Hi, sorry if I caused any confusion. I could only think of one way to test and force a failure in hopes of generating a report, and that was the "invalid" key.
I took the "M" out in DNS so the emails would fail DKIM on purpose, in hopes of generating a error report. I should have been more explicit of my testing method. It is still "broken" in DNS. I have learned no one does this, generate DKIM error reporting that is, so I have setup a DMARC TXT record in DNS and try to generate reports with that. [root@mta5 ~]# dig +short -t txt _dmarc.mta5.uits.uconn.edu "v=DMARC1\; p=none\; ri=3600\; rua=mailto:[email protected]\; ruf=mailto:[email protected]\; rf=afrf\; fo=1\; pct=100\; adkim=s\; aspf=s" This is a test server so no mail going through it except my testing emails. P.S. I sent 2 emails through last night around 5pm so waiting to see if reports get emailed still.... Thank you again for trying to help everyone. -ANGELO FAZZINA ITS Service Manager: Spam and Virus Prevention Mass Mailing G Suite/Gmail [email protected] University of Connecticut, ITS, SSG, Server Systems 860-486-9075 -----Original Message----- From: Ietf-dkim <[email protected]> On Behalf Of Steve Atkins Sent: Tuesday, December 18, 2018 6:25 AM To: [email protected] Subject: Re: [Ietf-dkim] Looking for a little help testing DKIM failure reports, thank you. > On Dec 18, 2018, at 10:02 AM, Laura Atkins <[email protected]> wrote: > > You never published your DKIM key in DNS. > > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.wordtothewise.com%2Fdkim%2Fcheck%2Fmta5.uits.uconn.edu%3B%2Fdkim1&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7C4113cab40fb347c3ec9f08d664db8635%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636807291348941916&sdata=AC2oE%2BPmNPSgt5MJYr4oPzUzn7kIdNVDQntA02nIJZc%3D&reserved=0 > > So the mail is being signed, but the signature is failing because there’s no > public key to use to verify. No, it's published. You accidentally copied a semicolon with the hostname. But it seems to be missing the leading "M" in p= relative to what's listed below now, which seems to be causing my tools to barf on it, and maybe validators too. Cheers, Steve > > laura > > >> On 17 Dec 2018, at 18:18, Fazzina, Angelo <[email protected]> wrote: >> >> Hi, thank you. >> Here are the headers of the test email I sent. >> I sent it with Thunderbird through mta5 which signed it, and relayed it to >> next hop, and it was delivered. >> >> I think you are saying since I configured the server to both verify and sign >> emails, it won’t bother verifying an email the server itself signed, so I >> won’t ever get a report ? I think I read something like that in the RFC’s ? >> >> >> Sounds like my testing method may be flawed. L >> >> >> Received: from BYASPR01MB1.namprd05.prod.outlook.com (2603:10b6:406:80::38) >> by >> BN7PR05MB5859.namprd05.prod.outlook.com with HTTPS via >> BN7PR06CA0025.NAMPRD06.PROD.OUTLOOK.COM; Fri, 14 Dec 2018 20:50:45 +0000 >> Received: from CO2PR05CA0064.namprd05.prod.outlook.com (2603:10b6:102:2::32) >> by BYASPR01MB1.namprd05.prod.outlook.com (2603:10b6:a02:ce::33) with >> Microsoft SMTP Server (version=TLS1_2, >> cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1446.9; Fri, 14 Dec >> 2018 20:50:44 +0000 >> Received: from SN1NAM01FT045.eop-nam01.prod.protection.outlook.com >> (2a01:111:f400:7e40::209) by