Opendkim标记为dkim = fail的消息

时间:2017-10-24 12:15:22

标签: postfix-mta dkim

我正在配置opendkim + postfix。它工作正常,发送的邮件已正确签名,但收到的邮件都标记为dkim = fail reason ="签名验证失败"

如何调试此问题?

Return-Path: <sender@gmail.com>
Delivered-To: recipient@mydomain.com
Received: from localhost (mailserver [127.0.0.1])
    by mydomain.com (Postfix) with SMTP id 4DDF93F966
    for <recipient@mydomain.com>; Tue, 24 Oct 2017 13:56:43 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.11.0 mydomain.com 4DDF93F966
Authentication-Results: mydomain.com;
    dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="jmdDmXQb"
Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.85.215.43; helo=mail-lf0-f43.google.com; envelope-from=sender@gmail.com; receiver=recipient@mydomain.com 
DMARC-Filter: OpenDMARC Filter v1.3.2 mydomain.com 2DBE03F963
Authentication-Results: mail.mydomain.com; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.mydomain.com; spf=pass smtp.mailfrom=sender@gmail.com

syslog报告看起来没问题

Oct 24 14:08:39 mailz opendkim[3325]: 4A29F3F938: [209.85.215.45] [209.85.215.45] not internal
Oct 24 14:08:39 mailz opendkim[3325]: 4A29F3F938: not authenticated
Oct 24 14:08:39 mailz opendkim[3325]: 4A29F3F938: DKIM verification successful

但后来它补充说:

Oct 24 14:08:43 mailzener postfix/cleanup[3194]: 6CC243F95E: message-id=<CAMXuvOM+jKLkE=0FrQ+cSqFesmPQujpHoVsfH9G_URg9uYtm1g@mail.gmail.com>
Oct 24 14:08:43 mailzener opendkim[3325]: 6CC243F95E: no signing table match for 'sender@gmail.com'
Oct 24 14:08:43 mailzener opendkim[3325]: 6CC243F95E: bad signature data

我的opendkim配置文件是这样的:

AutoRestart             Yes
AutoRestartRate         10/1h
LogWhy                  Yes
Syslog                  Yes
SyslogSuccess           Yes
Mode                    sv
Canonicalization        relaxed/simple
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
#InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable
SignatureAlgorithm      rsa-sha256
Socket                  inet:8891@localhost
PidFile                 /var/run/opendkim/opendkim.pid
UMask                   022
UserID                  opendkim:opendkim
TemporaryDirectory      /var/tmp

OversignHeaders         From
LogWhy                  Yes
X-Header                yes
MilterDebug     9
ResolverTracing Yes

1 个答案:

答案 0 :(得分:0)

从队列ID 4A29F3F938 vs 6CC243F95E可以看出,这些是两个不同的邮件。

4A29F3F938 传入并且正在验证确定。 6CC243F95E是传出的,我想opendkim会尝试签名邮件。您需要在中间的行中详细说明您对邮件的处理:)

相关问题
最新问题