On Mon, Apr 12, 2021 at 07:23:50PM +0200, richard lucassen wrote:
> mail.info: Apr 12 18:01:16 opendkim[13977]: 828FE7F581: s=202103 d=example.com
> SSL error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid
> padding;
> error: 04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed
An RSA signature is either slightly garbled, or is being verified with
the wrong key (not the one that did the signing). The validator detects
a PKCS#1 padding error after decrypting with the public key.
I'm inclined to guess wrong key, but minor corruption in the signature
value that preserves the overall length is also possible.
--
Viktor.
