dkim validation failures

[msimerson]

After seeing the recent DKIM bug fixed I re-enabled the DKIM verify plugin on my server.

I haven't tracked this down yet, but in some cases, the DKIM plugin fails to verify messages that presumably should pass verification.

May 28 10:18:29 node [rspamd] is_spam: false, is_skipped: false, score: -1.4, required_score: 15, action: no action, RWL_MAILSPIKE_VERYGOOD: 0, R_DKIM_ALLOW: -1.1, HFILTER_MID_NORES_A_OR_MX: 0.5, FORGED_SENDER: 0.299999, R_SPF_ALLOW: -1.1, emails: dprice@sigels.com, messages: (SPF): spf allow
May 28 10:18:31 node [spamassassin] status=No, score=-1.9, required=5.0, reject=20, tests="BAYES_00,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,\r     HTML_IMAGE_RATIO_06,HTML_MESSAGE,LOTS_OF_MONEY,RCVD_IN_MSPIKE_H4,\r     RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS,T_RP_MATCHES_RCVD"
May 28 10:18:31 node [dkim_verify] identity="newsroom@e.chainstoreguide.com" domain="e.chainstoreguide.com" selector="spop" result=fail 

Note that both spamassassin (Mail::DKIM) and rspamd (custom lua plugin) both validated the DKIM signature.

[smfreegard]

You'll need to write something to use the quarantine plugin to capture the message when this happens as I'll need some examples to troubleshoot it.

[msimerson]

I don't know if it'll help, but the failures seem to be clustered around a few domains:

