Hi again,
I just installed the DKIM Verifier extension to Thunderbird on my laptop and
that fails the email as well. My laptop has OpenSSL 3.1.4, so that has the bug
as well.
Still no closer to fixing this though.
Regards,
Henrik Morsing
On Sun, Mar 31, 2024 at 03:30:47PM +0100, Henrik Morsing via GLLUG wrote:
Hi all,
Happy Easter. I have some days off, so finally had some time to look at this.
Having disabled rejection in January gave me some more data to look at and it
became obvious that anyone using 1024-bit keys failed the check and anyone
using 2048-bit passed.
I found one person out there who said his DKIM checks started failing on
1024-bit keys after he upgraded from OpenSSL 0.9.8 to 1.1.1 (My current
version) but sadly no replies.
So, my OpenSSL has a bug, I assume, but it's not really publicly known and
no-one seems very concerned about it? Seem very odd.
Tried to find somewhere in the configuration where a limit was set but couldn't
find anything and also find it odd if that was the case.
Regards,
Henrik Morsing
On Fri, Jan 12, 2024 at 03:48:17PM +0000, Henrik Morsing via GLLUG wrote:
Good afternoon,
Not dircetly Linux, sorry, but British Gas has spent the last year sending me
letters saying they can't email me. When I look into it, their emails are
rejected based on a bad DKIM signature.
The problem is, not receiving the email, how can I find out what the problem
is? mxtoolbox says their setup is fine, but that surely can't check the
signature inside one of their emails.
What is slightly odd is that DMARC policy is set to none, so shouldn't reject
anything anyway.
I can't say I'm a DKIM/DMARC expert, but this is what I see:
Dec 22 12:37:12 emil opendkim[768]: 2F7612233E: s=mailjet d=britishgas.co.uk
a=rsa-sha256 SSL error:04091068:rsa routines:int_rsa_verify:bad signature
Dec 22 12:37:13 emil opendmarc[3858740]: 2F7612233E: britishgas.co.uk fail
Dec 22 12:37:13 emil postfix/cleanup[3996586]: 2F7612233E: milter-reject: END-OF-MESSAGE from
o94.p12.mailjet.com[87.253.237.94]: 5.7.1 rejected by DMARC policy for britishgas.co.uk;
from=<296f63a1.caaabphwdncaaaaaaaaaakg7asyaaycquv4aaaaaabbdggblh...@a1065858.bnc3.mailjet.com>
to=<mors...@morsing.cc> proto=ESMTP helo=<o94.p12.mailjet.com>
Not sure where to go from here though. Smells like their problem to me, but I
don't want to tell them that without proof. Any hints?
Regards,
Henrik Morsing
--
--
GLLUG mailing list
GLLUG@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/gllug
--
--
GLLUG mailing list
GLLUG@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/gllug
--
--
GLLUG mailing list
GLLUG@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/gllug
