Note: Do not include > “_domainkey”) > > DOMAIN > > Base Domain Name. (e.g. example.com) > > > DNS QUERY:dk2016._domainkey.dell.com > QUERY STATUS:Success > TXT RECORD: > > "v=DKIM1; h=sha256; > p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDn7EiK3r/vRRde/oD9XAsACz44UTrt2j+hGKdqQ093/QBbPZS99TKxBkcKeWEnu+TzV+WigS8eD424pZVNP2Y4Ta5qbWdtJa+jtoc9953m7WOkTYMM4/iiDxPzhg2yxWdxu3VvuyiZBLhPXzX54mj8rXaTyXXWry2+CRQqDds9pwIDAQAB\\; > t=s" > > KEY LENGTH (BITS):1024 > VERSION:DKIM1 > KEY TYPE: > GRANULARITY: > HASHES:sha256 > SERVICE TYPE: > FLAGS: > NOTES: > PUBLIC KEY: > > -----BEGIN PUBLIC KEY----- > MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDn7EiK3r/vRRde/oD9XAsACz44 > UTrt2j+hGKdqQ093/QBbPZS99TKxBkcKeWEnu+TzV+WigS8eD424pZVNP2Y4Ta5q > bWdtJa+jtoc9953m7WOkTYMM4/iiDxPzhg2yxWdxu3VvuyiZBLhPXzX54mj8rXaT > yXXWry2+CRQqDds9pwIDAQAB > -----END PUBLIC KEY----- > > > How to fix? > > > Mike > > > > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ > -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/