Discussion:
DKIM showing bad format
(too old to reply)
Naval saini
2012-07-16 12:06:53 UTC
Permalink
Setting up DKIM on my Postfix/CentOS 5.6 server.

It sends and signs the emails, but Google still showing it neutral. The
errors I'm getting are:

dkim=neutral (bad format) header.i=@r02.lbsmtp.org

from googles "show original" interface.

This is what my DKIM-signature header look like:

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=r02.lbsmtp.org;
s=lbsmtp.org; t=1342436478; bh=KpPvOZhGUmgR1WIhVC9UH5OXzTnwtnGMf7tEwI0nNfw=;
h=To:Subject:Message-Id:Date:From;
b=lWWQQZjSEWwSjanB0btmP0Xg0izkyqDwKsxzlUqsL/tA9JAQau6dNCYdJx7OWuNiv
M3vXqrBe3uzFnvGIrQ2xbZy9DMMPmjiqUKn+KKsvmr873eYq5iG9bw6b53SkSJ6uV5
et0iLL6i3XNt/VDBQKuY1ILs+qRI60Eek/nGaXos=

please suggest me how can i solve this problem.?
--
View this message in context: http://old.nabble.com/DKIM-showing-bad-format-tp34167419p34167419.html
Sent from the Postfix mailing list archive at Nabble.com.
Robert Schetterer
2012-07-16 12:53:27 UTC
Permalink
Post by Naval saini
Setting up DKIM on my Postfix/CentOS 5.6 server.
It sends and signs the emails, but Google still showing it neutral. The
from googles "show original" interface.
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=r02.lbsmtp.org;
s=lbsmtp.org; t=1342436478; bh=KpPvOZhGUmgR1WIhVC9UH5OXzTnwtnGMf7tEwI0nNfw=;
h=To:Subject:Message-Id:Date:From;
b=lWWQQZjSEWwSjanB0btmP0Xg0izkyqDwKsxzlUqsL/tA9JAQau6dNCYdJx7OWuNiv
M3vXqrBe3uzFnvGIrQ2xbZy9DMMPmjiqUKn+KKsvmr873eYq5iG9bw6b53SkSJ6uV5
et0iLL6i3XNt/VDBQKuY1ILs+qRI60Eek/nGaXos=
please suggest me how can i solve this problem.?
you may run in dns caching time problems by changing dkim

send mail to reflectors
to test

i.e

***@auth.returnpath.net

there are more reflector services outside
search for it i.e on dkim info pages
--
Best Regards
MfG Robert Schetterer
r***@gmail.com
2016-11-14 02:54:42 UTC
Permalink
Post by Robert Schetterer
Post by Naval saini
Setting up DKIM on my Postfix/CentOS 5.6 server.
It sends and signs the emails, but Google still showing it neutral. The
from googles "show original" interface.
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=r02.lbsmtp.org;
s=lbsmtp.org; t=1342436478; bh=KpPvOZhGUmgR1WIhVC9UH5OXzTnwtnGMf7tEwI0nNfw=;
h=To:Subject:Message-Id:Date:From;
b=lWWQQZjSEWwSjanB0btmP0Xg0izkyqDwKsxzlUqsL/tA9JAQau6dNCYdJx7OWuNiv
M3vXqrBe3uzFnvGIrQ2xbZy9DMMPmjiqUKn+KKsvmr873eYq5iG9bw6b53SkSJ6uV5
et0iLL6i3XNt/VDBQKuY1ILs+qRI60Eek/nGaXos=
please suggest me how can i solve this problem.?
you may run in dns caching time problems by changing dkim
send mail to reflectors
to test
i.e
there are more reflector services outside
search for it i.e on dkim info pages
--
Best Regards
MfG Robert Schetterer
Viktor Dukhovni
2012-07-16 15:12:33 UTC
Permalink
Post by Naval saini
DKIM-Signature: v=1; a=rsa-sha256;
c=simple/simple;
d=r02.lbsmtp.org;
s=lbsmtp.org;
please suggest me how can i solve this problem.?
You may get better results with c=relaxed/relaxed.

I see no DNS records for the selector/domain pair you're signing with:

$ dig -t txt lbsmtp.org._domainkey.r02.lbsmtp.org
...
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47502
...
lbsmtp.org. 7200 IN SOA enow.mercury.orderbox-dns.com. ...

This is a serious problem, since the public key needed to verify
the message is not published in your DNS.
--
Viktor.
Naval saini
2012-07-17 08:51:50 UTC
Permalink
so viktor How can i publish keys in my DNS.. ?

