Hi, thank you.
Here are the headers of the test email I sent.
I sent it with Thunderbird through mta5 which signed it, and relayed it to next
hop, and it was delivered.
I think you are saying since I configured the server to both verify and sign
emails, it won’t bother verifying an email the server itself signed, so I won’t
ever get a report ? I think I read something like that in the RFC’s ?
Sounds like my testing method may be flawed. ☹
Received: from BYASPR01MB1.namprd05.prod.outlook.com (2603:10b6:406:80::38) by
BN7PR05MB5859.namprd05.prod.outlook.com with HTTPS via
BN7PR06CA0025.NAMPRD06.PROD.OUTLOOK.COM; Fri, 14 Dec 2018 20:50:45 +0000
Received: from CO2PR05CA0064.namprd05.prod.outlook.com (2603:10b6:102:2::32)
by BYASPR01MB1.namprd05.prod.outlook.com (2603:10b6:a02:ce::33) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1446.9; Fri, 14 Dec
2018 20:50:44 +0000
Received: from SN1NAM01FT045.eop-nam01.prod.protection.outlook.com
(2a01:111:f400:7e40::209) by CO2PR05CA0064.outlook.office365.com
(2603:10b6:102:2::32) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1446.10 via Frontend
Transport; Fri, 14 Dec 2018 20:50:43 +0000
Authentication-Results: spf=none (sender IP is 137.99.25.249)
smtp.mailfrom=appmail.uconn.edu; uconn.mail.onmicrosoft.com; dkim=fail
(invalid public key) header.d=mta5.uits.uconn.edu;uconn.mail.onmicrosoft.com;
dmarc=none action=none header.from=appmail.uconn.edu;compauth=pass reason=105
Received-SPF: None (protection.outlook.com: appmail.uconn.edu does not
designate permitted sender hosts)
Received: from mta5.uits.uconn.edu (137.99.25.249) by
SN1NAM01FT045.mail.protection.outlook.com (10.152.65.226) with Microsoft SMTP
Server id 15.20.1446.11 via Frontend Transport; Fri, 14 Dec 2018 20:50:43
+0000
Received: from [137.99.80.129] (angelo.uits.uconn.edu [137.99.80.129])
by mta5.uits.uconn.edu (Postfix) with ESMTP id 088EA3000A2C
for <[email protected]>; Fri, 14 Dec 2018 15:50:43 -0500
(EST)
DKIM-Filter: OpenDKIM Filter v2.11.0 mta5.uits.uconn.edu 088EA3000A2C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mta5.uits.uconn.edu;
s=dkim1; t=1544820643; r=y;
bh=9ZoLOUiYT9ubu7ykLiU305ZLqHeoTNV83po4QgGRepU=;
h=To:From:Subject:Date:From;
b=uPOMfVq7Ilr0/e2GEwEIiRotuX1gacod2Tmk7c1lfcYUpNTUznjUXPyNidTlbhrLA
ylDHc1xE1P/B1NBo0awxBN4Qbwjz8UWUC1vQpQsrenWnhr+Rp46g7KKqWWZ2Sjw0O0
0RV2EF9aD1UP5bd7qLtuQHQ9gye5cVCBv6uVdM7g=
To: [email protected]
From: "Fazzina, Angelo" <[email protected]>
Subject: broken test number 2
Message-ID: <[email protected]>
Date: Fri, 14 Dec 2018 15:50:42 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
Thunderbird/60.3.3
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Return-Path: [email protected]
-ANGELO FAZZINA
ITS Service Manager:
Spam and Virus Prevention
Mass Mailing
G Suite/Gmail
[email protected]
University of Connecticut, ITS, SSG, Server Systems
860-486-9075
From: Murray S. Kucherawy <[email protected]>
Sent: Monday, December 17, 2018 12:03 PM
To: Fazzina, Angelo <[email protected]>
Cc: [email protected]
Subject: Re: [Ietf-dkim] Looking for a little help testing DKIM failure
reports, thank you.
DKIM verifiers are not required to generate reports. It's completely optional.
Does the place you're sending to advertise somehow that they will be generated?
On Mon, Dec 17, 2018 at 8:36 AM Fazzina, Angelo
<[email protected]<mailto:[email protected]>> wrote:
Hi, I am trying to test my TXT records for the ability to report failures.
