Re: [mailop] New member, trying to bring our mail server inline.

2023-03-04 Thread Laura Atkins via mailop 
oops! Looks like I grabbed the wrong value. 

laura 


> On 3 Mar 2023, at 16:58, Mark Alley via mailop  wrote:
> 
> The selector seems to just be "1", of which the published record appears to 
> be valid in DNS.
> 
> https://tools.wordtothewise.com/dkim/check/warwickri.gov/1
> 
> DNS propagation  
> shows the DKIM record is resolvable across the internet, so resolution isn't 
> the problem, and it appears to be syntactically valid.
> 
> @Salvatore - if you send a test message to the address provided to you on 
> https://learndmarc.com , it will show you 
> authentication results of direct messages from your mail server which you can 
> use to troubleshoot authentication further.
> 
> - Mark Alley
> 
> 
> 
> On 3/3/2023 10:27 AM, Laura Atkins via mailop wrote:
>> Based on the headers of the message you sent here (to mailop), you have yet 
>> to actually publish a public key in DNS. 
>> 
>> https://tools.wordtothewise.com/dkim/check/warwickri/1677852725
>> 
>> laura 
>> 
>>> On 3 Mar 2023, at 14:12, Salvatore Jr Walter P via mailop 
>>>   wrote:
>>> 
>>> We are in the final stages of migrating our exchange server from 2013 to 
>>> 2019.
>>> I found out we had no SPF, DMARC, DKIM etc setup on our domains.
>>>  
>>> Trying to get us setup properly and have SPF and DMARC working, DKIM is 
>>> another story.
>>> Setup on the server, sent the key to our ISP for the DNS to be added.
>>> Headers show the signature is being included.
>>>  
>>> DKIM-Signature: v=1; a=rsa-sha256; d=redacted.gov ; 
>>> s=1; c=relaxed/relaxed;
>>> t=1677851456; h=from:subject:to:date:message-id;(rest of key)
>>>  
>>>  
>>> Also from the headers:
>>>  
>>> Authentication-Results: inbound.redacted.net ;
>>>  spf=pass smtp.mailfrom=redacted@ redacted.gov ;
>>>  dkim=fail header.d= redacted.gov ;
>>>  dmarc=pass (policy=none; pct=100; status=pass);
>>>  arc=none
>>>  
>>> Any suggestion where to go from here? We are having all emails blocked by 
>>> AT, no idea why so trying to get all our ducks in a row and make sure we 
>>> are doing everything the “right” way.
>>> ___
>>> mailop mailing list
>>> mailop@mailop.org 
>>> https://list.mailop.org/listinfo/mailop
>> 
>> -- 
>> The Delivery Experts
>> 
>> Laura Atkins
>> Word to the Wise
>> la...@wordtothewise.com  
>> 
>> Email Delivery Blog: http://wordtothewise.com/blog   
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> ___
>> mailop mailing list
>> mailop@mailop.org 
>> https://list.mailop.org/listinfo/mailop
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

-- 
The Delivery Experts

Laura Atkins
Word to the Wise
la...@wordtothewise.com 

Email Delivery Blog: http://wordtothewise.com/blog  






___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] New member, trying to bring our mail server inline.

2023-03-03 Thread Benny Pedersen via mailop 

Laura Atkins via mailop skrev den 2023-03-03 18:55:

The message he sent to mailop had the selector I used and is also
failing DKIM.


mailop.org domain does not provide any dkim signed msgs, thats on 
propose from them imho, but spamassassin still see my signing an claims 
take over from header dkim fails


dkim works :)

if dkim signing was aswell removed in take over it will fire on adsp 
sign all


mailman 2.1 is now over 2 years old software and possible mailman 3 
fixes all problems with dkim, so takeover can be removed for goods ?


i still dream, but hopefully not
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] New member, trying to bring our mail server inline.

2023-03-03 Thread Ángel via mailop 
On 2023-03-03 at 17:55 +, Laura Atkins via mailop wrote:
> The message he sent to mailop had the selector I used and is also
> failing DKIM. 
> 
> laura 

No, sorry.

I am afraid you seem to have mistyped it.

DKIM-Signature: v=1; a=rsa-sha256; d=warwickri.gov; s=1; c=relaxed/relaxed;
 t=1677852725; h=from:subject:to:date:message-id;
 bh=cA/OIM8ysmjT9eAjZb7DPsvTZ2Serh4Gqwja8FC9VCQ=;
 b=DxJYATfR...

