On Tue, 13 Apr 2021 00:16:42 -0400 Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
> On Mon, Apr 12, 2021 at 07:23:50PM +0200, richard lucassen wrote: > > > mail.info: Apr 12 18:01:16 opendkim[13977]: 828FE7F581: s=202103 > > d=example.com SSL error:0407008A:rsa > > routines:RSA_padding_check_PKCS1_type_1:invalid padding; error: > > 04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed > > An RSA signature is either slightly garbled, or is being verified with > the wrong key (not the one that did the signing). The validator > detects a PKCS#1 padding error after decrypting with the public key. > > I'm inclined to guess wrong key, but minor corruption in the signature > value that preserves the overall length is also possible. Yes, but why 1 minute ok, 1 minute errors, 1 minute ok, etc etc? -- richard lucassen http://contact.xaq.nl/