Talking about RFC 6651
These are my records
dkim1._domainkey.mta5.uits.uconn.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdomainkey.mta5.uits.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916294577&sdata=vM9oIARyakkvr%2B0MEePmLHTRA4O2thX57KWW4mgR9cI%3D&reserved=0>
text = "v=DKIM1\; k=rsa\;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/YIuJIABa9M7Ox5AXs6CP6z26d/i9JDrHW58YU/OzfsEr6yADboIOydCaiiVaNuwtkbx
catzd6/iutxWbAiY51rRAvVdBs2YIoGO6Glzeev66ft8IfMnHgxND438KIsdOjUmJZuglFJUWGzCYDSC1eq/zqDVncFwTxWkKW/qtxQIDAQAB"
_report._domainkey.mta5.uits.uconn.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdomainkey.mta5.uits.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916304590&sdata=MGqgIykiwGftuN%2BEBOF2PGI73WCTf5zqzWaX4ywI7T4%3D&reserved=0>
text = "ra=dkim-errors\; rp=100\; rr=all"
Here is a test email sig header
v=1; a=rsa-sha256; c=relaxed/simple;
d=mta5.uits.uconn.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmta5.uits.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916304590&sdata=Tnts9TCcl5Ew4iUUBm%2BgarAzWkfEoFiKADMaIh4UI%2Fc%3D&reserved=0>;
s=dkim1; t=1544820643; r=y; bh=9ZoLOUiYT9ubu7ykLiU305ZLqHeoTNV83po4QgGRepU=;
h=To:From:Subject:Date:From;
b=uPOMfVq7Ilr0/e2GEwEIiRotuX1gacod2Tmk7c1lfcYUpNTUznjUXPyNidTlbhrLA
ylDHc1xE1P/B1NBo0awxBN4Qbwjz8UWUC1vQpQsrenWnhr+Rp46g7KKqWWZ2Sjw0O0
0RV2EF9aD1UP5bd7qLtuQHQ9gye5cVCBv6uVdM7g=
Here is a test email result header
spf=none (sender IP is 137.99.25.249)
smtp.mailfrom=appmail.uconn.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fappmail.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916314590&sdata=fETLZXDMtAavWtbHlB6CWVCDniKTTLV3nLM8KFgHEVw%3D&reserved=0>;
uconn.mail.onmicrosoft.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fuconn.mail.onmicrosoft.com&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916314590&sdata=1LzykOrAlxDAmmIkkmYGWS0SaVqdAZ3kZT0VJlhcQQA%3D&reserved=0>;
dkim=fail (invalid public key)
header.d=mta5.uits.uconn.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmta5.uits.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916324595&sdata=3r180lJRsbT%2F4rvsbeDbOMfhYbsE3%2BJgwIbkYvu5o3Y%3D&reserved=0>;uconn.mail.onmicrosoft.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fuconn.mail.onmicrosoft.com&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916324595&sdata=mlL9WGOqI2meDT0NW9nIYUFSD1HKYgswQW286lF5XkY%3D&reserved=0>;
dmarc=none action=none
header.from=appmail.uconn.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fappmail.uconn.edu&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916334604&sdata=CPfOWrDlnuTeyjcfrYfk6xhMmXVzwFIwtdL14Ou9m2Y%3D&reserved=0>;compauth=pass
reason=105
So I can simulate a failure, but cannot seem to get a report emailed to
[email protected]<mailto:[email protected]> ?
I made sure account exists on server:
[root@mta5 home]# ls -l /home/|grep dkim
drwx------. 2 dkim-errors dkim-errors 78 Dec 10 16:21 dkim-errors
How often are the failure reports generated ? did not see that mentioned in the
RFC’s ?
Does anyone see anything obvious that I am doing wrong ?
Thank you.
-ANGELO FAZZINA
ITS Service Manager:
Spam and Virus Prevention
Mass Mailing
G Suite/Gmail
[email protected]<mailto:[email protected]>
University of Connecticut, ITS, SSG, Server Systems
860-486-9075
_______________________________________________
Ietf-dkim mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/ietf-dkim<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fietf-dkim&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7Cd11a679d2df74fbeb63908d664418541%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636806629916334604&sdata=oYg%2BrdpATbemNnI6afrabJYGmtuvJJZ6gSAbr%2Bd2Yeo%3D&reserved=0>
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
