請問? 我 eMail 有使用 opendkim 2.11.0-0.1 但目前寄給 wiedu.com 這家公司都會回應 said: 550 5.7.1 Rejected - DKIM check failed (in reply to end of DATA command)) 但我寄至 gmail 信箱都是正常!
請問這問題?要如何查找.(敬請有經驗網友幫忙!...)
我 gmail check 都是 PASS
SPF: PASS,IP 59.124.45.131 瞭解詳情
DKIM: 'PASS',網域 tej.com.tw。瞭解詳情
DMARC: 'PASS'。瞭解詳情
最後解決方式:
修改 /etc/opendkim.conf 中
啟用 Canonicalization relaxed/relaxed
關閉 # Canonicalization relaxed/simple
已邀請的邦友 {{ invite_list.length }}/5
你在設定 DKIM 的時候, 有指定加密的 Key 長度大於 1024 嗎?
(比較嚴格的驗證都要求 2048 bytes 以 上)
謝謝,大大提醒. 我已經重 build 2048 key.
也藉由對方提供測試網站 https://dkimvalidator.com/
所得到最後結果也是 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
請問?還需改什麼地方.敬請大大指導?
附註:
DKIM Information:
DKIM Signature
Message contains this DKIM Signature:
DKIM-Filter: OpenDKIM Filter v2.11.0 tej9806.tej.com.tw 9198165110D
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tej.com.tw;
s=default; t=1617239066;
bh=nnxMk/gKV7R8lCxL3A3p3bLuDCRlVe6PZgj0PkQnRAw=;
h=Reply-To:To:From:Subject:Date:From;
b=WRcO0cYVCN+KjIrGYNj4tJHJ3PDGf6jJN6PhjRlAey20EYS+Py3cXg2x9HPZkOtoh
/vd3TnZdOvs5hzqig0c2aSqQML6rLpqaWiwYR+RMly56NUErHFQxJrptOWz+fH4V+P
rb34dljj7orC6Z3uzrvvmvIazVr/W6HinmDbuuoJYb6YWohV8P/TIuEUmxLpFw+iGD
MVFY6DSFm44h1tXFiMdrRC0uy8V1EQYgDHsa6XZSXPIeAYdCQgBy34VMM80NEwHXjG
WUGp3P+rVoebMAW6HxV4NfGS0zXum0zuNprnyIEGMR32FWBb/EZL/VxWVw4Fe+/DyG
wNqlg1EXOSOOw==
DKIM-Filter: OpenDKIM Filter v2.11.0 tej9806.tej.com.tw 925EB64ED52
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tej.com.tw;
s=default; t=1617239065;
bh=IgQs9s7Ss5qhDjQDS4lIPRDPWG9RNIpCg/QBDpMhkEU=;
h=Reply-To:To:From:Subject:Date:From;
b=aJitvYVgDrJtD2qpY/Q3QNpHnFw8vFJRFydYdQFum2eTBOsHxpdrvJmTEcme+XLp1
OEfywFGgD4AhX3PRdyWYdC4fnQGLQWtOLXMggxB2sfXin+8GrYPmq5sbXRrjj7iL/A
uY6KWRUNgkDCtTziugMwJH0aHzqSbod4EoVxVqGB7DpIv1jBxLqOkowA601AfDZQL/
VcEtmRU27wl+D3qoHhsDsOQ28xw/N/ZmnHLdGv8oOeUJjbQU4WkaSGPXU2ltdo0Z7W
STRruUS3J472d362bLzqka06ZQJgsnmz2Ei3/09WXIQJJTBiEU8kzU3ZrmYEiSLv9R
Oq3/AdC4oGQmQ==
Signature Information:
v= Version: 1
a= Algorithm: rsa-sha256
c= Method: relaxed/simple
d= Domain: tej.com.tw
s= Selector: default
q= Protocol:
bh= nnxMk/gKV7R8lCxL3A3p3bLuDCRlVe6PZgj0PkQnRAw=
h= Signed Headers: Reply-To:To:From:Subject:Date:From
b= Data: WRcO0cYVCN+KjIrGYNj4tJHJ3PDGf6jJN6PhjRlAey20EYS+Py3cXg2x9HPZkOtoh
/vd3TnZdOvs5hzqig0c2aSqQML6rLpqaWiwYR+RMly56NUErHFQxJrptOWz+fH4V+P
