Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signature does not verify #4

Open
brendanmckenzie opened this issue May 25, 2012 · 3 comments
Open

Signature does not verify #4

brendanmckenzie opened this issue May 25, 2012 · 3 comments

Comments

@brendanmckenzie
Copy link

I tried using this with a HTML email and sent it to Port25's verifier and received this:

Result: fail (signature doesn't verify)

Any ideas?
@brendanmckenzie
Copy link
Author

(p.s. if you don't have the time to work on this, pointers to the right direction would be much appreciated!)

@dmcgiv
Copy link
Owner

dmcgiv commented May 26, 2012

It would help if you posted some code and the response from Port25 in full :) Better yet upload the code to a repo so I can run it locally.

@brendanmckenzie
Copy link
Author

Here you go. I'm no longer using this though - I have setup my own mail server (postfix) which DKIM/DK signs my mail for me.

Delivered-To: hello@brendanmckenzie.com
Received: by 10.204.172.5 with SMTP id j5csp126731bkz;
Fri, 25 May 2012 13:02:46 -0700 (PDT)
Received: by 10.220.154.130 with SMTP id o2mr126085vcw.57.1337976165895;
Fri, 25 May 2012 13:02:45 -0700 (PDT)
Return-Path: auth-results@verifier.port25.com
Received: from verifier.port25.com (verifier.port25.com. [96.244.219.19])
by mx.google.com with ESMTP id ce2si2549312vdc.130.2012.05.25.13.02.44;
Fri, 25 May 2012 13:02:44 -0700 (PDT)
Received-SPF: pass (google.com: domain of auth-results@verifier.port25.com designates 96.244.219.19 as permitted sender) client-ip=96.244.219.19;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of auth-results@verifier.port25.com designates 96.244.219.19 as permitted sender) smtp.mail=auth-results@verifier.port25.com; dkim=pass header.i=auth-results@port25.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=auth; d=port25.com;
h=Date:From:To:Subject:Message-Id:In-Reply-To; i=auth-results@verifier.port25.com;
bh=8cOEs5Klfput29FdEMi7ZxwM/ak=;
b=4srGgD1ihzmddx/n373vG95ljR/RSNRUmWbza4AXexd/1Bxq4ZrNfGtqW4Tbrjz+z4b0YHf8a2yx
Dbi8biGtuw==
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=auth; d=port25.com;
b=Dw+UwDnOunsj7KMfvfbeIVjqBClB9BAV+yRRzyuvA0nVlYG8IlETmhrHqKEyHnjKbLD5aJQdIEZh
oVjUO1C4tA==;
Received: from verifier.port25.com (127.0.0.1) by verifier.port25.com id hnvim811u9ce for hello@brendanmckenzie.com; Fri, 25 May 2012 16:02:44 -0400 (envelope-from auth-results@verifier.port25.com)
Date: Fri, 25 May 2012 16:02:44 -0400
From: auth-results@verifier.port25.com
To: hello@brendanmckenzie.com
Subject: Authentication Report
Message-Id: 1337976161-753272@verifier.port25.com
Precedence: junk (auto_reply)
In-Reply-To: 0.0.4.38.1CD3AB157262278.0@verifier.port25.com

This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com. The service allows email senders to perform
a simple check of various sender authentication mechanisms. It is provided
free of charge, in the hope that it is useful to the email community. While
it is not officially supported, we welcome any feedback you may have at
verifier-feedback@port25.com.

Thank you for using the verifier,

The Port25 Solutions, Inc. team

Summary of Results

SPF check: pass
DomainKeys check: neutral
DKIM check: pass
DKIM check: fail
Sender-ID check: pass
SpamAssassin check: ham

Details:

HELO hostname: brendanmckenzie.com
Source IP: 195.234.10.163
mail-from: hello@brendanmckenzie.com

SPF check details:

Result: pass
ID(s) verified: smtp.mailfrom=hello@brendanmckenzie.com
DNS record(s):
brendanmckenzie.com. SPF (no records)
brendanmckenzie.com. 3600 IN TXT "v=spf1 ip4:195.234.10.163 ~all"

DomainKeys check details:

Result: neutral (message not signed)
ID(s) verified: header.From=hello@brendanmckenzie.com
DNS record(s):