This is my DNS ZONE file entry:

_domainkey.r02.lbsmtp.org. IN TXT "t=y; o=-;"
lbsmtp.org._domainkey.r02.lbsmtp.org. IN TXT "k=rsa; t=y;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+Nk+qAXShe92GLTe8sXXHFeH+lqZpxWMqCPqRdowGTx3Scrq7mgqEPnc49Po5cS0NjZI/eWF/rzD7/qpbpKLR2eZx3/8JEn67EtjKmuVc/uyejL5WSxkHsj4rhHFnX96yqV0iS+odGqy4c/QWvbbF+LB/rcOXDkvOR544O4LGgwIDAQAB"
Post by Viktor Dukhovni
Post by Naval saini
DKIM-Signature: v=1; a=rsa-sha256;
c=simple/simple;
d=r02.lbsmtp.org;
s=lbsmtp.org;
please suggest me how can i solve this problem.?
You may get better results with c=relaxed/relaxed.
$ dig -t txt lbsmtp.org._domainkey.r02.lbsmtp.org
...
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47502
...
lbsmtp.org. 7200 IN SOA enow.mercury.orderbox-dns.com. ...
This is a serious problem, since the public key needed to verify
the message is not published in your DNS.
--
Viktor.
Viktor Dukhovni
2012-07-17 14:51:19 UTC
Permalink
Post by Naval saini
_domainkey.r02.lbsmtp.org. IN TXT "t=y; o=-;"
The above resource record (RR) has no selector, it has no meaning in DKIM.
Post by Naval saini
lbsmtp.org._domainkey.r02.lbsmtp.org. IN TXT
"k=rsa; t=y;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+Nk+qAXShe92GLTe8sXXHFeH+
lqZpxWMqCPqRdowGTx3Scrq7mgqEPnc49Po5cS0NjZI/eWF/rzD7/qpbpKLR2eZx
3/8JEn67EtjKmuVc/uyejL5WSxkHsj4rhHFnX96yqV0iS+odGqy4c/QWvbbF+LB/
rcOXDkvOR544O4LGgwIDAQAB"
Congratulations, you're configured a 1024-bit RSA key (many sites have
foolishly created 512-bit RSA keys, which are too easily factored). That
said, your DNS does not in fact publish this RR to the world at large:

$ dig -t txt lbsmtp.org._domainkey.r02.lbsmtp.org
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18036
lbsmtp.org. 7200 IN SOA enow.mercury.orderbox-dns.com. ...

So your DKIM public key is not available for verification. Over
and out.
--
Viktor.
Naval saini
2012-07-17 16:15:10 UTC
Permalink
Actually my Domain name is lbsmtp.org and i relay mails from my domain as
relayhost through MX record in my dns zone file now i want to sign outbound
mails Since i am new postfix user so please can explain me how can i get
DKIM signing mails .
Please explain me about which and what kind of entries required in dns. If
any tutorial please send me the link...
Post by Viktor Dukhovni
Post by Naval saini
_domainkey.r02.lbsmtp.org. IN TXT "t=y; o=-;"
The above resource record (RR) has no selector, it has no meaning in DKIM.
Post by Naval saini
lbsmtp.org._domainkey.r02.lbsmtp.org. IN TXT
"k=rsa; t=y;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+Nk+qAXShe92GLTe8sXXHFeH+
lqZpxWMqCPqRdowGTx3Scrq7mgqEPnc49Po5cS0NjZI/eWF/rzD7/qpbpKLR2eZx
3/8JEn67EtjKmuVc/uyejL5WSxkHsj4rhHFnX96yqV0iS+odGqy4c/QWvbbF+LB/
rcOXDkvOR544O4LGgwIDAQAB"
Congratulations, you're configured a 1024-bit RSA key (many sites have
foolishly created 512-bit RSA keys, which are too easily factored). That
$ dig -t txt lbsmtp.org._domainkey.r02.lbsmtp.org
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18036
lbsmtp.org. 7200 IN SOA enow.mercury.orderbox-dns.com. ...
So your DKIM public key is not available for verification. Over
and out.
--
Viktor.
Wietse Venema
2012-07-17 16:58:38 UTC
Permalink
Post by Naval saini
Actually my Domain name is lbsmtp.org and i relay mails from my domain as
relayhost through MX record in my dns zone file now i want to sign outbound
mails Since i am new postfix user so please can explain me how can i get
DKIM signing mails .
Please explain me about which and what kind of entries required in dns. If
any tutorial please send me the link...
I suggest that you read http://tools.ietf.org/html/rfc6376, look
at the examples in the appendices, and come back if you have any
questions.