rb34dljj7orC6Z3uzrvvmvIazVr/W6HinmDbuuoJYb6YWohV8P/TIuEUmxLpFw+iGD
MVFY6DSFm44h1tXFiMdrRC0uy8V1EQYgDHsa6XZSXPIeAYdCQgBy34VMM80NEwHXjG
WUGp3P+rVoebMAW6HxV4NfGS0zXum0zuNprnyIEGMR32FWBb/EZL/VxWVw4Fe+/DyG
wNqlg1EXOSOOw==
Public Key DNS Lookup
Building DNS Query for default._domainkey.tej.com.tw
Retrieved this publickey from DNS: v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOiHqnJoyOq5X4HpbUKcIJoPY9T5wSaeVu4i+Exlcihzn4M4knhYMGPuaGCc7T1PqX5l71ErW0cTFdZ3kqJTecdhXsbBsWVRdrq1y5aCtHJ4PTklAgeoiLKFdBppOi+M0TXf5AdIS6Ex24J+K6NwsM/1nB42k/jNkB1aG6PhUP58MMGVLyMOcQZ0br16TiJnEzosWSorEELVrJTgxRggCPDHz1j1lN4jBULFqyudejZTBw0gMq/9McSVcGqvuePNfco+RZwXUPqPZ6POJdLbWr4omJG+CpbnlNn+e1ovb0BjEyLTGOwI4Rf9YphGJPSaPZPhOkwML0neh97R2+5KYQIDAQAB
Validating Signature
result = pass
Details:
---
SPF Information:
Using this information that I obtained from the headers
Helo Address = tej9806.tej.com.tw
From Address = paul@tej.com.tw
From IP = 59.124.45.131
SPF Record Lookup
Looking up TXT SPF record for tej.com.tw
Found the following namesevers for tej.com.tw: ns.tej.com.tw tej9806.tej.com.tw
Retrieved this SPF Record: zone updated 20210401 (TTL = 7)
using authoritative server (ns.tej.com.tw) directly for SPF Check
Result: pass (Mechanism 'a' matched)
Result code: pass
Local Explanation: tej.com.tw: 59.124.45.131 is authorized to use 'paul@tej.com.tw' in 'mfrom' identity (mechanism 'a' matched)
spf_header = Received-SPF: pass (tej.com.tw: 59.124.45.131 is authorized to use 'paul@tej.com.tw' in 'mfrom' identity (mechanism 'a' matched)) receiver=dkimvalidator.com; identity=mailfrom; envelope-from="paul@tej.com.tw"; helo=tej9806.tej.com.tw; client-ip=59.124.45.131
-=--------------------------------------------------=-
SpamAssassin Score: 0.201
Message is NOT marked as spam
Points breakdown:
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
你是用甚麼工具寄信的?
PHPMailer 有一個 Issues 跟你的狀況類似:
https://github.com/PHPMailer/PHPMailer/issues/2131
但是這個 Issue 還沒有解掉...
(2020/9月至今)
都是 DKIM Public Key valid,
但是 Spamassassin 卻判斷他 not valid,
我也認為這是某種 Bug...
大大: 我是透過 Mozilla Thunderbird 寫封信寄至該網站提供 eMail address;最後所得到訊息? 但直寄我 gmail 信箱不管用 1024 或 2048 加密後結果都是 PASS .讓我覺得很疑惑?這是第一次碰到.
謝謝回覆. 感恩.
大大:感謝提醒;經透過 Gmail 發信至該網站後經交叉比對是
Selects the canonicalization method(s) 問題?
只要更改為 Canonicalization relaxed/relaxed
( /etc/opendkim.conf ) 就可以成功了.
iThome鐵人賽
看影片追技術