Closed brucestclair closed 10 years ago
I think you understood something wrong:
The private key doesn't need to be imported anywhere.
Just save it to the following path: C:\Program Files\Exchange DKIM\keys\example.com.private
Then set the path in the config file accordingly (see: https://github.com/Pro/dkim-exchange#configuring-the-agent)
OK I knew I had to missing something simple. Thank you for the quick response. It just needs to reside under the folder structure of the ExchangeDkimSigner.dll?
Yes. The path indicated in the config is relative to the .dll.
Still having an issue. The reply from port25 is this Result: temperror (error retrieving key record: IOException, status = StatusDnsQueryFailed)
config file is (domain name was changed for posting)
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="domainSection" type="ConfigurationSettings.DomainSection, ExchangeDkimSigner"/>
<sectionGroup name="customSection">
<section name="general" type="ConfigurationSettings.General, ExchangeDkimSigner" allowLocation="true" allowDefinition="Everywhere"/>
</sectionGroup>
</configSections>
<domainSection>
<Domains>
<Domain Domain="DomainName.org" Selector="sel2012" PrivateKeyFile="keys/DomainName.org.private"/>
</Domains>
</domainSection>
<customSection>
<general LogLevel="3" HeadersToSign="From; Subject; To; Date; Message-ID;" Algorithm="RsaSha1" HeaderCanonicalization="Simple" BodyCanonicalization="Simple"/>
</customSection>
<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/></startup></configuration>
key = C:\Program Files\Exchange DkimSigner\keys\domain.org.private dll & Config files= C:\Program Files\Exchange DkimSigner\ExchangeDkimSigner.dll & .config
Thank you for any help you can provide.
did not like my xml input Domain Domain="domain.org" Selector="sel2012" PrivateKeyFile="keys/domain.org.private"/
Put the xml within a fenced code block: https://help.github.com/articles/github-flavored-markdown#fenced-code-blocks and post it here.
Wrong backticks :) See here: http://superuser.com/questions/254076/how-do-i-type-the-tick-and-backtick-characters-on-windows
Ok, check the EventLog for any errors (Hint: you can create a user defined view in EventLog and then select "Per Source" and as the value "Exchange DkimSigner")
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="domainSection" type="ConfigurationSettings.DomainSection, ExchangeDkimSigner"/>
<sectionGroup name="customSection">
<section name="general" type="ConfigurationSettings.General, ExchangeDkimSigner" allowLocation="true" allowDefinition="Everywhere"/>
</sectionGroup>
</configSections>
<domainSection>
<Domains>
<Domain Domain="DomainName.org" Selector="sel2012" PrivateKeyFile="keys/DomainName.org.private"/>
</Domains>
</domainSection>
<customSection>
<general LogLevel="3" HeadersToSign="From; Subject; To; Date; Message-ID;" Algorithm="RsaSha1" HeaderCanonicalization="Simple" BodyCanonicalization="Simple"/>
</customSection>
<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/></startup></configuration>
The description for Event ID 0 from source Exchange DKIM cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Signing mail with header: dkim-signature:v=1; a=rsa-sha1; s=sel2012; d=domain.org; c=simple/simple; q=dns/txt;
should I just run the PS script again or uninstall first?
Please also write error messages within Fenced code blocks. Makes them easier to read.
This looks fine. Is there any other message from DKIM? This message is just an information and no error (the first three lines are normal. The last line is important)
What's your domain on which you are trying to send, so I can check the correct selector setting on the DNS Record.
ppmontana.org the mx record for inbound point to a spam filter host.