The selector is 1, which is on the dns

$ dig 1._domainkey.warwickri.gov -t txt +short
"v=DKIM1; k=rsa; 
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiToJ+OXb2Kabo7KiaprSdazfCFe+iZLli/uHRzWtQA0QUeXttBSkUhbH2vjXnmj2dLy+x2+b8Wwm/tCFYR1ujOSifGPFTMaayFjDifgKol8w+rGYhwErgULuL3FNzaDtubEuGkJH6ciFBIE"
 
"KEw0nV+B6XKZvkjUGnUXmZAcWOWRF/Po1gASwV//TStIjuFwzRoFUVrzXPPlVUhhRGn99sgkK3Z0Tq3fLN8hKP9Dww6A8G/O7j5wfx/V3TXbzkkKf79OrSLQXCoyDFtwqO+8RBVzbayHHiit+GdeEiZi8dIssqPgW1DZVLIPFGJ2hpPGZV1/vsuxBEX6MPGJY2kBpYQIDAQAB"

(it was already several hours ago, I had checked this at the time of my
reply)


you seem to have used as selector 1677852725, which is the value for the 
Signature Timestamp (t=1677852725)


Regards


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] New member, trying to bring our mail server inline.

2023-03-03 Thread Laura Atkins via mailop 
The message he sent to mailop had the selector I used and is also failing DKIM. 

laura 



> On 3 Mar 2023, at 16:58, Mark Alley via mailop  wrote:
> 
> The selector seems to just be "1", of which the published record appears to 
> be valid in DNS.
> 
> https://tools.wordtothewise.com/dkim/check/warwickri.gov/1
> 
> DNS propagation  
> shows the DKIM record is resolvable across the internet, so resolution isn't 
> the problem, and it appears to be syntactically valid.
> 
> @Salvatore - if you send a test message to the address provided to you on 
> https://learndmarc.com , it will show you 
> authentication results of direct messages from your mail server which you can 
> use to troubleshoot authentication further.
> 
> - Mark Alley
> 
> 
> 
> On 3/3/2023 10:27 AM, Laura Atkins via mailop wrote:
>> Based on the headers of the message you sent here (to mailop), you have yet 
>> to actually publish a public key in DNS. 
>> 
>> https://tools.wordtothewise.com/dkim/check/warwickri/1677852725
>> 
>> laura 
>> 
>>> On 3 Mar 2023, at 14:12, Salvatore Jr Walter P via mailop 
>>>   wrote:
>>> 
>>> We are in the final stages of migrating our exchange server from 2013 to 
>>> 2019.
>>> I found out we had no SPF, DMARC, DKIM etc setup on our domains.
>>>  
>>> Trying to get us setup properly and have SPF and DMARC working, DKIM is 
>>> another story.
>>> Setup on the server, sent the key to our ISP for the DNS to be added.
>>> Headers show the signature is being included.
>>>  
>>> DKIM-Signature: v=1; a=rsa-sha256; d=redacted.gov ; 
>>> s=1; c=relaxed/relaxed;
>>> t=1677851456; h=from:subject:to:date:message-id;(rest of key)
>>>  
>>>  
>>> Also from the headers:
>>>  
>>> Authentication-Results: inbound.redacted.net ;
>>>  spf=pass smtp.mailfrom=redacted@ redacted.gov ;
>>>  dkim=fail header.d= redacted.gov ;
>>>  dmarc=pass (policy=none; pct=100; status=pass);
>>>  arc=none
>>>  
>>> Any suggestion where to go from here? We are having all emails blocked by 
>>> AT, no idea why so trying to get all our ducks in a row and make sure we 
>>> are doing everything the “right” way.
>>> ___
>>> mailop mailing list
>>> mailop@mailop.org 
>>> https://list.mailop.org/listinfo/mailop
>> 
>> -- 
>> The Delivery Experts
>> 
>> Laura Atkins
>> Word to the Wise
>> la...@wordtothewise.com  
>> 
>> Email Delivery Blog: http://wordtothewise.com/blog   
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> ___
>> mailop mailing list
>> mailop@mailop.org 
>> https://list.mailop.org/listinfo/mailop
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

-- 
The Delivery Experts

Laura Atkins
Word to the Wise
la...@wordtothewise.com 

Email Delivery Blog: http://wordtothewise.com/blog  






___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] New member, trying to bring our mail server inline.

2023-03-03 Thread Mark Alley via mailop 
The selector seems to just be "1", of which the published record appears 
to be valid in DNS.


https://tools.wordtothewise.com/dkim/check/warwickri.gov/1

DNS propagation  
shows the DKIM record is resolvable across the internet, so resolution 
isn't the problem, and it appears to be syntactically valid.


@Salvatore - if you send a test message to the address provided to you 
on https://learndmarc.com, it will show you authentication results of 
direct messages from your mail server which you can use to troubleshoot 
authentication further.


- Mark Alley


On 3/3/2023 10:27 AM, Laura Atkins via mailop wrote:
Based on the headers of the message you sent here (to mailop), you 
have yet to actually publish a public key in DNS.


https://tools.wordtothewise.com/dkim/check/warwickri/1677852725

laura

On 3 Mar 2023, at 14:12, Salvatore Jr Walter P via mailop 
 wrote:


We are in the final stages of migrating our exchange server from 2013 
to 2019.

I found out we had no SPF, DMARC, DKIM etc setup on our domains.
Trying to get us setup properly and have SPF and DMARC working, DKIM 
is another story.