CO2PR05CA0064.outlook.office365.com >> (2603:10b6:102:2::32) with Microsoft SMTP Server (version=TLS1_2, >> cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1446.10 via Frontend >> Transport; Fri, 14 Dec 2018 20:50:43 +0000 >> Authentication-Results: spf=none (sender IP is 137.99.25.249) >> smtp.mailfrom=appmail.uconn.edu; uconn.mail.onmicrosoft.com; dkim=fail >> (invalid public key) header.d=mta5.uits.uconn.edu;uconn.mail.onmicrosoft.com; >> dmarc=none action=none header.from=appmail.uconn.edu;compauth=pass reason=105 >> Received-SPF: None (protection.outlook.com: appmail.uconn.edu does not >> designate permitted sender hosts) >> Received: from mta5.uits.uconn.edu (137.99.25.249) by >> SN1NAM01FT045.mail.protection.outlook.com (10.152.65.226) with Microsoft SMTP >> Server id 15.20.1446.11 via Frontend Transport; Fri, 14 Dec 2018 20:50:43 >> +0000 >> Received: from [137.99.80.129] (angelo.uits.uconn.edu [137.99.80.129]) >> by mta5.uits.uconn.edu (Postfix) with ESMTP id 088EA3000A2C >> for <[email protected]>; Fri, 14 Dec 2018 15:50:43 >> -0500 (EST) >> DKIM-Filter: OpenDKIM Filter v2.11.0 mta5.uits.uconn.edu 088EA3000A2C >> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mta5.uits.uconn.edu; >> s=dkim1; t=1544820643; r=y; >> bh=9ZoLOUiYT9ubu7ykLiU305ZLqHeoTNV83po4QgGRepU=; >> h=To:From:Subject:Date:From; >> >> b=uPOMfVq7Ilr0/e2GEwEIiRotuX1gacod2Tmk7c1lfcYUpNTUznjUXPyNidTlbhrLA >> >> ylDHc1xE1P/B1NBo0awxBN4Qbwjz8UWUC1vQpQsrenWnhr+Rp46g7KKqWWZ2Sjw0O0 >> 0RV2EF9aD1UP5bd7qLtuQHQ9gye5cVCBv6uVdM7g= >> To: [email protected] >> From: "Fazzina, Angelo" <[email protected]> >> Subject: broken test number 2 >> Message-ID: <[email protected]> >> Date: Fri, 14 Dec 2018 15:50:42 -0500 >> User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 >> Thunderbird/60.3.3 >> MIME-Version: 1.0 >> Content-Type: text/plain; charset="utf-8"; format=flowed >> Content-Transfer-Encoding: 7bit >> Content-Language: en-US >> Return-Path: [email protected] >> >> -ANGELO FAZZINA >> >> ITS Service Manager: >> Spam and Virus Prevention >> Mass Mailing >> G Suite/Gmail >> >> [email protected] >> University of Connecticut, ITS, SSG, Server Systems >> 860-486-9075 >> >> From: Murray S. Kucherawy <[email protected]> >> Sent: Monday, December 17, 2018 12:03 PM >> To: Fazzina, Angelo <[email protected]> >> Cc: [email protected] >> Subject: Re: [Ietf-dkim] Looking for a little help testing DKIM failure >> reports, thank you. >> >> DKIM verifiers are not required to generate reports. It's completely >> optional. Does the place you're sending to advertise somehow that they will >> be generated? >> >> On Mon, Dec 17, 2018 at 8:36 AM Fazzina, Angelo <[email protected]> >> wrote: >> Hi, I am trying to test my TXT records for the ability to report failures. >> Talking about RFC 6651 >> >> These are my records >> >> dkim1._domainkey.mta5.uits.uconn.edu text = "v=DKIM1\; k=rsa\; >> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/YIuJIABa9M7Ox5AXs6CP6z26d/i9JDrHW58YU/OzfsEr6yADboIOydCaiiVaNuwtkbx >> catzd6/iutxWbAiY51rRAvVdBs2YIoGO6Glzeev66ft8IfMnHgxND438KIsdOjUmJZuglFJUWGzCYDSC1eq/zqDVncFwTxWkKW/qtxQIDAQAB" >> >> _report._domainkey.mta5.uits.uconn.edu text = "ra=dkim-errors\; rp=100\; >> rr=all" >> >> >> Here is a test email sig header >> v=1; a=rsa-sha256; c=relaxed/simple; d=mta5.uits.uconn.edu; s=dkim1; >> t=1544820643; r=y; bh=9ZoLOUiYT9ubu7ykLiU305ZLqHeoTNV83po4QgGRepU=; >> h=To:From:Subject:Date:From; >> b=uPOMfVq7Ilr0/e2GEwEIiRotuX1gacod2Tmk7c1lfcYUpNTUznjUXPyNidTlbhrLA >> ylDHc1xE1P/B1NBo0awxBN4Qbwjz8UWUC1vQpQsrenWnhr+Rp46g7KKqWWZ2Sjw0O0 >> 0RV2EF9aD1UP5bd7qLtuQHQ9gye5cVCBv6uVdM7g= >> >> Here is a test email result header >> spf=none (sender IP is 137.99.25.249) >> smtp.mailfrom=appmail.uconn.edu;uconn.mail.onmicrosoft.com; dkim=fail >> (invalid public key) >> header.d=mta5.uits.uconn.edu;uconn.mail.onmicrosoft.com; dmarc=none >> action=none header.from=appmail.uconn.edu;compauth=pass reason=105 >> >> >> So I can simulate a failure, but cannot seem to get a report emailed to >> [email protected] ? >> >> I made sure account exists on server: >> [root@mta5 home]# ls -l /home/|grep dkim >> drwx------. 2 dkim-errors dkim-errors 78 Dec 10 16:21 >> dkim-errors >> >> >> >> How often are the failure reports generated ? did not see that mentioned in >> the RFC’s ? >> >> Does anyone see anything obvious that I am doing wrong ? >> Thank you. >> >> >> -ANGELO FAZZINA >> >> ITS Service Manager: >> Spam and Virus Prevention >> Mass Mailing >> G Suite/Gmail >> >> [email protected] >> University of Connecticut, ITS, SSG, Server Systems >> 860-486-9075 >> >> _______________________________________________ >> Ietf-dkim mailing list >> [email protected] >> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fietf-dkim&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7C4113cab40fb347c3ec9f08d664db8635%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636807291348941916&sdata=YpRXmWvhB%2F7HBZdnRjyr5x%2FZy6mBiBRmm36hXtksSA8%3D&reserved=0 >> _______________________________________________ >> Ietf-dkim mailing list >> [email protected] >> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fietf-dkim&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7C4113cab40fb347c3ec9f08d664db8635%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636807291348941916&sdata=YpRXmWvhB%2F7HBZdnRjyr5x%2FZy6mBiBRmm36hXtksSA8%3D&reserved=0 > > -- > Having an Email Crisis? We can help! 800 823-9674 > > Laura Atkins > Word to the Wise > [email protected] > (650) 437-0741 > > Email Delivery Blog: > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwordtothewise.com%2Fblog&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7C4113cab40fb347c3ec9f08d664db8635%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636807291348941916&sdata=KvzxIvA%2FBHMQcPB8w16%2BAkZFNbZGVNuL9D%2BhTkLzcNE%3D&reserved=0 > > > > > > > > > _______________________________________________ > Ietf-dkim mailing list > [email protected] > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fietf-dkim&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7C4113cab40fb347c3ec9f08d664db8635%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636807291348941916&sdata=YpRXmWvhB%2F7HBZdnRjyr5x%2FZy6mBiBRmm36hXtksSA8%3D&reserved=0 _______________________________________________ Ietf-dkim mailing list [email protected] https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fietf-dkim&data=02%7C01%7Cangelo.fazzina%40uconn.edu%7C4113cab40fb347c3ec9f08d664db8635%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C636807291348941916&sdata=YpRXmWvhB%2F7HBZdnRjyr5x%2FZy6mBiBRmm36hXtksSA8%3D&reserved=0 _______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