DKIM check details:

Result: pass (matches From: hello@brendanmckenzie.com)
ID(s) verified: header.d=brendanmckenzie.com
Canonicalized Headers:
from:hello@brendanmckenzie.com'0D''0A'
to:check-auth@verifier.port25.com'0D''0A'
reply-to:no-reply@brendanmckenzie.com'0D''0A'
date:25'20'May'20'2012'20'15:58:57'20'-0400'0D''0A'
subject:test'20'subject'0D''0A'
dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/simple;'20'd=brendanmckenzie.com;'20's=default;'20't=1337976158;'20'bh=XhYXuiaowMvpN198WBaDnkLEEWoQmqH/hzImb1Y3ifQ=;'20'h=From:To:Reply-To:Date:Subject:From;'20'b=

Canonicalized Body:
TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2Npbmcg'0D''0A'
ZWxpdC4gRG9uZWMgZXQgdGVsbHVzIGxpZ3VsYSwgdmVsIGludGVyZHVtIG1hc3NhLiBN'0D''0A'
YWVjZW5hcyBzb2RhbGVzIGRpZ25pc3NpbSBzb2xsaWNpdHVkaW4uIFBlbGxlbnRlc3F1'0D''0A'
ZSBzaXQgYW1ldCBmZWxpcyBvZGlvLiBQcmFlc2VudCBjdXJzdXMgbGVvIHF1aXMgbmVx'0D''0A'
dWUgZGljdHVtIGEgaGVuZHJlcml0IGR1aSBzZW1wZXIuIFZlc3RpYnVsdW0gYW50ZSBp'0D''0A'
cHN1bSBwcmltaXMgaW4gZmF1Y2lidXMgb3JjaSBsdWN0dXMgZXQgdWx0cmljZXMgcG9z'0D''0A'
dWVyZSBjdWJpbGlhIEN1cmFlOyBOdWxsYSBpZCB0ZWxsdXMgdml0YWUgcHVydXMgYWRp'0D''0A'
cGlzY2luZyBtb2xlc3RpZSB1dCBhZGlwaXNjaW5nIGxvcmVtLiBEdWlzIGVsZWlmZW5k'0D''0A'
IGJsYW5kaXQgaXBzdW0sIG5vbiBhdWN0b3IgZXJvcyBwbGFjZXJhdCBpbi4='0D''0A'

DNS record(s):
default._domainkey.brendanmckenzie.com. 3600 IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq/unX14R0S9m2hoVpSDyZC+ckOnkv7mge7+Xzu++PYZrvKQvJV/uQNwp5wuEcN/pyk8KOiKKfrTo3JV/nd5ujgwsqU0VM9txEg78XnEX/paNGwOrU+soOnEg6GDVWYYbyw/JwtXjWBIhWOwt9XNwuU3psK7JVtHFUdaCxKyTjxwIDAQAB"

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

DKIM check details:

Result: fail (signature doesn't verify)
ID(s) verified:
Canonicalized Headers:
From:'20'hello@brendanmckenzie.com'0D''0A'
To:'20'check-auth@verifier.port25.com'0D''0A'
Subject:'20'test'20'subject'0D''0A'
Reply-To:'20'no-reply@brendanmckenzie.com'0D''0A'
Date:'20'25'20'May'20'2012'20'15:58:57'20'-0400'0D''0A'
DKIM-Signature:'20'v=1;'20'a=rsa-sha1;'20'c=simple/simple;'20'd=brendanmckenzie.com;'0D''0A'
'20'h=From:To:Subject:Reply-To:Date;'20'q=dns/txt;'20's=default;'20't=1337975934;'0D''0A'
'20'bh=/AYhbXRQagVMimqSLpSK/KUVTc4=;'0D''0A'
'20'b=

