iT邦幫忙

0

有關 dkim 問題

請問? 我 eMail 有使用 opendkim 2.11.0-0.1 但目前寄給 wiedu.com 這家公司都會回應 said: 550 5.7.1 Rejected - DKIM check failed (in reply to end of DATA command)) 但我寄至 gmail 信箱都是正常!
請問這問題?要如何查找.(敬請有經驗網友幫忙!...)
https://ithelp.ithome.com.tw/upload/images/20210331/20093576dZoJi5qoMo.jpg

我 gmail check 都是 PASS
SPF: PASS,IP 59.124.45.131 瞭解詳情
DKIM: 'PASS',網域 tej.com.tw。瞭解詳情
DMARC: 'PASS'。瞭解詳情

最後解決方式:
修改 /etc/opendkim.conf 中
啟用 Canonicalization relaxed/relaxed
關閉 # Canonicalization relaxed/simple

2 個回答

2
raytracy
iT邦大神 1 級 ‧ 2021-03-31 11:25:11

你在設定 DKIM 的時候, 有指定加密的 Key 長度大於 1024 嗎?
(比較嚴格的驗證都要求 2048 bytes 以 上)

看更多先前的回應...收起先前的回應...
kuang001 iT邦新手 4 級 ‧ 2021-04-01 09:21:54 檢舉

謝謝,大大提醒. 我已經重 build 2048 key.
也藉由對方提供測試網站 https://dkimvalidator.com/
所得到最後結果也是 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
請問?還需改什麼地方.敬請大大指導?

附註:

DKIM Information:
DKIM Signature

Message contains this DKIM Signature:
DKIM-Filter: OpenDKIM Filter v2.11.0 tej9806.tej.com.tw 9198165110D
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tej.com.tw;
	s=default; t=1617239066;
	bh=nnxMk/gKV7R8lCxL3A3p3bLuDCRlVe6PZgj0PkQnRAw=;
	h=Reply-To:To:From:Subject:Date:From;
	b=WRcO0cYVCN+KjIrGYNj4tJHJ3PDGf6jJN6PhjRlAey20EYS+Py3cXg2x9HPZkOtoh
	 /vd3TnZdOvs5hzqig0c2aSqQML6rLpqaWiwYR+RMly56NUErHFQxJrptOWz+fH4V+P
	 rb34dljj7orC6Z3uzrvvmvIazVr/W6HinmDbuuoJYb6YWohV8P/TIuEUmxLpFw+iGD
	 MVFY6DSFm44h1tXFiMdrRC0uy8V1EQYgDHsa6XZSXPIeAYdCQgBy34VMM80NEwHXjG
	 WUGp3P+rVoebMAW6HxV4NfGS0zXum0zuNprnyIEGMR32FWBb/EZL/VxWVw4Fe+/DyG
	 wNqlg1EXOSOOw==
DKIM-Filter: OpenDKIM Filter v2.11.0 tej9806.tej.com.tw 925EB64ED52
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tej.com.tw;
	s=default; t=1617239065;
	bh=IgQs9s7Ss5qhDjQDS4lIPRDPWG9RNIpCg/QBDpMhkEU=;
	h=Reply-To:To:From:Subject:Date:From;
	b=aJitvYVgDrJtD2qpY/Q3QNpHnFw8vFJRFydYdQFum2eTBOsHxpdrvJmTEcme+XLp1
	 OEfywFGgD4AhX3PRdyWYdC4fnQGLQWtOLXMggxB2sfXin+8GrYPmq5sbXRrjj7iL/A
	 uY6KWRUNgkDCtTziugMwJH0aHzqSbod4EoVxVqGB7DpIv1jBxLqOkowA601AfDZQL/
	 VcEtmRU27wl+D3qoHhsDsOQ28xw/N/ZmnHLdGv8oOeUJjbQU4WkaSGPXU2ltdo0Z7W
	 STRruUS3J472d362bLzqka06ZQJgsnmz2Ei3/09WXIQJJTBiEU8kzU3ZrmYEiSLv9R
	 Oq3/AdC4oGQmQ==