$ grep dkim_verify /var/log/maillog | grep -v pass
May 28 10:18:31 node haraka[74757]: [INFO] [C4CEABF1-FF0D-418C-8A37-73754F8A2568.1] [dkim_verify] identity="newsroom@e.chainstoreguide.com" domain="e.chainstoreguide.com" selector="spop" result=fail 
May 28 10:19:23 node haraka[74757]: [INFO] [D0D2F508-9134-49FA-99BA-00293F816980.1] [dkim_verify] identity="@gmail.com" domain="gmail.com" selector="20120113" result=fail (body hash did not verify)
May 28 10:20:06 node haraka[74757]: [INFO] [7BB02D24-8A2E-4B8D-94C1-EFD6FAC91612.1] [dkim_verify] identity="@yahoo.com" domain="yahoo.com" selector="s2048" result=fail 
May 28 10:22:47 node haraka[74757]: [INFO] [3F505B6E-8008-40AF-BEDC-846F947E71C9.1] [dkim_verify] identity="@yahoo.com" domain="yahoo.com" selector="s2048" result=fail 
May 28 10:26:36 node haraka[74757]: [INFO] [6EA3E7D7-2FDE-4438-BE97-9082DA735AE8.1] [dkim_verify] identity="@fedex.com" domain="fedex.com" selector="edc" result=fail (body hash did not verify)
May 28 10:27:11 node haraka[74757]: [INFO] [E4E1B4DB-550A-4087-9D71-407BC979C251.1] [dkim_verify] identity="@marketing.classmates.com" domain="marketing.classmates.com" selector="marketing.classmates20111026.key.pem" result=fail (body hash did not verify)
May 28 10:30:02 node haraka[74757]: [INFO] [515F9FBB-D661-4190-A8B9-75E2F2366DEE.1] [dkim_verify] identity="rich.harshaw@mymonline.com" domain="mymonline.com" selector="dked" result=invalid (no key for signature)
May 28 10:30:02 node haraka[74757]: [ERROR] [515F9FBB-D661-4190-A8B9-75E2F2366DEE.1] [dkim_verify] mymonline.com(no key for signature)
May 28 10:30:12 node haraka[74757]: [INFO] [470EFD65-8D05-44C6-A858-E16375345E15.1] [dkim_verify] identity="@mandrillapp.com" domain="mandrillapp.com" selector="mandrill" result=fail 
May 28 10:30:22 node haraka[74757]: [INFO] [CF6D188C-CEE5-4950-BB2F-F5A1C8EF9086.1] [dkim_verify] identity="@mandrillapp.com" domain="mandrillapp.com" selector="mandrill" result=fail 
May 28 10:31:24 node haraka[74757]: [INFO] [25004618-73DB-4A01-9110-908936AA7E4F.1] [dkim_verify] identity="@p.sourcemediaemail.com" domain="p.sourcemediaemail.com" selector="sailthru" result=invalid (no key for signature)
May 28 10:31:24 node haraka[74757]: [ERROR] [25004618-73DB-4A01-9110-908936AA7E4F.1] [dkim_verify] p.sourcemediaemail.com(no key for signature)
May 28 10:32:34 node haraka[74757]: [INFO] [F1AA7C24-16A3-4A99-AF12-C75D6065AEFE.1] [dkim_verify] identity="@\r     bmail9.shb41.bmsend.com" domain="\r     bmail9.shb41.bmsend.com" selector="bmdeda" result=invalid (no key for signature)
May 28 10:32:34 node haraka[74757]: [ERROR] [F1AA7C24-16A3-4A99-AF12-C75D6065AEFE.1] [dkim_verify] \r   bmail9.shb41.bmsend.com(no key for signature)
May 28 10:35:58 node haraka[74757]: [INFO] [A878CCFF-06C4-479F-A03D-AAADAABF30E7.1] [dkim_verify] identity="rich.harshaw@mymonline.com" domain="mymonline.com" selector="dked" result=invalid (no key for signature)
May 28 10:35:58 node haraka[74757]: [ERROR] [A878CCFF-06C4-479F-A03D-AAADAABF30E7.1] [dkim_verify] mymonline.com(no key for signature)
May 28 10:38:49 node haraka[74757]: [INFO] [16861C94-67F7-458A-973F-81E383AB8009.1] [dkim_verify] identity="@github.com" domain="github.com" selector="pf2014" result=fail 
May 28 10:41:35 node haraka[74757]: [INFO] [41D06530-72E4-4904-BAD8-D4C6C8914922.1] [dkim_verify] identity="@mandrillapp.com" domain="mandrillapp.com" selector="mandrill" result=fail 
May 28 10:43:54 node haraka[74757]: [INFO] [EA572937-E1F1-4A1C-BBE8-C04A1555277C.1] [dkim_verify] identity="@mandrillapp.com" domain="mandrillapp.com" selector="mandrill" result=fail 
May 28 10:44:44 node haraka[74757]: [INFO] [C4C17A8F-6F86-4213-8922-311B1321ED2E.1] [dkim_verify] identity="@email.prnewsonlineproducts.com" domain="email.prnewsonlineproducts.com" selector="s669271a" result=fail (body hash did not verify)
May 28 10:50:29 node haraka[74757]: [INFO] [49A87003-0532-4DFC-A392-330BCBEDD2E0.1] [dkim_verify] identity="news@news.punchingbagnews.com" domain="news.punchingbagnews.com" selector="emv" result=fail (body hash did not verify)
May 28 11:00:49 node haraka[74757]: [INFO] [2E3DAB4D-0DCD-4599-AEC3-3960DD13931F.1] [dkim_verify] identity="marketing=3Dtruefabrications.com@mail204.atl61.mcsv.net" domain="mail204.atl61.mcsv.net" selector="k1" result=fail (body hash did not verify)