The DNS settings look OK (according to http://dkimcore.org/c/keycheck) Please try again testing on port25 since the error message from port25 tells the error is only temporary... You can also try this service: http://isnotspam.com/
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: fail (signature doesn't verify)
ID(s) verified:
Canonicalized Headers:
Date:'20'Wed,'20'12'20'Mar'20'2014'20'19:22:42'20'+0000'0D''0A'
From:'20'"Brophy,'20'Dina"'20'<Dina.Brophy@ppmontana.org>'0D''0A'
Message-ID:'20'<ED5C9BC6C0C1694D9986562334729A78E3E5F2C2@EXCHANGE.impp.com>'0D''0A'
Subject:'20'TEST'20'4'0D''0A'
To:'20'"check-auth@verifier.port25.com"'20'<check-auth@verifier.port25.com>'0D''0A'
dkim-signature:'20'v=1;'20'a=rsa-sha1;'20's=sel2012;'20'd=ppmontana.org;'20'c=simple/simple;'20'q=dns/txt;'20'h=Date:From:Message-ID:Subject:To;'20'bh=dTcgEh5gM5kXqmeeJRArWnmezc4=;'20'b=;
This looks like the private key isn't correct. Please regenerate your private key and reset the DNS settings (use a different selector to prevent caching).
Are you using Outlook to send the E-Mail?
@AlexLaroche I just tested Version 1.7 (and 1.8) and it looks like since your relaxed implementation the signing is broken?
Outlook 2007, exchange 2010 SP1 with rollup date #8 installed. I take it you sent to Alec and if you need me to test anythign let me know. I reset the keys and assigned the new key as "key2". Updated DNS, config file etc. Result from port 25 after all of that is
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: fail (signature doesn't verify)
ID(s) verified:
Canonicalized Headers:
Date:'20'Wed,'20'12'20'Mar'20'2014'20'19:22:42'20'+0000'0D''0A'
From:'20'"Brophy,'20'Dina"'20'<Dina.Brophy@ppmontana.org>'0D''0A'
Message-ID:'20'<ED5C9BC6C0C1694D9986562334729A78E3E5F2C2@EXCHANGE.impp.com>'0D''0A'
Subject:'20'TEST'20'4'0D''0A'
To:'20'"check-auth@verifier.port25.com"'20'<check-auth@verifier.port25.com>'0D''0A'
dkim-signature:'20'v=1;'20'a=rsa-sha1;'20's=sel2012;'20'd=ppmontana.org;'20'c=simple/simple;'20'q=dns/txt;'20'h=Date:From:Message-ID:Subject:To;'20'bh=dTcgEh5gM5kXqmeeJRArWnmezc4=;'20'b=;
I want to thank you very much for all the help.
You can use version 1.6.0 in the meantime: https://github.com/Pro/dkim-exchange/tree/v1.6.0
Which is the bast way to roll back to 1.6? Run the PS unistall the then install for the new version?
Just download the zip above. Then execute uninstall, then the install script both from the 1.6.0 version.
Ok, now you can use version 1.8.1 (just download current zip).
I still have the hundred of email from check-auth@verifier.port25.com if you want but not sure that it’s really useful now. I did a lot of debugging with attached process.
I have a Exchange 2010 SP3 server for my test.
Sorry, but I didn’t test on all version of Exchange. Didn’t have all the required material.
I tested simple/simple, simple/relaxed, relaxed/simple, relaxed/relaxed configuration.
I didn’t make any change to simple canonicalization for header and body.
The modification are only when relaxed form is selected.
May be one of my commit wasn’t correct. I have a lot of difficultly to make commit with Visual Studio 2012. Do you have any advise? Do you use something else? In some of my previous commits, some files was missing.
No problem! I'm using Exchange 2010 SP3 too. Maybe you added the few lines in #20 and forgot to test them with simple/simple. Anyway it's fixed now :)
I can recommend using TortoiseGIT (http://code.google.com/p/tortoisegit/) which provides an explorer integration and is much more user friendly than VS Git support.
I got the whoel DNS thing without any problems but the private RSA key I have no clue how to import it. Cert Manager does not like the file no matte rwhat extension I put on it. For your solution how should I import the private key? I must be missing somethign silly but after 2 hours I decided not to fight it anymore.