Signature Information:
v= Version:         1
a= Algorithm:       rsa-sha256
c= Method:          relaxed/simple
d= Domain:          tej.com.tw
s= Selector:        default
q= Protocol:        
bh=                 nnxMk/gKV7R8lCxL3A3p3bLuDCRlVe6PZgj0PkQnRAw=
h= Signed Headers:  Reply-To:To:From:Subject:Date:From
b= Data:            WRcO0cYVCN+KjIrGYNj4tJHJ3PDGf6jJN6PhjRlAey20EYS+Py3cXg2x9HPZkOtoh
	 /vd3TnZdOvs5hzqig0c2aSqQML6rLpqaWiwYR+RMly56NUErHFQxJrptOWz+fH4V+P
	 rb34dljj7orC6Z3uzrvvmvIazVr/W6HinmDbuuoJYb6YWohV8P/TIuEUmxLpFw+iGD
	 MVFY6DSFm44h1tXFiMdrRC0uy8V1EQYgDHsa6XZSXPIeAYdCQgBy34VMM80NEwHXjG
	 WUGp3P+rVoebMAW6HxV4NfGS0zXum0zuNprnyIEGMR32FWBb/EZL/VxWVw4Fe+/DyG
	 wNqlg1EXOSOOw==
Public Key DNS Lookup

Building DNS Query for default._domainkey.tej.com.tw
Retrieved this publickey from DNS: v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOiHqnJoyOq5X4HpbUKcIJoPY9T5wSaeVu4i+Exlcihzn4M4knhYMGPuaGCc7T1PqX5l71ErW0cTFdZ3kqJTecdhXsbBsWVRdrq1y5aCtHJ4PTklAgeoiLKFdBppOi+M0TXf5AdIS6Ex24J+K6NwsM/1nB42k/jNkB1aG6PhUP58MMGVLyMOcQZ0br16TiJnEzosWSorEELVrJTgxRggCPDHz1j1lN4jBULFqyudejZTBw0gMq/9McSVcGqvuePNfco+RZwXUPqPZ6POJdLbWr4omJG+CpbnlNn+e1ovb0BjEyLTGOwI4Rf9YphGJPSaPZPhOkwML0neh97R2+5KYQIDAQAB
Validating Signature

result = pass
Details: 

---
SPF Information:
Using this information that I obtained from the headers

Helo Address = tej9806.tej.com.tw
From Address = paul@tej.com.tw
From IP      = 59.124.45.131
SPF Record Lookup

Looking up TXT SPF record for tej.com.tw
Found the following namesevers for tej.com.tw: ns.tej.com.tw tej9806.tej.com.tw
Retrieved this SPF Record: zone updated 20210401 (TTL = 7)
using authoritative server (ns.tej.com.tw) directly for SPF Check
Result: pass (Mechanism 'a' matched)

Result code: pass
Local Explanation: tej.com.tw: 59.124.45.131 is authorized to use 'paul@tej.com.tw' in 'mfrom' identity (mechanism 'a' matched)
spf_header = Received-SPF: pass (tej.com.tw: 59.124.45.131 is authorized to use 'paul@tej.com.tw' in 'mfrom' identity (mechanism 'a' matched)) receiver=dkimvalidator.com; identity=mailfrom; envelope-from="paul@tej.com.tw"; helo=tej9806.tej.com.tw; client-ip=59.124.45.131

-=--------------------------------------------------=-
SpamAssassin Score: 0.201
Message is NOT marked as spam
Points breakdown: 
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                            valid
 0.1 DKIM_INVALID           DKIM or DK signature exists, but is not valid
raytracy iT邦大神 1 級 ‧ 2021-04-01 10:06:25 檢舉

你是用甚麼工具寄信的?

PHPMailer 有一個 Issues 跟你的狀況類似:
https://github.com/PHPMailer/PHPMailer/issues/2131
但是這個 Issue 還沒有解掉...
(2020/9月至今)

都是 DKIM Public Key valid,
但是 Spamassassin 卻判斷他 not valid,
我也認為這是某種 Bug...

kuang001 iT邦新手 4 級 ‧ 2021-04-01 11:15:20 檢舉

大大: 我是透過 Mozilla Thunderbird 寫封信寄至該網站提供 eMail address;最後所得到訊息? 但直寄我 gmail 信箱不管用 1024 或 2048 加密後結果都是 PASS .讓我覺得很疑惑?這是第一次碰到.
謝謝回覆. 感恩.

kuang001 iT邦新手 4 級 ‧ 2021-04-01 13:20:24 檢舉

大大:感謝提醒;經透過 Gmail 發信至該網站後經交叉比對是
Selects the canonicalization method(s) 問題?
只要更改為 Canonicalization relaxed/relaxed
( /etc/opendkim.conf ) 就可以成功了.

1
ZongXianLi
iT邦新手 4 級 ‧ 2021-03-31 16:36:39

寄信去MailTest 看回應是哪裡出錯

https://www.mail-tester.com/

我要發表回答

立即登入回答