opendkim signed messages 'fail' spamassassin-based DKIM signature verification with 'OPENSSL ERROR: DATA TOO LARGE FOR KEY SIZE' ?

From: <>
Date: Thu, 14 Apr 2011 23:05:13 -0700


i'm in the process of securing a new postfix server, and have set up
OpenDkim v2.3.1 as a postfix milter for use in signing outbound mail.

i've checked outbound email with's DKIM verifier, and it
reports a 'neutral', caliming the message is NOT signed,

   DKIM check details:
   Result: neutral (message not signed)
   ID(s) verified:

checking further by receiving at another of my own servers, the rec'd
message sure looks to be signed, but FAILs an inbound Spamassassin DKIM
test. The message's headers include:

         * -0.0 BAYES_20 BODY: Bayes spam probability is 5 to 20%
         * [score: 0.1540]
         * 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not
 X-Spam-Checker-Version: SpamAssassin 3.3.0
 Received: from [] (HELO
   by (SMTP 4)
   with ESMTP-TLS id 7730256 for; Thu, 14 Apr 2011
   22:05:28 -0700
 Received: from (localhost [])
         (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
         (No client certificate requested)
         by ( with ESMTPSA id
         for <>; Thu, 14 Apr 2011 22:04:21 -0700
 X-DKIM: OpenDKIM Filter v2.3.1 046702BE81
 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=key1.mydomain1; t=1302843928;

looking at Spamassassin's logs, i see,

        Apr 14 22:19:24.817 [12200] dbg: dkim: signature verification

searching, i'm not having much luck tracking this down, but suspect it's
a misconfiguration of my opendkim.conf

my dkim keys were simply generated using openssl,

 openssl genrsa -out 1024
 openssl rsa -in -out -pubout -outform PEM

any suggestions as to what to do about this?


Received on Fri Apr 15 2011 - 06:05:26 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:17 PST