Closed progval closed 8 years ago
The DNS lookup is probably failing because of a server error. But the default DNS resolver currently does not consider the reason why an answer does not contain a result. Because of this, the server error is incorrectly treated as if the DKIM key does not exist, which is a permanent error.
I will probably add this differentiation in the next release. Until then, you could try on of the following workarounds:
I switched to libunbound. The sender email is still of the “unsigned mail” color, but the console output changed to:
2016-07-27 17:59:49 DKIM_Verifier.libunbound DEBUG libunboundWorker: data: v=DMARC1; p=none
2016-07-27 17:59:49 DKIM_Verifier.libunbound DEBUG libunboundWorker: qname: _dmarc.progval.net, qtype: 16, rcode: 0, secure: false, bogus: false, why_bogus: undefined
2016-07-27 17:59:49 DKIM_Verifier.DNSWrapper DEBUG result: ({data:["v=DMARC1; p=none"], rcode:0, secure:false, bogus:false})
2016-07-27 17:59:49 DKIM_Verifier.DMARC DEBUG DMARCPolicy: ({adkim:"r", pct:100, p:"none", domain:"progval.net", source:"progval.net"})
2016-07-27 17:59:49 DKIM_Verifier.Policy DEBUG shouldBeSigned: true; sdid: progval.net; hideFail: false; foundRule: false
2016-07-27 17:59:49 DKIM_Verifier.Verifier DEBUG 1 DKIM-Signatures found.
2016-07-27 17:59:49 DKIM_Verifier.Verifier DEBUG Verifying DKIM-Signature 1 ...
2016-07-27 17:59:49 DKIM_Verifier.Verifier DEBUG Parsed DKIM-Signature 1: ({original_header:"DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=progval.net; s=mail;\r\n\tt=1469609153; bh=iAyn0DGaYTuOWJ9YlAhxbwijRNyYrMjnX4buVaXGLxE=;\r\n\th=Subject:To:References:From:Date:In-Reply-To:From;\r\n\tb=hVbiz75T2KRw/z1e6lKMgDh7bxRVXOhuFukhitY7TlybXiTk/JRUUjYfPbnW2l2q5\r\n\t IK9fUR+svhJPGfTEREVeVU/J/7tnb8KPnbNf71SNaVFafaGSvLeNQ0b7pfCNTmKhDv\r\n\t jlx1Dzh52BvhkbVEpN4mEbOz34lJHjdWpKo6P4qU=\r\n", warnings:[], v:"1", a_sig:"rsa", a_hash:"sha256", b:"hVbiz75T2KRw/z1e6lKMgDh7bxRVXOhuFukhitY7TlybXiTk/JRUUjYfPbnW2l2q5IK9fUR+svhJPGfTEREVeVU/J/7tnb8KPnbNf71SNaVFafaGSvLeNQ0b7pfCNTmKhDvjlx1Dzh52BvhkbVEpN4mEbOz34lJHjdWpKo6P4qU=", b_folded:"hVbiz75T2KRw/z1e6lKMgDh7bxRVXOhuFukhitY7TlybXiTk/JRUUjYfPbnW2l2q5\r\n\t IK9fUR+svhJPGfTEREVeVU/J/7tnb8KPnbNf71SNaVFafaGSvLeNQ0b7pfCNTmKhDv\r\n\t jlx1Dzh52BvhkbVEpN4mEbOz34lJHjdWpKo6P4qU=", bh:"iAyn0DGaYTuOWJ9YlAhxbwijRNyYrMjnX4buVaXGLxE=", c_header:"simple", c_body:"simple", d:"progval.net", h:"Subject:To:References:From:Date:In-Reply-To:From", h_array:["subject", "to", "references", "from", "date", "in-reply-to", "from"], i:"@progval.net", i_domain:"progval.net", l:null, q:"dns/txt", s:"mail", t:1469609153, x:null, z:null})
2016-07-27 17:59:49 DKIM_Verifier.Verifier DEBUG computed body hash: iAyn0DGaYTuOWJ9YlAhxbwijRNyYrMjnX4buVaXGLxE=
2016-07-27 17:59:49 DKIM_Verifier.libunbound DEBUG libunboundWorker: data: v=DKIM1; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCzsnKTj5jTLsOxR50gn71y1B0yKFuS0jHkdbeMYLF4ZbJgVjvAyv6XQi5H1qpZdgl4EgIb5E8svKKqi+f5VwXX/VtB14nCcEpB0rTBlYSQaExyBkFOCxRRw4LAaAbVS4XE1c1jKksNj75eZnJFpfnB9y1N0KsMCDCuXPxcmL/qQIDAQAB
2016-07-27 17:59:49 DKIM_Verifier.libunbound DEBUG libunboundWorker: qname: mail._domainkey.progval.net, qtype: 16, rcode: 0, secure: false, bogus: false, why_bogus: undefined
2016-07-27 17:59:49 DKIM_Verifier.DNSWrapper DEBUG result: ({data:["v=DKIM1; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCzsnKTj5jTLsOxR50gn71y1B0yKFuS0jHkdbeMYLF4ZbJgVjvAyv6XQi5H1qpZdgl4EgIb5E8svKKqi+f5VwXX/VtB14nCcEpB0rTBlYSQaExyBkFOCxRRw4LAaAbVS4XE1c1jKksNj75eZnJFpfnB9y1N0KsMCDCuXPxcmL/qQIDAQAB"], rcode:0, secure:false, bogus:false})
2016-07-27 17:59:49 DKIM_Verifier.Verifier DEBUG Parsed DKIM-Key: ({v:"DKIM1", h:null, h_array:null, k:"rsa", n:null, p:"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCzsnKTj5jTLsOxR50gn71y1B0yKFuS0jHkdbeMYLF4ZbJgVjvAyv6XQi5H1qpZdgl4EgIb5E8svKKqi+f5VwXX/VtB14nCcEpB0rTBlYSQaExyBkFOCxRRw4LAaAbVS4XE1c1jKksNj75eZnJFpfnB9y1N0KsMCDCuXPxcmL/qQIDAQAB", s:"*", t:"y", t_array:["y"]})
2016-07-27 17:59:49 DKIM_Verifier.Verifier WARN DKIM_SIGERROR_KEY_TESTMODE: DKIM Signature Error: The signing domain is only testing DKIM (resource://dkim_verifier/helper.jsm:1:27) JS Stack trace: verifySignature@dkimVerifier.jsm:1047:1
2016-07-27 17:59:49 DKIM_Verifier.Verifier DEBUG Exception on DKIM-Signature 1
Ok, by bad, misread you original post. The issue I talked about in my response should be unrelated to your problem (will split it into a different issue).