Canonicalized Body:
TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2Npbmcg'0D''0A'
ZWxpdC4gRG9uZWMgZXQgdGVsbHVzIGxpZ3VsYSwgdmVsIGludGVyZHVtIG1hc3NhLiBN'0D''0A'
YWVjZW5hcyBzb2RhbGVzIGRpZ25pc3NpbSBzb2xsaWNpdHVkaW4uIFBlbGxlbnRlc3F1'0D''0A'
ZSBzaXQgYW1ldCBmZWxpcyBvZGlvLiBQcmFlc2VudCBjdXJzdXMgbGVvIHF1aXMgbmVx'0D''0A'
dWUgZGljdHVtIGEgaGVuZHJlcml0IGR1aSBzZW1wZXIuIFZlc3RpYnVsdW0gYW50ZSBp'0D''0A'
cHN1bSBwcmltaXMgaW4gZmF1Y2lidXMgb3JjaSBsdWN0dXMgZXQgdWx0cmljZXMgcG9z'0D''0A'
dWVyZSBjdWJpbGlhIEN1cmFlOyBOdWxsYSBpZCB0ZWxsdXMgdml0YWUgcHVydXMgYWRp'0D''0A'
cGlzY2luZyBtb2xlc3RpZSB1dCBhZGlwaXNjaW5nIGxvcmVtLiBEdWlzIGVsZWlmZW5k'0D''0A'
IGJsYW5kaXQgaXBzdW0sIG5vbiBhdWN0b3IgZXJvcyBwbGFjZXJhdCBpbi4='0D''0A'

DNS record(s):
default._domainkey.brendanmckenzie.com. 3600 IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq/unX14R0S9m2hoVpSDyZC+ckOnkv7mge7+Xzu++PYZrvKQvJV/uQNwp5wuEcN/pyk8KOiKKfrTo3JV/nd5ujgwsqU0VM9txEg78XnEX/paNGwOrU+soOnEg6GDVWYYbyw/JwtXjWBIhWOwt9XNwuU3psK7JVtHFUdaCxKyTjxwIDAQAB"

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

Sender-ID check details:

Result: pass
ID(s) verified: header.Sender=hello@brendanmckenzie.com
DNS record(s):
brendanmckenzie.com. SPF (no records)
brendanmckenzie.com. 3600 IN TXT "v=spf1 ip4:195.234.10.163 ~all"

SpamAssassin check details:

SpamAssassin v3.3.1 (2010-03-16)

Result: ham (-0.9 points, 5.0 required)

pts rule name description

0.0 SINGLE_HEADER_2K A single header contains 2K-3K characters
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

Explanation of the possible results (from RFC 5451)

SPF and Sender-ID Results

"none"
No policy records were published at the sender's DNS domain.

"neutral"
The sender's ADMD has asserted that it cannot or does not
want to assert whether or not the sending IP address is authorized
to send mail using the sender's DNS domain.

"pass"
The client is authorized by the sender's ADMD to inject or
relay mail on behalf of the sender's DNS domain.

"policy"
The client is authorized to inject or relay mail on behalf
of the sender's DNS domain according to the authentication
method's algorithm, but local policy dictates that the result is
unacceptable.

"fail"
This client is explicitly not authorized to inject or
relay mail using the sender's DNS domain.

"softfail"
The sender's ADMD believes the client was not authorized
to inject or relay mail using the sender's DNS domain, but is
unwilling to make a strong assertion to that effect.

"temperror"
The message could not be verified due to some error that
is likely transient in nature, such as a temporary inability to
retrieve a policy record from DNS. A later attempt may produce a
final result.

"permerror"
The message could not be verified due to some error that
is unrecoverable, such as a required header field being absent or
a syntax error in a retrieved DNS TXT record. A later attempt is
unlikely to produce a final result.

DKIM and DomainKeys Results

"none"
The message was not signed.

"pass"
The message was signed, the signature or signatures were
acceptable to the verifier, and the signature(s) passed
verification tests.

"fail"
The message was signed and the signature or signatures were
acceptable to the verifier, but they failed the verification
test(s).

"policy"
The message was signed but the signature or signatures were
not acceptable to the verifier.

"neutral"
The message was signed but the signature or signatures
contained syntax errors or were not otherwise able to be
processed. This result SHOULD also be used for other
failures not covered elsewhere in this list.

"temperror"
The message could not be verified due to some error that
is likely transient in nature, such as a temporary inability
to retrieve a public key. A later attempt may produce a
final result.

"permerror"
The message could not be verified due to some error that
is unrecoverable, such as a required header field being
absent. A later attempt is unlikely to produce a final result.

