search

lieser / dkim_verifier

DKIM Verifier Extension for Mozilla Thunderbird
MIT License
213 stars 36 forks source link

Error connecting to DNS server #366

Closed PaulMcF1987 closed 1 year ago

PaulMcF1987 commented 1 year ago

I have tried following the debug instructions here (https://github.com/lieser/dkim_verifier/wiki/Debug) but not getting anywhere very quick.

I have tried using the DKIM verifier on both Thunderbird and Betterbird and am having the same issues on both.

I have tried using DNS 1.1.1.1 and 8.8.8.8 but neither work.

I have attached the output from the console export to see if there is anything that you can spot.

I use the DKIM verifier on my laptop and it works fine, but my desktop is where the issue lies (used to work fine but suddenly stopped) console-export.txt

lieser commented 1 year ago

Thanks for the report an the log, but could you please make sure you get it from the Error console? My guess is that you are using the JavaScript DNS resolver. But the log is missing the entities from it (log messages that contain DKIM_Verifier.JSDNS)

PaulMcF1987 commented 1 year ago

@lieser I looked at the error console but it didnt seem to give much info

This is what I get

A different message is clicked background.js:28:17 Layout was forced before the page was fully loaded. If stylesheets are not yet loaded this may cause a flash of unstyled content. contentAreaClick.js:97:6 contentscript: set content-script.js:94:15 contentscript: MUA info content-script.js:94:15 In content script, enmty.png content-script.js:111:21 WebExtensions: JSDNS failed with: Incomplete response from 1.1.1.1. jsdns.js:99 DKIM_Verifier.Verifier ERROR Internal error during DKIM verification: verifier.mjs.js:1349:8     _handleException moz-extension://6c4252a4-2bee-478f-b833-ce0c10193961/modules/dkim/verifier.mjs.js:1349     _processSignatures moz-extension://6c4252a4-2bee-478f-b833-ce0c10193961/modules/dkim/verifier.mjs.js:1394

PaulMcF1987 commented 1 year ago

@lieser any recommendations? Im confused as to how it works on the laptop but not the desktop, the settings appear identical, it just suddenly stopped working

lieser commented 1 year ago

In the error console you should also see messages like the following:

DKIM_Verifier.JSDNS: changed DNS Servers to <...>
DKIM_Verifier.JSDNS: Resolving <...> TXT by querying <...>

Please make sure you have enabled all log categories at the top of the Error Console window.

Also which Thunderbird version are you using?

In the new log an actual error (SDNS failed with: Incomplete response from 1.1.1.1.) now shows up, so that is already something. The error means that from the look of the add-on the connection to the DNS server is closed before all data is received. Why this is happening I have no idea. Could be some weird network problem, or some bug in the addon.

To investigate this I would need a lot more information. Either by getting a capture of the network traffic to the DNS server or with a custom debug build that prints all received data. But that would require the logging to work for you in the first place.

Let me know if you would be willing to do some extended debugging here.

As a workaround, if you haven't already done it, you should try using the libunbound resolver.

PaulMcF1987 commented 1 year ago

@lieser I dont think the process makes it far enough to give the errors you mentioned above.

The only mentioning of DKIMVerifier is

WebExtensions: JSDNS failed with: Incomplete response from 1.1.1.1. jsdns.js:99 DKIM_Verifier.Verifier ERROR Internal error during DKIM verification: <unavailable> verifier.mjs.js:1349:8 _handleException moz-extension://6c4252a4-2bee-478f-b833-ce0c10193961/modules/dkim/verifier.mjs.js:1349 _processSignatures moz-extension://6c4252a4-2bee-478f-b833-ce0c10193961/modules/dkim/verifier.mjs.js:1394

I have attached a screenshot showing the same image

Ive never used libunbound and am not sure what is required (it mentions installing a library etc, Id imagine I would need to keep this up to date?)