May 28 11:01:21 node haraka[74757]: [INFO] [86859C29-1EDD-4663-968A-F9C271ABD39D.1] [dkim_verify] identity="unknown" domain="crainmarketing.com" selector="200608" result=invalid (domain mismatch)
May 28 11:01:21 node haraka[74757]: [ERROR] [86859C29-1EDD-4663-968A-F9C271ABD39D.1] [dkim_verify] crainmarketing.com(domain mismatch)
May 28 11:01:42 node haraka[74757]: [INFO] [22B0D261-D642-4FFC-A1F3-D4C472811BE2.1] [dkim_verify] identity="@wordpress.com" domain="wordpress.com" selector="my5" result=fail 
May 28 11:03:59 node haraka[74757]: [INFO] [B5686B17-61A2-47CA-A4DC-C4E6C54C2CC9.1] [dkim_verify] identity="@squareup.com" domain="squareup.com" selector="201308" result=fail 
May 28 11:09:31 node haraka[74757]: [INFO] [79109352-5136-4FCA-9F91-67544B9ACCBA.1] [dkim_verify] identity="@\r     bmail9.shb41.bmsend.com" domain="\r     bmail9.shb41.bmsend.com" selector="bmdeda" result=invalid (no key for signature)
May 28 11:09:31 node haraka[74757]: [ERROR] [79109352-5136-4FCA-9F91-67544B9ACCBA.1] [dkim_verify] \r   bmail9.shb41.bmsend.com(no key for signature)
May 28 11:12:08 node haraka[74757]: [INFO] [91648ED1-4143-47AE-AB04-C2DD9244CD85.1] [dkim_verify] identity="@sendgrid.political.com" domain="sendgrid.political.com" selector="smtpapi" result=fail 
May 28 11:12:38 node haraka[74757]: [INFO] [51B91A95-D2C2-401C-BD13-5E790A1890E5.1] [dkim_verify] identity="@wordpress.com" domain="wordpress.com" selector="my5" result=fail 
May 28 11:14:30 node haraka[74757]: [INFO] [9BFA0FA1-D5F1-40C1-A79D-2DC04FD22F2A.1] [dkim_verify] identity="news@m3.universalstudios.com" domain="m3.universalstudios.com" selector="200608" result=fail (body hash did not verify)
May 28 11:20:55 node haraka[74757]: [INFO] [ADE5E002-DD0D-4B64-97AE-5880D3DB9C0E.1] [dkim_verify] identity="@wordpress.com" domain="wordpress.com" selector="my5" result=fail 
May 28 11:21:04 node haraka[74757]: [INFO] [9FE19709-C6E0-4BD9-8E91-BF98B0F2C592.1] [dkim_verify] identity="@wordpress.com" domain="wordpress.com" selector="my5" result=fail 
May 28 11:21:04 node haraka[74757]: [INFO] [9FE19709-C6E0-4BD9-8E91-BF98B0F2C592.1] [dkim_verify] identity="@wordpress.com" domain="wordpress.com" selector="my5" result=fail 
May 28 11:23:11 node haraka[74757]: [INFO] [F6C5ECD7-6E20-400F-91B0-D32A6C61AFEC.1] [dkim_verify] identity="service@ypmastermail.com" domain="ypmastermail.com" selector="key1" result=fail (body hash did not verify)
May 28 11:24:18 node haraka[74757]: [INFO] [D48FBC3E-016E-4BCD-99AF-AB5237D512F9.1] [dkim_verify] identity="@alertsp.chase.com" domain="alertsp.chase.com" selector="d2048-1" result=fail (body hash did not verify)
May 28 11:29:32 node haraka[74757]: [INFO] [84F7CA2F-6A8A-4947-92B4-274AB0581CE2.1] [dkim_verify] identity="@joann-alerts.com" domain="joann-alerts.com" selector="dkim1" result=fail (body hash did not verify)
May 28 11:30:35 node haraka[74757]: [INFO] [CFDD5B11-B25F-4876-9938-C8FFE2A1825B.1] [dkim_verify] identity="@mail.fullbeauty.com" domain="mail.fullbeauty.com" selector="mid" result=fail (body hash did not verify)
May 28 11:31:01 node haraka[74757]: [INFO] [7A362812-FD65-4B43-AE45-03B41C6050EE.1] [dkim_verify] identity="@wordpress.com" domain="wordpress.com" selector="my5" result=fail 

[msimerson]

I'll need some examples to troubleshoot it.

I figured. I opened this as a reminder to myself to troubleshoot this further when I can. Some of these messages are delivered locally on my server so I can likely find them on the filesystem, use haraka/bin/dkimverify, and perhaps provide you with something more useful without having to get permission from a user to invade their mailbox and share a message.

[msimerson]

Got one for you.

I also confirmed that the copy/paste from "Original Source" in my MUA -> Gist is identical to the Maildir file on disk:

[matt@imac27] ~/Desktop $ curl -O https://gist.githubusercontent.com/msimerson/62ffcc1c9e490f8f8369/raw/68d7a8c3b8837437bfe636c44c5912a51c23d356/gistfile1.txt
[matt@imac27] ~/Desktop $ diff gistfile1.txt 1432878864.M277283P21805V125F68A3I000B3D87_0.mail.theartfarm.com\,S\=5355\:2\,Sae 
[matt@imac27] ~/Desktop $