Original Email

Return-Path: hello@brendanmckenzie.com
Received: from brendanmckenzie.com (195.234.10.163) by verifier.port25.com id hnvim011u9c6 for check-auth@verifier.port25.com; Fri, 25 May 2012 16:02:40 -0400 (envelope-from hello@brendanmckenzie.com)
Authentication-Results: verifier.port25.com; spf=pass smtp.mailfrom=hello@brendanmckenzie.com
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) header.From=hello@brendanmckenzie.com
Authentication-Results: verifier.port25.com; dkim=pass (matches From: hello@brendanmckenzie.com) header.d=brendanmckenzie.com
Authentication-Results: verifier.port25.com; dkim=fail (signature doesn't verify)
Authentication-Results: verifier.port25.com; sender-id=pass header.Sender=hello@brendanmckenzie.com
Received: from Maqsood-PC (unknown [75.98.195.110])
by brendanmckenzie.com (Postfix) with ESMTP id BABE5824456
for check-auth@verifier.port25.com; Fri, 25 May 2012 21:02:37 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=brendanmckenzie.com;
s=default; t=1337976158;
bh=XhYXuiaowMvpN198WBaDnkLEEWoQmqH/hzImb1Y3ifQ=;
h=From:To:Reply-To:Date:Subject:From;
b=JDGq0xDxX5x4kRSJBXwiDeVZbCg8rXkRGNPxhDQTWlW2+wv0/RJp0gs6NpMY5eevh
0SOlDdPhK0BxvQ8b9QqcXXgb8H9aL/XtQltWvYjcH/50s5JAGDjsOSzlKEVAIXd0pK
2x52dp0wLqdvSsS4Gmg16LOUxrCnwiaBqnzi8RN8=
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=brendanmckenzie.com;
h=From:To:Subject:Reply-To:Date; q=dns/txt; s=default; t=1337975934;
bh=/AYhbXRQagVMimqSLpSK/KUVTc4=;
b=GqXYWHpc/IwYxoAomkTSgPSZ/9CZ4s1jDx8yhhDtSDczWiTQhXzCASmCeIrKHFNhuu8MpaVjjrd5Q07G5IOKcSSEDqabZpXrIWdypgxX9r8DWA0Hk7uDiHlmLEfpzRdNR/6DXzsnpMN3IwXVewPxDEbEP+8ZnVQkiHbZC8nWn88=
MIME-Version: 1.0
Sender: hello@brendanmckenzie.com
From: hello@brendanmckenzie.com
To: check-auth@verifier.port25.com
Reply-To: no-reply@brendanmckenzie.com
Date: 25 May 2012 15:58:57 -0400
Subject: test subject
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64
Message-ID: 0.0.4.38.1CD3AB157262278.0@verifier.port25.com

TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2Npbmcg
ZWxpdC4gRG9uZWMgZXQgdGVsbHVzIGxpZ3VsYSwgdmVsIGludGVyZHVtIG1hc3NhLiBN
YWVjZW5hcyBzb2RhbGVzIGRpZ25pc3NpbSBzb2xsaWNpdHVkaW4uIFBlbGxlbnRlc3F1
ZSBzaXQgYW1ldCBmZWxpcyBvZGlvLiBQcmFlc2VudCBjdXJzdXMgbGVvIHF1aXMgbmVx
dWUgZGljdHVtIGEgaGVuZHJlcml0IGR1aSBzZW1wZXIuIFZlc3RpYnVsdW0gYW50ZSBp
cHN1bSBwcmltaXMgaW4gZmF1Y2lidXMgb3JjaSBsdWN0dXMgZXQgdWx0cmljZXMgcG9z
dWVyZSBjdWJpbGlhIEN1cmFlOyBOdWxsYSBpZCB0ZWxsdXMgdml0YWUgcHVydXMgYWRp
cGlzY2luZyBtb2xlc3RpZSB1dCBhZGlwaXNjaW5nIGxvcmVtLiBEdWlzIGVsZWlmZW5k
IGJsYW5kaXQgaXBzdW0sIG5vbiBhdWN0b3IgZXJvcyBwbGFjZXJhdCBpbi4=

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dmcgiv @brendanmckenzie