Setup on the server, sent the key to our ISP for the DNS to be added.
Headers show the signature is being included.
DKIM-Signature: v=1; a=rsa-sha256; d=redacted.gov 
; s=1; c=relaxed/relaxed;

    t=1677851456; h=from:subject:to:date:message-id;(rest of key)
Also from the headers:
Authentication-Results:inbound.redacted.net  ;
  spf=pass smtp.mailfrom=redac...@redacted.gov  ;
  dkim=fail header.d=redacted.gov  ;
  dmarc=pass (policy=none; pct=100; status=pass);
  arc=none
Any suggestion where to go from here? We are having all emails 
blocked by AT, no idea why so trying to get all our ducks in a row 
and make sure we are doing everything the “right” way.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


--
The Delivery Experts

Laura Atkins
Word to the Wise
la...@wordtothewise.com

Email Delivery Blog: http://wordtothewise.com/blog







___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] New member, trying to bring our mail server inline.

2023-03-03 Thread Laura Atkins via mailop 
Based on the headers of the message you sent here (to mailop), you have yet to 
actually publish a public key in DNS. 

https://tools.wordtothewise.com/dkim/check/warwickri/1677852725

laura 

> On 3 Mar 2023, at 14:12, Salvatore Jr Walter P via mailop  
> wrote:
> 
> We are in the final stages of migrating our exchange server from 2013 to 2019.
> I found out we had no SPF, DMARC, DKIM etc setup on our domains.
>  
> Trying to get us setup properly and have SPF and DMARC working, DKIM is 
> another story.
> Setup on the server, sent the key to our ISP for the DNS to be added.
> Headers show the signature is being included.
>  
> DKIM-Signature: v=1; a=rsa-sha256; d=redacted.gov ; 
> s=1; c=relaxed/relaxed;
> t=1677851456; h=from:subject:to:date:message-id;(rest of key)
>  
>  
> Also from the headers:
>  
> Authentication-Results: inbound.redacted.net ;
>  spf=pass smtp.mailfrom=redacted@ redacted.gov ;
>  dkim=fail header.d= redacted.gov ;
>  dmarc=pass (policy=none; pct=100; status=pass);
>  arc=none
>  
> Any suggestion where to go from here? We are having all emails blocked by 
> AT, no idea why so trying to get all our ducks in a row and make sure we 
> are doing everything the “right” way.
> ___
> mailop mailing list
> mailop@mailop.org 
> https://list.mailop.org/listinfo/mailop

-- 
The Delivery Experts

Laura Atkins
Word to the Wise
la...@wordtothewise.com 

Email Delivery Blog: http://wordtothewise.com/blog  






___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] New member, trying to bring our mail server inline.

2023-03-03 Thread Ángel via mailop 
On 2023-03-03 at 14:12 +, Salvatore Jr Walter P via mailop wrote:
> We are in the final stages of migrating our exchange server from 2013
> to 2019.
> I found out we had no SPF, DMARC, DKIM etc setup on our domains.
>  
> Trying to get us setup properly and have SPF and DMARC working, DKIM
> is another story.
> Setup on the server, sent the key to our ISP for the DNS to be added.
> Headers show the signature is being included.
>  
> DKIM-Signature: v=1; a=rsa-sha256; d=redacted.gov; s=1;
> c=relaxed/relaxed;
> t=1677851456; h=from:subject:to:date:message-id;(rest of key)
>  
>  
> Also from the headers:
>  
> Authentication-Results: inbound.redacted.net;
>  spf=pass smtp.mailfrom=redacted@ redacted.gov;
>  dkim=fail header.d= redacted.gov;
>  dmarc=pass (policy=none; pct=100; status=pass);
>  arc=none
>  
> Any suggestion where to go from here? We are having all emails
> blocked by AT, no idea why so trying to get all our ducks in a row
> and make sure we are doing everything the “right” way.

Hello Salvatore

The Authentication-Results header is added by the receiving
server inbound.redacted.net, noting what it found (it considers the
email not passing DKIM).

Is warwickri.gov the domain you are setting up?
Could you share a full, unredacted email with headers? (e.g. a test
email sent to a freemail account you own)

Regards


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] New member, trying to bring our mail server inline.

2023-03-03 Thread Salvatore Jr Walter P via mailop 
We are in the final stages of migrating our exchange server from 2013 to 2019.
I found out we had no SPF, DMARC, DKIM etc setup on our domains.

Trying to get us setup properly and have SPF and DMARC working, DKIM is another 
story.
Setup on the server, sent the key to our ISP for the DNS to be added.
Headers show the signature is being included.

DKIM-Signature: v=1; a=rsa-sha256; d=redacted.gov; s=1; c=relaxed/relaxed;
t=1677851456; h=from:subject:to:date:message-id;(rest of key)


Also from the headers:


Authentication-Results: inbound.redacted.net;

 spf=pass smtp.mailfrom=redacted@ redacted.gov;

 dkim=fail header.d= redacted.gov;

 dmarc=pass (policy=none; pct=100; status=pass);

 arc=none

Any suggestion where to go from here? We are having all emails blocked by AT, 
no idea why so trying to get all our ducks in a row and make sure we are doing 
everything the "right" way.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop