Re: opendkim verify, but signed email has a hardfail.

From: Josef Karliak <>
Date: Wed, 09 Nov 2011 07:13:44 +0100

   I wanna signing domain, celer ( is from my own
domain, signing and verifying works well.
   When I send email to elandsys, I got:
DKIM Signature validation: fail
DKIM Author Domain Signing Practices: "dkim=all"

   If I use command for test adsp on the opendkim signing machine, adsp is ok:
         policy is "all"
         policy result code is "author domain policy found"

   And opendkim test keys binary don't show any problem message:
opendkim-testkey -d -k ./mail.private -v -s mail

   If I made a mistake for test it again, I got a error message. So I
suppose that no message from opendkim-testkey means no errors (-s mail
-> -s maillll)

   For generating opendkim key I used command:
   opendkim-genkey -s mail -d

   contains of the file mail.txt is in the zone record, dig
dig +short -t txt
"v=DKIM1\; r=postmaster\; g=*\; k=rsa\;

   So I'm out of the ideas :-/
   I made a few dkims before, without any problems. I missed something :-/
   Thanks and best regards

Cituji "Murray S. Kucherawy" <>:

> On Tue, 8 Nov 2011, Josef Karliak wrote:
>> Hi,
>> I've some problems with opendkim with postfix on the opensuse 11.4 64-bit.
>> Email is signed, but verifiers don't accept it. Part of the email's header:
>> Authentication-Results:; dkim=hardfail
>> (verification failed); dkim-adsp=fail
>> In the syslog I see:
>> Nov 8 13:22:00 celer dkim-filter[4888]: ED4D1C58FF SSL
>> error:04077068:rsa routines:RSA_verify:bad signature
>> Nov 8 13:22:00 celer dkim-filter[4888]: ED4D1C58FF: bad signature data
> You should update celer to opendkim as well, and test again.
> If it still fails, read opendkim/README's "DEBUG FEATURES" section
> and try using the tools described there. Let us know if you need
> further assistance.
> -MSK

Ma domena pouziva zabezpeceni a kontrolu SPF ( a  
DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu,  
zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji.
My domain use SPF ( and DomainKeys/DKIM (with ADSP)  
policy and check. If you've problem with sending emails to me, start  
using email origin methods mentioned above. Thank you.
This message was sent using IMP, the Internet Messaging Program.

Received on Wed Nov 09 2011 - 06:13:53 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:21 PST