Note that temporary errors are by default colored in the same way as unsigned e-mails. But as both errors shown in the debug output (DKIM_SIGERROR_NOKEY and DKIM_SIGERROR_KEY_TESTMODE) are handled as permanent errors, and are therefore colored as an invalid signature, they should still be highlighted (by default in a red color).
Does the coloring work for a valid signature?
that temporary errors are by default colored in the same way as unsigned e-mails.
I changed the default
Does the coloring work for a valid signature?
It works for some of them.
Does the coloring work for a valid signature?
It works for some of them.
Meaning it does not work for all? In that case, can you see a pattern for which e-mails it works and for which it doesn't?
Do you have over add-ons installed which change the looks of the e-mail header?
If it is not already, can you please set the Thunderbird preference javascript.options.showInConsole
to true, and post the errors shown in the error console?
Meaning it does not work for all?
Yes.
In that case, can you see a pattern for which e-mails it works and for which it doesn't?
I don't know what kind of pattern to look for, I don't know much about how DKIM works.
Do you have over add-ons installed which change the looks of the e-mail header?
Enigmail (but I only tried with unsigned and plaintext mails), “Display Mail User Agent”, and Iceowl.
If it is not already, can you please set the Thunderbird preference
javascript.options.showInConsole
to true,
It's already to true (the default).
and post the errors shown in the error console?
Are you interested in errors in chrome://messenger/content/folderPane.js
. That's all I can find in the error console that is not present in the logs above.
If you want, I can send you an email that is not validated.
Are you interested in errors in chrome://messenger/content/folderPane.js. That's all I can find in the error console that is not present in the logs above.
If they appear directly after the verification, then yes.
If you want, I can send you an email that is not validated.
If an e-mail is always affected by the problem, then yes (to lieser+dkim@posteo.net).
If they appear directly after the verification, then yes.
Actually, they appear just before.
First there is this one, eight times:
Timestamp: 07/27/16 21:05:20
Error: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIMsgFolder.getStringProperty]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: chrome://messenger/content/folderPane.js :: getSmartFolderName :: line 2780" data: no]
Source File: chrome://messenger/content/folderPane.js
Line: 2782
Then this one, twice:
Timestamp: 07/27/16 21:06:28
Error: [Exception... "Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [nsIMsgFolder.getStringProperty]" nsresult: "0x80070057 (NS_ERROR_ILLEGAL_VALUE)" location: "JS frame :: chrome://messenger/content/folderPane.js :: getSmartFolderName :: line 2780" data: no]
Source File: chrome://messenger/content/folderPane.js
Line: 2782
Then the first one, eight times.
Then the second one, twice.
Then the first one, twice.
As far as I can see, the errors are unrelated.
I could not reproduce the problem with the e-mail you send me. Could you please send me an affected e-mail as a saved .eml file? This ensures that I try it with the exact same e-mail, instead with just a similar one.
Have you already tried if you can reproduce the problem with a clean profile?
I could not reproduce the problem with the e-mail you send me. Could you please send me an affected e-mail as a saved .eml file? This ensures that I try it with the exact same e-mail, instead with just a similar one.
Actually, none mails I send to myself (or a different address I own) are validated. So I don't think that would be relevant. I'll send you a .eml anyway.
Have you already tried if you can reproduce the problem with a clean profile?
I did just now. Same issue.
I must apologize, I totally forgot an important detail about the DKIM_SIGERROR_KEY_TESTMODE
error. E-mails signed by a domain which is only testing DKIM (like you domain does) are by default treated like unsigned messages. To change this behavior, you need to change an advanced preference.
This only leaves the DKIM_SIGERROR_NOKEY
error from you inital post. This should still be have shown as an error, an colored accordingly.
Oh, I did not know about that mode! I should have looked more carefully at the meaning of the things I copy-paste into my config. It works now, thank!
(Great extension, by the way)
Nice to hear that it now works whiteout a problem.
Can you can still reproduce the problem from your initial post (DKIM_SIGERROR_NOKEY
error not correctly colored)? Otherwise I will consider this issue as closed.
No.
When I receive a signed email to myself with a DKIM signature, the sender is sometimes colored as if the email was not signed.
The debug output is:
I believe the color should at least indicate “Temporary error”.