Wietse
Robert Schetterer
2012-07-17 17:03:15 UTC
Permalink
Actually my Domain name is lbsmtp.org <http://lbsmtp.org> and i relay
mails from my domain as relayhost through MX record in my dns zone file
now i want to sign outbound mails Since i am new postfix user so please
can explain me how can i get DKIM signing mails .
Please explain me about which and what kind of entries required in dns.
If any tutorial please send me the link...
Viktor has allready answered
you need to publish your dkim key in the your dns zone file

looks like

nameservers for lbsmtp.org

are

Name Server:ENOW.MARS.ORDERBOX-DNS.COM
Name Server:ENOW.EARTH.ORDERBOX-DNS.COM
Name Server:ENOW.VENUS.ORDERBOX-DNS.COM
Name Server:ENOW.MERCURY.ORDERBOX-DNS.COM

so there should be some interface for publish your dkim key and/or some
admin which will do it for you , then

sign your mail with i.e dkim milter service

perhaps this will help

https://help.ubuntu.com/community/Postfix/DKIM
On Tue, Jul 17, 2012 at 8:21 PM, Viktor Dukhovni
_domainkey.r02.lbsmtp.org <http://domainkey.r02.lbsmtp.org>.
IN TXT "t=y; o=-;"
The above resource record (RR) has no selector, it has no meaning in
DKIM.
lbsmtp.org._domainkey.r02.lbsmtp.org
<http://domainkey.r02.lbsmtp.org>. IN TXT
"k=rsa; t=y;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+Nk+qAXShe92GLTe8sXXHFeH+
lqZpxWMqCPqRdowGTx3Scrq7mgqEPnc49Po5cS0NjZI/eWF/rzD7/qpbpKLR2eZx
3/8JEn67EtjKmuVc/uyejL5WSxkHsj4rhHFnX96yqV0iS+odGqy4c/QWvbbF+LB/
rcOXDkvOR544O4LGgwIDAQAB"
Congratulations, you're configured a 1024-bit RSA key (many sites have
foolishly created 512-bit RSA keys, which are too easily factored). That
$ dig -t txt lbsmtp.org._domainkey.r02.lbsmtp.org
<http://domainkey.r02.lbsmtp.org>
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18036
lbsmtp.org <http://lbsmtp.org>. 7200 IN SOA
enow.mercury.orderbox-dns.com
<http://enow.mercury.orderbox-dns.com>. ...
So your DKIM public key is not available for verification. Over
and out.
--
Viktor.
--
Best Regards
MfG Robert Schetterer
Viktor Dukhovni
2012-07-17 22:39:01 UTC
Permalink
Post by Naval saini
Actually my Domain name is lbsmtp.org and i relay mails from my domain as
relayhost through MX record in my dns zone file now i want to sign outbound
mails Since i am new postfix user so please can explain me how can i get
DKIM signing mails.
The best way to get help is to ask specific questions. Questions
of the form "please explain everything to me with step-by-step
instructions" are too much to ask of a community of volunteers.

You can search for a step-by-step guide via your favourite search
engine.
Post by Naval saini
Please explain me about which and what kind of entries required in dns. If
any tutorial please send me the link...
This is the Postfix users list. Perhaps you can find a DKIM forum
that will help you with the specifics of DKIM. You're already
signing your messages with DKIM, so the Postfix part is done.

The remaining issues are not Postfix related.

Your domain was created on Jul 06 2012 via privacyprotect.org. This
makes it look a bit suspect...
--
Viktor.
t***@gmail.com
2019-08-21 18:35:43 UTC
Permalink
Post by Viktor Dukhovni
Post by Naval saini
Actually my Domain name is lbsmtp.org and i relay mails from my domain as
relayhost through MX record in my dns zone file now i want to sign outbound
mails Since i am new postfix user so please can explain me how can i get
DKIM signing mails.
The best way to get help is to ask specific questions. Questions
of the form "please explain everything to me with step-by-step
instructions" are too much to ask of a community of volunteers.
You can search for a step-by-step guide via your favourite search
engine.
Post by Naval saini
Please explain me about which and what kind of entries required in dns. If
any tutorial please send me the link...
This is the Postfix users list. Perhaps you can find a DKIM forum
that will help you with the specifics of DKIM. You're already
signing your messages with DKIM, so the Postfix part is done.
The remaining issues are not Postfix related.
Your domain was created on Jul 06 2012 via privacyprotect.org. This
makes it look a bit suspect...
--
Viktor.
Hello - Im dealing with same issue , everything is failing ( bad format)
Naval saini
2012-07-18 04:58:55 UTC
Permalink
Thank u all i'll try to resolve my problem ...if i'll have any query then
i'll come here again...
Post by Naval saini
Post by Naval saini
Actually my Domain name is lbsmtp.org and i relay mails from my domain
as
Post by Naval saini
relayhost through MX record in my dns zone file now i want to sign
outbound
Post by Naval saini
mails Since i am new postfix user so please can explain me how can i get
DKIM signing mails.
The best way to get help is to ask specific questions. Questions
of the form "please explain everything to me with step-by-step
instructions" are too much to ask of a community of volunteers.
You can search for a step-by-step guide via your favourite search
engine.
Post by Naval saini
Please explain me about which and what kind of entries required in dns.
If
Post by Naval saini
any tutorial please send me the link...
This is the Postfix users list. Perhaps you can find a DKIM forum
that will help you with the specifics of DKIM. You're already
signing your messages with DKIM, so the Postfix part is done.
The remaining issues are not Postfix related.
Your domain was created on Jul 06 2012 via privacyprotect.org. This
makes it look a bit suspect...
--
Viktor.
Loading...