Re: [qmailtoaster] problem with dkim

[apowell]

I have the _domainkey.your-domain.com TXT "t=y\;" set in DNS, and it  
has been a week since we implemented dkim. I have also tested our DNS  
servers, and I pretty sure there are not any timeouts.

I have found that it does not matter if the format is "Aaron  
Powell"<ae...@yahoo.com> or not.

If I send to:

netmanss1...@gmail.com, netmanss1...@yahoo.com, ae...@yahoo.com,  
apow...@st-tel.net, ssei...@st-tel.net

I get dkim=permerror (bad sig)

but if I send to fewer recipients it works. it is like I am limited to  
a certain number of characters on the to: line, and not necessarily,  
by recipients.



any other ideas?
--
Aaron Powell
IT Manager
S&T Communications
Office: 785-460-7300
Fax: 785-460-7301


Quoting Toma Bogdan <tbog...@direkt.ro>:

On 5/12/2011 9:48 PM, apow...@st-tel.net wrote:
Here is the headers of a dkim=permerror (bad sig)

From apow...@st-tel.net Thu May 12 12:52:19 2011
X-Apparently-To:                 ae...@yahoo.com via  
68.142.199.191; Thu, 12 May 2011 05:52:22 -0700
Return-Path: <apow...@st-tel.net>
Received-SPF:                 pass (mta140.mail.sp2.yahoo.com:  
domain of apow...@st-tel.net designates 63.170.92.52 as permitted  
sender)  
bW11bmljYXRpb25zCk9mZmljZTogNzg1LTQ2MC03MzAwCkZheDogNzg1LTQ2  
MC03MzAxATABAQEB
X-YMailISG:                  
BKczKe0cZAp_Kh4Pvn1OCHTN0GqUVYw0_NRMSykOs7JnEqjC  
lGzt5FZrLq40JE8u0IoDIJEJslXMatTuxXDy61bEN.CmuYFkMnIxivLThB56  
NY2Zmx_Tn5IqdrX2kQKtMGngmsjuVbNeOKRs9HjzW5xucV.4MpwRq1ElZAvD  
eWtKKHdyPQTtKfTs1T2cKchvgabQPHb2kHnjqZ0LT9_L9ok9yhbCGc8XcQ81  
WZmPFdrqkwSoEG9GLKSPOjKRo_vzLuSBK8Huw1rIlHJP79PnzNLEhyeUIuvg  
fFYAy.eJDkGDPZtUS1VF38ZnMGQuI1hs5IOuLqyyvIouHBOGvAIZuLvQFf1e  
c0bVvayQx4DZclN9QWZgwWKHOyeM8uRSXLvLSQTmtbZR9j4VqDZh0YSdxjqR  
9bUlPFWFOdgMr2WQXzipzX7e8k6pdiGP6xILHGCBPICd5kN6peqeC4PcJC_r  
HujN_T4M9K69ekAuLthlbeW.lqN_rZ1p5jxLf6T1cbIhov4MgFtNqiOAYqyy  
lGpw4dXg0wInHlHlLl9u5SZPNygqq1srxLmauGuIM5sz4uwj43iTgcrzUBsW  
L29RR8.RKxX4OKNKtcmAeYQFbnZsB7w1RXFK35zyjWDAcrxTpP9Ih350BqHY  
cXDXTnswoV3jpiDgBluaYLq_0UsgBXhN__zrhYXmus7Yz0Ar3QzyZePGAWhC  
pdZ54WeptgnfJbYbVvSvVsqLQwgEE4slabXwsgxtJOtADkJU7ZvcqkhR8it9  
YkJRIjW3pHACqumQFFZZEq7EpOZyCbsTA91Rzyr9kIZQwYYwOD1kzJKQEo.f  
9YkeRX52yFA8UhSm4VCDaB5vixH4PLFNGOwjlX6PWzrGJbrodmvjS1CI76x0  
7jt93FYw3tAWu13cgzhjbKmXCKEsjncIijTYTSw03u5ly_GpfWaaz2zPWzq_  
c1jsXXZFId45z96M4rmWWI5RpgZ4DQ6Jt.39nWzNga.XPLDM6x4qwCHkTbkE  
V77Tl1fyf_MxANcZdMGg1gNFHPCZx5yee5vxqqha7Db8_pf_OsykAsgG1F9A  
ReFXG2OrHAILNjoHh35_jQEHSNmMhI2o5m.wWg_hcG8hmDD1pKXBR7yoJxt9  
4eX7pf5vQlK9IBCkLunc0CWbYiV6.OQ8fjBcwSvogtWz54tfIPOcpWbUJgtX  
jn9RllSceq0f3UzD_cZ4RRPibbeeZdeU3iiEX0i3h74Bu3F.N1FJBTwjnyJw  
goll1A.f79tJZvgTSeXgEgeTmecCnkKNIXAj0zfiVNFVJNF8xcqWo_zM0LVl  
Iwtj5dhpR4yG9GUF6kXf7Dkui4D3Yh8kc9d8k7BWVrX4ZaxmbTTZjkPjVoa9  
NnNdYusW3qh4sb53FDuxaFIqsk0hLJwYFUu6kJl91mYlP6BNadWFFN.GM2rb  
5TQyr8MgI0w1
X-Originating-IP:                 [63.170.92.52]
Authentication-Results:                 mta140.mail.sp2.yahoo.com  
from=st-tel.net; domainkeys=neutral (no sig);  
from=stmail-nfs1.st-tel.net; dkim=permerror (bad sig)
Received:                 from 127.0.0.1 (EHLO mx2.st-tel.net)  
(63.170.92.52) by mta140.mail.sp2.yahoo.com with SMTP; Thu, 12 May  
2011 05:52:22 -0700
Received:                 from stmail-nfs1.st-tel.net  
(stmail-nfs1.st-tel.net [10.2.1.160]) by mx2.st-tel.net  
(8.13.8/8.13.8/Debian-3+etch1) with ESMTP id p4CCqKWl014236 for  
<ae...@yahoo.com>; Thu, 12 May 2011 07:52:21 -0500
DKIM-Signature:                 v=1; a=rsa-sha1; c=simple;  
d=stmail-nfs1.st-tel.net; h=  
message-id:date:from:to:subject:mime-version:content-type  
:content-transfer-encoding; s=dkim1; bh=qWaYy1rzecELWi+MGj9iPd9l  
YlY=; b=fwOb2HLSZkZWZYkhB73PnzZr4nL2Vce3b8lxtgpt5GpoL+dTN8W68Xsw  
hHgLm+iM
Received:                 (qmail 9866 invoked by uid 89); 12 May  
2011 12:52:19 -0000
Received:                 by simscan 1.4.0 ppid: 9860, pid: 9861,  
t: 0.0092s scanners: attach: 1.4.0 clamav: 0.97/m:53/d:13061
Received:                 from unknown (HELO localhost)  
(10.2.1.180) by stmail-nfs1.st-tel.net with SMTP; 12 May 2011  
12:52:19 -0000
Received:                 from 10.2.4.63 ([10.2.4.63]) by  
stwebmail.st-tel.net (Horde Framework) with HTTP; Thu, 12 May 2011  
07:52:19 -0500
Message-ID: <20110512075219.12633e0b85qnc...@stwebmail.st-tel.net>
X-Priority:                 3 (Normal)
Date:                 Thu, 12 May 2011 07:52:19 -0500
From:
apow...@st-tel.net
View contact details
To:                 Gmail test <netmanss1...@gmail.com>, Yahoo test  
<netmanss1...@yahoo.com>, Aaron test <ae...@yahoo.com>
Subject:                 test
MIME-Version:                 1.0
Content-Type:                 text/plain; charset=ISO-8859-1;  
DelSp="Yes"; format="flowed"
Content-Disposition:                 inline
Content-Transfer-Encoding:                 7bit
User-Agent:                 Internet Messaging Program (IMP) H3 (4.3.6)
X-Bayes-Prob:                 0.0001 (Score 0, tokens from: @@RPTN,  
outbound)
X-Spam-Score:                 0.00 () [Hold at 13.00] SPF(pass:0)
X-CanIt-Geo:                 No geolocation information available  
for 10.2.1.160
X-CanItPRO-Stream:                 outbound
X-Canit-Stats-ID:                 03EGAQkXK - ade7763c5d5c - 20110512
X-Scanned-By:                 CanIt (www . roaringpenguin . com) on  
10.2.1.52
Content-Length:                 97

Here is the headers of a dkim=pass (ok)

From apow...@st-tel.net Thu May 12 01:48:10 2011
X-Apparently-To:                 ae...@yahoo.com via  
68.142.199.195; Wed, 11 May 2011 18:48:12 -0700
Return-Path: <apow...@st-tel.net>
Received-SPF:                 pass (mta1221.mail.sk1.yahoo.com:  
domain of apow...@st-tel.net designates 63.170.92.52 as permitted  
sender)  
bW11bmljYXRpb25zCk9mZmljZTogNzg1LTQ2MC03MzAwCkZheDogNzg1LTQ2  
MC03MzAxATABAQEB
X-YMailISG:                  
9ROR0XYcZAp4h_IaiVNuc6zi0qsAKWmEZJfFP0_jFAZxrJLR  
7fWW2ZaAOdzcnixD7ZkTkF0LPTOlo0c1d7GUkxaPyfsJmtsmdY8KL_tQXXyc  
lxrIplJkEsTY4_2PyEegIPDMRwx7ayqaiqRt9qlBBKGRZhLku8P8G1_NpggK  
yzbRa36s3tze1B_QdQnSYfdc4ZAgfqz2KK_t0LqWp0XObDE37RDZRJZ7g4Bq  
5HcMCX7y_IsmC5scUUO1yrMdRQBuTF2kWWcufPJmLl9zbWKxnG0hkph4FhEJ  
EdNkc4kj_sIt65rAOLb3EOvxArhmpyvgtH4uWzDt16JQF3ZvKAqNnTanBmnL  
U2_U_VK1eo_dXwEGK2VZdmdeapqX5d6fPTPsm0FjmPQHZRPfFk44NEAkBKkv  
bXOfx67S.JRv5nNdLxiM3c2eaqsosH2lTHguuLkjGa5otPa35HKmrLZOmqpF  
Tz.hs542I387Hf0jbDUQKfcbz3KjiF9m8L2KZXbSfIBxUrrANSJMsu7cK.7a  
MC7wSmYW7DyfDNPM1c.5MR1qzCtVEya1dumYHZwVIOPcKIcuqDph5KFtZZFH  
3oQD1Wl63A3Bo5PzPeGMaFGM2M65Cjk6mX26MVcTWQW2_Dk_clch26gi5eT_  
lMZa3CNy_X_y5jM91gp.b_XzstkXvn3a9FVObOURR2vV_j1yGYi1ByUTOprT  
MXC4xuC1R7zsI20X1L7eZ.LbDaTXPMmtd0W2.UQcMJSU8tYH5VO0I7UFiXRL  
291h5JQuDFxNHI0kn_JnxXP15MyJCcN2uMJOqa1.iDTF80BTjiAGA.HQPULU  
ZOXFK_JEC53USz6n1mowuQgOEbEc1pjuYSB7Xwo3aBqJGBwOc2Q.G9k2nPAY  
fWV7QnDmzr8qhh0UIeTF6.Otx2ocWGF7rRFPJVABzkl0SoQjCCR6W7aJ8mWA  
uD4rAC4ZdH4s_8pebA50BG.3WOltoaSu6MlB.nYzgA92KLY_4qfUhT2vIkfJ  
.R8GTP9MRfD5yIWv.VCJhazVpNXvpGRpNmVERr17WK3vyZKWw7jC3CsJJZbK  
Z8gn05b02sIM8er7i3jKU5oQI9t1LbG1Vnw61MnA.Tl9cxDXACgWWUznys3Q  
4SpR1oiv6WePob8LNOuNBhggguhiCpInfWNccKoYiRmExYkWaD_6KzUt8dMz  
fdH0gJe3ThMnfkXc8JBhGNr84Asql8qNx0ksBRbgoxJU44aSHDAUhMG_Pjdm  
pKmEKA1_1GEQBHS2eYr1MUFtCCbzE.FOGWv8wG5C33onpl0IPmSu0HMl3gVA  
a45T7CePcJUYiAxTctsQpl7V50cE3s6hINgpI9gxycTfrCSRf5g89xxCnYBH  
X4lSRv.n3VizTen.806V.mTVhL3yH7GS5rY8IehEASPKZZF_wnybX5z44FvW  
W0rTQihRWPbj_TIjCdQln8ntZY3hWQ--
X-Originating-IP:                 [63.170.92.52]
Authentication-Results:                 mta1221.mail.sk1.yahoo.com  
from=st-tel.net; domainkeys=neutral (no sig);  
from=stmail-nfs1.st-tel.net; dkim=pass (ok)
Received:                 from 127.0.0.1 (EHLO mx2.st-tel.net)  
(63.170.92.52) by mta1221.mail.sk1.yahoo.com with SMTP; Wed, 11 May  
2011 18:48:12 -0700
Received:                 from stmail-nfs1.st-tel.net  
(stmail-nfs1.st-tel.net [10.2.1.160]) by mx2.st-tel.net  
(8.13.8/8.13.8/Debian-3+etch1) with ESMTP id p4C1mAlT026209 for  
<ae...@yahoo.com>; Wed, 11 May 2011 20:48:10 -0500
DKIM-Signature:                 v=1; a=rsa-sha1; c=simple;  
d=stmail-nfs1.st-tel.net; h=  
message-id:date:from:to:subject:mime-version:content-type  
:content-transfer-encoding; s=dkim1; bh=qWaYy1rzecELWi+MGj9iPd9l  
YlY=; b=AcwT7q7jLGCYpLnLgd3jrtkyrqYPclyj0dBtkjpwx6FUMZol+QKB8WFw  
JtWo0pMj
Received:                 (qmail 22996 invoked by uid 89); 12 May  
2011 01:48:10 -0000
Received:                 by simscan 1.4.0 ppid: 22990, pid: 22991,  
t: 0.0080s scanners: attach: 1.4.0 clamav: 0.97/m:53/d:13061
Received:                 from unknown (HELO localhost)  
(10.2.1.180) by stmail-nfs1.st-tel.net with SMTP; 12 May 2011  
01:48:10 -0000
Received:                 from 63.163.22.1 ([63.163.22.1]) by  
stwebmail.st-tel.net (Horde Framework) with HTTP; Wed, 11 May 2011  
20:48:10 -0500
Message-ID: <20110511204810.98264j9fzz6c4...@stwebmail.st-tel.net>
X-Priority:                 3 (Normal)
Date:                 Wed, 11 May 2011 20:48:10 -0500
From:
apow...@st-tel.net
View contact details
To:                 "Aaron Powell (Home)" <ae...@yahoo.com>
Subject:                 test
MIME-Version:                 1.0
Content-Type:                 text/plain; charset=ISO-8859-1;  
DelSp="Yes"; format="flowed"
Content-Disposition:                 inline
Content-Transfer-Encoding:                 7bit
User-Agent:                 Internet Messaging Program (IMP) H3 (4.3.6)
X-Bayes-Prob:                 0.0001 (Score 0, tokens from: @@RPTN,  
outbound)
X-Spam-Score:                 0.00 () [Hold at 13.00] SPF(pass:0)
X-CanIt-Geo:                 No geolocation information available  
for 10.2.1.160
X-CanItPRO-Stream:                 outbound
X-Canit-Stats-ID:                 03EGpMayv - 19fdb5f15a2f - 20110511
X-Scanned-By:                 CanIt (www . roaringpenguin . com) on  
10.2.1.52
Content-Length:                 97
Compact Headers

