search

r-raymond / nixos-mailserver

A complete and Simple Nixos Mailserver
GNU General Public License v3.0
181 stars 27 forks source link

Trouble with DKIM signature #125

Closed jokogr closed 6 years ago

jokogr commented 6 years ago

SNM Version: v2.1.4

Nixos Version: 18.03

I am trying to setup a mail server according to the wiki page "A Complete Setup Guide" for two domains.

I am sending e-mail to mail-tester.com and it complains for invalid DKIM signature:

The DKIM signature of your message is:

    v=1;
    a=rsa-sha256;
    c=simple/simple;
    d=xxx.xxx;
    s=mail;
    t=1525986772;
    bh=ojSVHyOQGswgY8x7AHgveTxyYvG/p3vmuY0QZRNprLI=;
    h=Date:MIME-Version:Content-Type:Content-Transfer-Encoding:Subject:To:From:Message-ID;
    b=GVu/4Ue7JVnahi28juYd9DvyOVnyoCTP2T51rgdpI744sNb3stFzYdqBOS6ys6/GwOzaIaVTnvCACxCVXMHXsddPmsTWBbzEm7h/rUJdGXFWnNuYdOCUxeQ8WPQncNmjLNtVeGEHWJxoqSfecXmHe+Kd8pRGI0df57z8MrhC+Sw=

Your public key is:

"v=DKIM1;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC88w+scBPn8zDB9AAmsEFBGsWYdy3meEYRYfB3uKqFwKxJmXARvkSXibocSrAJoum8cwpmSR+EmG38ldEqCamxcLmiLBpHzpk5gjrBnLgK6L2WioZ6TgpYP/Wu/eEoKkaNwbFDnQOqbFo9aZJ16pb6HIs63KlRcUKoa4/DXat0JQIDAQAB"

I have checked the signature and it seems proper:

mail._domainkey IN  TXT ( "v=DKIM1; k=rsa; "
      "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC88w+scBPn8zDB9AAmsEFBGsWYdy3meEYRYfB3uKqFwKxJmXARvkSXibocSrAJoum8cwpmSR+EmG38ldEqCamxcLmiLBpHzpk5gjrBnLgK6L2WioZ6TgpYP/Wu/eEoKkaNwbFDnQOqbFo9aZJ16pb6HIs63KlRcUKoa4/DXat0JQIDAQAB" )  ; ----- DKIM key mail for xxx.xxx

although the format is not like the one described in the wiki:

mail._domainkey IN TXT "v=DKIM1; r=postmaster; g=*; k=rsa; p=<really-long-key>" ; ----- DKIM mail for domain.tld

Any idea what is wrong?

nlewo commented 6 years ago

I encountered same kind of troubles and it was related to the canonicalization method (simple vs relaxed). It works well with the commit https://github.com/r-raymond/nixos-mailserver/commit/0f75894b4fed14ac13c557fad6ec3f25089fabc5. Maybe it would also work for you (and yes, it's difficult to debug dkim issues...) :/

You can switch to this commit in your configuration.nix with something such as:

imports = [
    (builtins.fetchTarball "https://github.com/r-raymond/nixos-mailserver/archive/0f75894b4fed14ac13c557fad6ec3f25089fabc5.tar.gz")
  ];
jokogr commented 6 years ago

Thanks, @nlewo, for your suggestion, it fixed the issue!