I am happy to help with debugging if there is any other information I can get for you?

lieser commented 1 year ago

I created a version which captures and logs the complete DNS response. Look for dataAll in the log messages and post it here as text.

dkim_verifier@pl-2023-06-03-1c214fc.zip

Can you please tell which Thunderbird version you are using? You probably missed that I asked for it.

I also included some log test and console test log messages. Do you see any of them? And I assume you already enabled the logging in the advanced settings, but can you please double check that it is enabled? Please also check that you have enabled Show Content Messagesin the gear icon on the top right. I would have expected a lot more messages to be shown in the screenshot you posted.

Ive never used libunbound and am not sure what is required (it mentions installing a library etc, Id imagine I would need to keep this up to date?)

Yes if you are on Windows and not Linux you would have to unfortunately update libunbound manually. More information about libunbound is available in the wiki https://github.com/lieser/dkim_verifier/wiki/DNS#libunbound.

PaulMcF1987 commented 1 year ago

@lieser Sorry, I am using Thunderbird version 102.12.0, I think thats the latest version. How do I install the file you have added above? Ive never done a manual install on Thunderbird

lieser commented 1 year ago

Just open the Add-on manager and drag the downloaded zip file into it. Thunderbird should then ask you if you want to install it. See also https://support.mozilla.org/en-US/kb/installing-addon-thunderbird#w_a-slightly-less-ideal-case-install-from-a-downloaded-xpi-file.

PaulMcF1987 commented 1 year ago

@lieser Do I need to remove the old extension first?

lieser commented 1 year ago

@lieser Do I need to remove the old extension first?

No should not be needed, even if it is a downgrade (in case you already updated to 5.3.1/5.3.1).

PaulMcF1987 commented 1 year ago

@lieser after adding the zip file above, the DKIM verifier is working again

lieser commented 1 year ago

Strange there should be no relevant change between 5.2.0 and the test version I posted.

Can you please report which of the test log messages you saw?

And afterwards please try the newest released 5.3.1 version. If that works I don't think this is worth further investigating and I will just close it.

PaulMcF1987 commented 1 year ago

@lieser Strange, Ive come back into the office today and the extension is no longer added so I am unable to check any logs asociated with it. I have added the updated addon and its back to giving the error image

PaulMcF1987 commented 1 year ago

I have readded the extension form the zip file you provided but this time its giving an error. Strange how it worked yesderday.

image

lieser commented 1 year ago

Please provide the already requested information (https://github.com/lieser/dkim_verifier/issues/366#issuecomment-1574969871) the provided extension additionally provides. Without it there is no further Investigating I can do.

PaulMcF1987 commented 1 year ago

@lieser where do i find this info?

lieser commented 1 year ago

In the error console, I especially used the same logging as with the WebExtensions: JSDNS failed with: Incomplete response you did see before.

If you still have all this problems with the log messages maybe also try to test with a new clean Thunderbird profile. Something seems to be messed up with your installation.

PaulMcF1987 commented 1 year ago

@lieser the DKIM extension that you provided has disappeared again. It seems to keep removing itself from thunderbird.

PaulMcF1987 commented 1 year ago

DKIM_Verifier.Verifier DEBUG 1 DKIM-Signatures found. verifier.mjs.js:1467:8 DKIM_Verifier.Verifier DEBUG Verifying DKIM-Signature 1 ... verifier.mjs.js:1482:9 DKIM_Verifier.Verifier DEBUG Parsed DKIM-Signature 1: Object { original_header: "DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.net;\r\n\th=content-transfer-encoding:content-type:from:mime-version:subject:to:\r\n\tcc:content-type:from:subject:to;\r\n\ts=smtpapi; bh=ub3YInutBotKovQzr/yiFMfDCR7DhRHjC2mSbrOyLYE=;\r\n\tb=Ed8wuEKxqqFwBJ6x1eeuz5OLfC05bqTnOLoan8T7MonQNjBlnQfLQAZ4rgE6qOTTG4cu\r\n\t1CbQyBLQm4VOw0VlMZRjY6+dAX3MEU4ths10SmLVasIRRdoPhMQMkUOEfRy0GPC3RVUNE5\r\n\tNWvo0gxkaqg1fhycyTGD3568kG7Q18+ug=\r\n", v: "1", a_sig: "rsa", a_hash: "sha256", b: "Ed8wuEKxqqFwBJ6x1eeuz5OLfC05bqTnOLoan8T7MonQNjBlnQfLQAZ4rgE6qOTTG4cu1CbQyBLQm4VOw0VlMZRjY6+dAX3MEU4ths10SmLVasIRRdoPhMQMkUOEfRy0GPC3RVUNE5NWvo0gxkaqg1fhycyTGD3568kG7Q18+ug=", b_folded: "Ed8wuEKxqqFwBJ6x1eeuz5OLfC05bqTnOLoan8T7MonQNjBlnQfLQAZ4rgE6qOTTG4cu\r\n\t1CbQyBLQm4VOw0VlMZRjY6+dAX3MEU4ths10SmLVasIRRdoPhMQMkUOEfRy0GPC3RVUNE5\r\n\tNWvo0gxkaqg1fhycyTGD3568kG7Q18+ug=", bh: "ub3YInutBotKovQzr/yiFMfDCR7DhRHjC2mSbrOyLYE=", c_header: "relaxed", c_body: "relaxed", d: "sendgrid.net", … } verifier.mjs.js:1484:9 DKIM_Verifier.Verifier DEBUG Warning: DKIM_SIGWARNING_FROM_NOT_IN_SDID verifier.mjs.js:1073:8 DKIM_Verifier.Verifier DEBUG computed body hash: ub3YInutBotKovQzr/yiFMfDCR7DhRHjC2mSbrOyLYE= verifier.mjs.js:1233:7 DKIM_Verifier.KeyStore DEBUG dns result Object { data: null, rcode: 2, secure: false, bogus: false } keyStore.mjs.js:369:7 DKIM_Verifier.KeyStore INFO DNS query failed with result: Object { data: null, rcode: 2, secure: false, bogus: false } keyStore.mjs.js:375:8 DKIM_Verifier.Verifier ERROR Internal error during DKIM verification: DKIM_InternalError: DKIM_DNSERROR_SERVER_ERROR

getKeyFromDNS moz-extension://2cbfd8f4-c9ac-4e58-84ce-bc4bb504364d/modules/dkim/keyStore.mjs.js:376

fetchKey moz-extension://2cbfd8f4-c9ac-4e58-84ce-bc4bb504364d/modules/dkim/keyStore.mjs.js:328
#fetchKey moz-extension://2cbfd8f4-c9ac-4e58-84ce-bc4bb504364d/modules/dkim/verifier.mjs.js:1251
verify moz-extension://2cbfd8f4-c9ac-4e58-84ce-bc4bb504364d/modules/dkim/verifier.mjs.js:1377
#processSignatures moz-extension://2cbfd8f4-c9ac-4e58-84ce-bc4bb504364d/modules/dkim/verifier.mjs.js:1486
promise moz-extension://2cbfd8f4-c9ac-4e58-84ce-bc4bb504364d/modules/dkim/verifier.mjs.js:1535
verify moz-extension://2cbfd8f4-c9ac-4e58-84ce-bc4bb504364d/modules/dkim/verifier.mjs.js:1539
verify moz-extension://2cbfd8f4-c9ac-4e58-84ce-bc4bb504364d/modules/authVerifier.mjs.js:182
verifyMessage moz-extension://2cbfd8f4-c9ac-4e58-84ce-bc4bb504364d/content/background.mjs.js:82
<anonymous> moz-extension://2cbfd8f4-c9ac-4e58-84ce-bc4bb504364d/content/background.mjs.js:188

verifier.mjs.js:1445:8 DKIM_Verifier.Verifier DEBUG Exception on DKIM-Signature 1 verifier.mjs.js:1490:9 DKIM_Verifier.AuthVerifier DEBUG authResult:
Object { version: "2.1", dkim: (1) […] } authVerifier.mjs.js:198:7 DKIM_Verifier.Verifier DEBUG 1 DKIM-Signatures found. verifier.mjs.js:1467:8 DKIM_Verifier.Verifier DEBUG Verifying DKIM-Signature 1 ... verifier.mjs.js:1482:9 DKIM_Verifier.Verifier DEBUG Parsed DKIM-Signature 1: Object { original_header: "DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;\r\n d=dorsuite.onmicrosoft.com; s=selector2-dorsuite-onmicrosoft-com;\r\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\r\n bh=p9P4kxij+LHKHkORpHR/ZarX2yTM8CYGi7aZvwQRFb8=;\r\n b=C2KuYfIG2epIIrRrTJJ9+RQc/3xJba0g9TkiXtOLmaql0IiXd6xE469i37vcReYxtsWqaeocPrgZ5cxlnbBJ9QtiDZPFRY1w/DoOZRJgQfx1NNx7KLiGTSqVSSmKYp5sQewxD00Zvl0A96xXa1VEyZ6gTa9IT5tdB6oGWOY8Uw8=\r\n", v: "1", a_sig: "rsa", a_hash: "sha256", b: "C2KuYfIG2epIIrRrTJJ9+RQc/3xJba0g9TkiXtOLmaql0IiXd6xE469i37vcReYxtsWqaeocPrgZ5cxlnbBJ9QtiDZPFRY1w/DoOZRJgQfx1NNx7KLiGTSqVSSmKYp5sQewxD00Zvl0A96xXa1VEyZ6gTa9IT5tdB6oGWOY8Uw8=", b_folded: "C2KuYfIG2epIIrRrTJJ9+RQc/3xJba0g9TkiXtOLmaql0IiXd6xE469i37vcReYxtsWqaeocPrgZ5cxlnbBJ9QtiDZPFRY1w/DoOZRJgQfx1NNx7KLiGTSqVSSmKYp5sQewxD00Zvl0A96xXa1VEyZ6gTa9IT5tdB6oGWOY8Uw8=", bh: "p9P4kxij+LHKHkORpHR/ZarX2yTM8CYGi7aZvwQRFb8=", c_header: "relaxed", c_body: "relaxed", d: "dorsuite.onmicrosoft.com", … } verifier.mjs.js:1484:9 DKIM_Verifier.Verifier DEBUG Warning: DKIM_SIGWARNING_FROM_NOT_IN_SDID verifier.mjs.js:1073:8 DKIM_Verifier.Verifier DEBUG computed body hash: p9P4kxij+LHKHkORpHR/ZarX2yTM8CYGi7aZvwQRFb8= verifier.mjs.js:1233:7 DKIM_Verifier.KeyStore DEBUG dns result Object { data: null, rcode: 2, secure: false, bogus: false } keyStore.mjs.js:369:7 DKIM_Verifier.KeyStore INFO DNS query failed with result: Object { data: null, rcode: 2, secure: false, bogus: false } keyStore.mjs.js:375:8 DKIM_Verifier.Verifier ERROR Internal error during DKIM verification: DKIM_InternalError: DKIM_DNSERROR_SERVER_ERROR

getKeyFromDNS moz-extension://2cbfd8f4-c9ac-4e58-84ce-bc4bb504364d/modules/dkim/keyStore.mjs.js:376

fetchKey moz-extension://2cbfd8f4-c9ac-4e58-84ce-bc4bb504364d/modules/dkim/keyStore.mjs.js:328
#fetchKey moz-extension://2cbfd8f4-c9ac-4e58-84ce-bc4bb504364d/modules/dkim/verifier.mjs.js:1251
verify moz-extension://2cbfd8f4-c9ac-4e58-84ce-bc4bb504364d/modules/dkim/verifier.mjs.js:1377
#processSignatures moz-extension://2cbfd8f4-c9ac-4e58-84ce-bc4bb504364d/modules/dkim/verifier.mjs.js:1486
promise moz-extension://2cbfd8f4-c9ac-4e58-84ce-bc4bb504364d/modules/dkim/verifier.mjs.js:1535
verify moz-extension://2cbfd8f4-c9ac-4e58-84ce-bc4bb504364d/modules/dkim/verifier.mjs.js:1539
verify moz-extension://2cbfd8f4-c9ac-4e58-84ce-bc4bb504364d/modules/authVerifier.mjs.js:182
verifyMessage moz-extension://2cbfd8f4-c9ac-4e58-84ce-bc4bb504364d/content/background.mjs.js:82
<anonymous> moz-extension://2cbfd8f4-c9ac-4e58-84ce-bc4bb504364d/content/background.mjs.js:188

verifier.mjs.js:1445:8 DKIM_Verifier.Verifier DEBUG Exception on DKIM-Signature 1 verifier.mjs.js:1490:9 DKIM_Verifier.AuthVerifier DEBUG authResult:
Object { version: "2.1", dkim: (1) […] } authVerifier.mjs.js:198:7

Is the above what you need?

lieser commented 1 year ago

No the important logs with the dataAll part are missing. Note that I will not be able to further work on this the next days.

PaulMcF1987 commented 1 year ago

@lieser Where do i get this info from? The attached pic shows where I am getting the current info from

image

lieser commented 1 year ago

Just saw you last screenshot, and that does not look at all like the Error Console I asked you to open. It looks like you are looking at the console of the debugging view of the add-on, which does not show log the relevant messages of the experiments.

Please use the Error Console for any further debugging of this issue.

See https://github.com/lieser/dkim_verifier/wiki/Debug#view-error-and-debug-messages for a description on how to open it.

PaulMcF1987 commented 1 year ago

@lieser is there a recommended way to export the details? What I have managed to extract is

This page is in Quirks Mode. Page layout may be impacted. For Standards Mode use “<!DOCTYPE html>”. {538b5b6b-b715-4904-8c18-1dcbb0289ee8} This page is in Quirks Mode. Page layout may be impacted. For Standards Mode use “<!DOCTYPE html>”. blank A different message is clicked background.js:28:17 This page is in Quirks Mode. Page layout may be impacted. For Standards Mode use “<!DOCTYPE html>”. fetch>UID>.INBOX>33446 Layout was forced before the page was fully loaded. If stylesheets are not yet loaded this may cause a flash of unstyled content. contentAreaClick.js:97:6 DKIM_Verifier.Verifier DEBUG 1 DKIM-Signatures found. verifier.mjs.js:1467:8 DKIM_Verifier.Verifier DEBUG Verifying DKIM-Signature 1 ... verifier.mjs.js:1482:9 DKIM_Verifier.Verifier DEBUG Parsed DKIM-Signature 1: Object { original_header: "DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fab24.onmicrosoft.com;\r\n s=selector1-fab24-onmicrosoft-com;\r\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\r\n bh=Iw9tWvI/YHoTLD5/U7ZreyMP50QPR34tyO+EERVKZXM=;\r\n b=urLaBy4TTOxDTdpxGjU2F270jk3m2Jj+j4Phjbvlxr72ZltKSZDQtWu9ohKWZINePh5LpH6q20xP9J88mb4OtmK9Ho6bfAgBO0ZkmWqzi3nbWBSAufwq8RG8UhjUsSU1aigA54IlVyszy+vC8+i5UiKSfcTjjFNW17ScNfIyJm8=\r\n", v: "1", a_sig: "rsa", a_hash: "sha256", b: "urLaBy4TTOxDTdpxGjU2F270jk3m2Jj+j4Phjbvlxr72ZltKSZDQtWu9ohKWZINePh5LpH6q20xP9J88mb4OtmK9Ho6bfAgBO0ZkmWqzi3nbWBSAufwq8RG8UhjUsSU1aigA54IlVyszy+vC8+i5UiKSfcTjjFNW17ScNfIyJm8=", b_folded: "urLaBy4TTOxDTdpxGjU2F270jk3m2Jj+j4Phjbvlxr72ZltKSZDQtWu9ohKWZINePh5LpH6q20xP9J88mb4OtmK9Ho6bfAgBO0ZkmWqzi3nbWBSAufwq8RG8UhjUsSU1aigA54IlVyszy+vC8+i5UiKSfcTjjFNW17ScNfIyJm8=", bh: "Iw9tWvI/YHoTLD5/U7ZreyMP50QPR34tyO+EERVKZXM=", c_header: "relaxed", c_body: "relaxed", d: "fab24.onmicrosoft.com", … } verifier.mjs.js:1484:9 DKIM_Verifier.Verifier DEBUG Warning: DKIM_SIGWARNING_FROM_NOT_IN_SDID verifier.mjs.js:1073:8 DKIM_Verifier.Verifier DEBUG computed body hash: Iw9tWvI/YHoTLD5/U7ZreyMP50QPR34tyO+EERVKZXM= verifier.mjs.js:1233:7 DKIM_Verifier.JSDNS: No DNS Server alive. JSDNS.jsm.js:401:7 DKIM_Verifier.JSDNS: Found interfaces:
Array(11) [ {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, {…}, … ] JSDNS.jsm.js:279:8 DKIM_Verifier.JSDNS: Got servers from Windows registry:
Array(6) [ {…}, {…}, {…}, {…}, {…}, {…} ] JSDNS.jsm.js:310:9 DKIM_Verifier.JSDNS: Changed DNS Servers to: Array(4) [ {…}, {…}, {…}, {…} ] JSDNS.jsm.js:186:6 DKIM_Verifier.JSDNS: Resolving selector1-fab24-onmicrosoft-com._domainkey.fab24.onmicrosoft.com TXT by querying 1.1.1.1 JSDNS.jsm.js:439:6 DKIM_Verifier.JSDNS: Resolving selector1-fab24-onmicrosoft-com._domainkey.fab24.onmicrosoft.com/TXT: DNS server 1.1.1.1 timed out on a TCP connection. JSDNS.jsm.js:498:10 DKIM_Verifier.JSDNS: Resolving selector1-fab24-onmicrosoft-com._domainkey.fab24.onmicrosoft.com TXT by querying 1.0.0.1 JSDNS.jsm.js:439:6 contentscript: set content-script.js:94:15 contentscript: MUA info content-script.js:94:15 DKIM_Verifier.JSDNS: Resolving selector1-fab24-onmicrosoft-com._domainkey.fab24.onmicrosoft.com/TXT: DNS server 1.0.0.1 timed out on a TCP connection. JSDNS.jsm.js:498:10 DKIM_Verifier.JSDNS: Resolving selector1-fab24-onmicrosoft-com._domainkey.fab24.onmicrosoft.com TXT by querying 198.51.100.1 JSDNS.jsm.js:439:6 DKIM_Verifier.JSDNS: Resolving selector1-fab24-onmicrosoft-com._domainkey.fab24.onmicrosoft.com/TXT: DNS server 198.51.100.1 timed out on a TCP connection (NS_ERROR_NET_TIMEOUT). JSDNS.jsm.js:503:10 DKIM_Verifier.JSDNS: Resolving selector1-fab24-onmicrosoft-com._domainkey.fab24.onmicrosoft.com TXT by querying 8.8.8.8 JSDNS.jsm.js:439:6 DKIM_Verifier.JSDNS: Resolving selector1-fab24-onmicrosoft-com._domainkey.fab24.onmicrosoft.com/TXT: DNS server 8.8.8.8 timed out on a TCP connection. JSDNS.jsm.js:498:10 WebExtensions: JSDNS failed with: no DNS Server alive jsdns.js:81 DKIM_Verifier.Verifier ERROR Internal error during DKIM verification: verifier.mjs.js:1445:8 DKIM_Verifier.Verifier DEBUG Exception on DKIM-Signature 1 verifier.mjs.js:1490:9 DKIM_Verifier.AuthVerifier DEBUG authResult:
Object { version: "2.1", dkim: (1) […] } authVerifier.mjs.js:198:7 Expected 'none', URL, or filter function but found 'alpha('. Error in parsing value for 'filter'. Declaration dropped. index.html:3:94

does not support changing `store` on the fly. It is most likely that you see this error because you updated to Redux 2.x and React Redux 2.x which no longer hot reload reducers automatically. See https://github.com/reactjs/react-redux/releases/tag/v2.0.0 for the migration instructions. react-redux.js:881:13 XHRGEThttps://thunderbird-settings.thunderbird.net/v1/buckets/monitor/collections/changes/changeset?_expected=0 [HTTP/2 200 OK 173ms] POSThttps://www.googleapis.com/calendar/v3/calendars/accounts@eazyfreight.co.uk/events/hnvve11mt9ivlvuuacu19ufrog [HTTP/3 200 OK 23332ms] POSThttps://www.googleapis.com/calendar/v3/calendars/accounts@eazyfreight.co.uk/events/halh4qn71ncdp1f4q4ba24h0ds [HTTP/3 200 OK 11686ms]
lieser commented 1 year ago

If you look at the log you can see all connection attempts to the DNS servers resulted in DNS server x.x.x.x timed out on a TCP connection. So it seems to be a network problem on your site.

As you wrote about this occurring while you are in the office, you could talk with your IT about if direct internet access to e.g. 8.8.8.8. Or if there is an internal DNS server you can use. Note that the JavaScript DNS library also supports setting a proxy server if it is required in your network.

is there a recommended way to export the details?

Sadly I don't know of a better way than to just copy out the text.

PaulMcF1987 commented 1 year ago

@lieser The confusing thing is... If there is a network problem at my side, why would it only effect the DKIM verifier? I havent noticed anything else being effected, everything else works fine.

Is there a particular method applied by the Verifier that the networks security might not like?

lieser commented 1 year ago

It could be that other Programs you use read the proxy settings that can be set in Windows and use it. or if they are managed by your IT they did some special configuration for it.

What the add-on does is just doing normal TCP connections. Maybe not that common for connecting to DNS servers but something that should work unless blocked.

Unfortunately I don't think there is much more I can help out here until you find out what is going on in the network at your office.

PaulMcF1987 commented 1 year ago

@lieser I am in an office block and the internet connection is provided by the landlord, I would imagine that he then has a 3rd party outsourced company managing it.

The fact that everything else works as it is supposed to, I dont think I could justify asking him to check this issue as its not a massive issue in the grand scheme of things.

What I might do, is bring my laptop to the office, I know the verifier works on my laptop in the house, so it would be interesting to compare

Also, are there any settings that I can check on Windows? Incase a recent update has had an effect

dodmi commented 1 year ago

Just a wild guess: Maybe access to external DNS is restricted and you need to use an internal DNS server at your office? Check to use the operating servers DNS servers in DKIM Verifier or open a PowerShell and enter Get-DnsClientServerAddress | Select InterfaceAlias,ServerAddresses to see, which DNS servers are used by your operating system.

lieser commented 1 year ago

@PaulMcF1987 What you could try to further investigate the issue is if the DNS servers tried by the addon are reachable from Windows using it's internal tools.

Run the following 9 command in the Windows Command Prompt (cmd):

:: Try a normal ping.
ping 1.1.1.1
ping 1.0.0.1
ping 8.8.8.8
ping 198.51.100.1

:: Try DNS query using UDP.
nslookup -type=TXT pf2023._domainkey.github.com 1.1.1.1
nslookup -type=TXT pf2023._domainkey.github.com 1.0.0.1
nslookup -type=TXT pf2023._domainkey.github.com 8.8.8.8
nslookup -type=TXT pf2023._domainkey.github.com 198.51.100.1

:: Try DNS query using TCP.
nslookup -type=TXT -vc pf2023._domainkey.github.com 1.1.1.1
nslookup -type=TXT -vc pf2023._domainkey.github.com 1.0.0.1
nslookup -type=TXT -vc pf2023._domainkey.github.com 8.8.8.8
nslookup -type=TXT -vc pf2023._domainkey.github.com 198.51.100.1

Like @dodmi wrote it could be that external DNS servers are restricted, and only 198.51.100.1 works but does not support TCP. But that IP is very strange, it is from an IP range restricted for documentation (https://en.wikipedia.org/wiki/Reserved_IP_addresses#IPv4).

PaulMcF1987 commented 1 year ago

@lieser I have attached some screenshots of each section With the Pings, all worked well apart from 198.51.100.1 - Request Timed Out

The DNS using UDP returned a result for all IPs, however for ip - 198.51.100.1 gave Server:Unknown

DNS using TCP didnt work for any of them again 198.51.100.1 gave a different response. Its response was Query refused all others gave a response of BAD ERROR VALUE

image image image

lieser commented 1 year ago

Looks like your network in the office is configured in a way that DNS over TCP does not work. Why or how I don't know and I don't think I can further debug. This would need to be done by someone responsible for the network in your office.

You should use the libunbound resolver as a workaround (https://github.com/lieser/dkim_verifier/wiki/DNS#libunbound). That one uses UDP for the DNS query, which from the test should work without a problem.

PaulMcF1987 commented 1 year ago

@lieser im not having much joy with this either as the video shows. It is telling me that the addon is corrpt.

https://github.com/lieser/dkim_verifier/assets/75368133/69565864-8183-4943-9bc0-a0cd353fbb7c

https://github.com/lieser/dkim_verifier/assets/75368133/8dff52ea-2ed9-4362-a44e-f2f154334dde

lieser commented 1 year ago

Thanks for the effort with the videos, that makes it easy for me to see what your are doing wrong.

The zip file you downloaded with the included libunbound-8.dll is not an add-on for Thunderbird! Trying to install it as an add-on will of course fail. It is just an additional file you need besides the normal DKIM Verifier add-on.

The documentation in the wiki I linked has under [Windows] Use a pre-build libunbound library a step-by-step instruction. Please follow that carefully, and let me know if a step is unclear.

If you got confused in step 2 by "to the extensions folder in your Thunderbird profile", this is talking about moving the file to a location in the normal file system of windows. Not anywhere inside the Thunderbird application itself. See also https://support.mozilla.org/en-US/kb/profiles-where-thunderbird-stores-user-data, but like it says you can chose any file location you want.

Especially make sure you have downloaded the correct libunbound version by checking what Thunderbird version (32-bit/64-bit) you have installed.

PaulMcF1987 commented 1 year ago

This time I have moved the .dll into the extensions folder bit still no joy. Im getting an internal error

image image

PaulMcF1987 commented 1 year ago

@lieser I changed the path in the settings. it was set as extensions/libunbound-8.dll

I changed this to match the full path c:\user\userx\appdata...

It hangs on validating for a while and then changes to error connecting to DNS server

I think, rather than spend any more time on this Im best just leaving it for the time being, I dont think Im going to have any joy

lieser commented 1 year ago

Sorry to hear that libunbound does not work for you too.

You should look if your mail provider writes the DKIM result in the Authentication-Results header. If yes you can enable reading the result from there instead of letting the addon do it's own DKIM verification. See https://github.com/lieser/dkim_verifier/wiki/Options#read-authentication-results-header.

Not a real solution to the DNS problem of course, but maybe still something that is enough for you.

I will close this issue for now, but feel free to reopen it if you still have questions.