it seems that if we send to three or more recipiants then we get  
the dkim=permerror (bad sig)

but only if those three are in the format of "Aaron Powell"  
<ae...@yahoo.com> and not just ae...@yahoo.com.

any help would be appreciated.

Thanks
- dns query timeout from your servers
- an yahoo server have old dns cache of your dns dkim sig

if you just implement dkim or renew dkim sig it better to have a  
small TTL, and set DNS TXT for
_domainkey.your-domain.com TXT "t=y\;"


Hope that helps you...

--
Bogdan T.
Network/Systems Security
tbogdan['a+t']direkt.ro


---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group  
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.
         To unsubscribe, e-mail:  
qmailtoaster-list-unsubscr...@qmailtoaster.com
    For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




--
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------

Teach CanIt if this mail (ID 04EGT9GSP) is spam:
Spam:         
http://spam.st-tel.net/canit/b.php?i=04EGT9GSP&m=1b09be09b9c4&t=20110513&c=s
Not spam:     
http://spam.st-tel.net/canit/b.php?i=04EGT9GSP&m=1b09be09b9c4&t=20110513&c=n
Forget vote:  
http://spam.st-tel.net/canit/b.php?i=04EGT9GSP&m=1b09be09b9c4&t=20110513&c=f
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS







---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.
    
     To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
    For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com