Re: signature verification/signing problem

From: Charles Bartels <>
Date: Tue, 13 Dec 2011 09:51:08 -0800

On Dec 12, 2011, at 4:36 PM, Murray S. Kucherawy wrote:

> On Mon, 12 Dec 2011, SM wrote:
>> The message may have been modified after it was DKIM signed. That would
>> cause the verification failure (bad signature). Can you enable the
>> KeepTemporaryFiles parameter in your configuration (see
>> for more information)?
> You might also try enabling Diagnostics (if you're using the filter and
> not just the library), which will add a debugging tag to the signature
> that allows you to spot header changes that could be breaking signatures.
> I suggest doing both what SM said and this at the same time, as it saves
> reconfiguring later.
> -MSK

Done and done. Here are the results.

There were just 2 temp files and they were so short I'm including them here (let me know if you actually need the files in a tarball).




subject:Mail Test7
date:Wed, 14 Dec 2011 01:34:27 +0800
dkim-signature:v=1; a=rsa-sha256; c=relaxed/simple;; s=care; t=1323797667; bh=fdkeB/A0FkbVP2k4J4pNPoeWH6vqBm9+b0C3OY87Cw8=; h=To:From:Subject:Date:Message-ID; z=To:=2

And the reply from autorepond+dkim:

This is an automatic response. Replies to this message will not generate
an automatic response.
Do not reply to this message except for reporting a problem.

The results are as follows:

DKIM Signature validation: DKIM-Signature could not be verified
DomainKeys Signature validation: not available
DomainKeys Policy: query failed
DKIM Author Domain Signing Practices: no DNS record for

ADSP is not required for DKIM signature validation.

Note: The authentication results are not available as
there was no signature header or the signature could
not be verified
Information about DKIM is available at
Information about ADSP is available at

Information about dkim-milter is available at

Information about DomainKeys is available at

Original message:
Received: from ( [])
        by (8.14.4/8.14.5) with ESMTP id pBDHYXH4017199
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
        for <>; Tue, 13 Dec 2011 09:34:41 -0800 (PST)
Received: from ( [])
        by (8.14.4/8.14.4/cctw) with ESMTP id pBDHYRBF062185;
        Tue, 13 Dec 2011 09:34:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;
        s=care; t=1323797667;
        h=To:From:Subject:Date:Message-ID; z=To:=2
To: <>, <>, <>,
Subject: Mail Test7
Date: Wed, 14 Dec 2011 01:34:27 +0800
X-Mailer: Perl script ""
        using Mail::Sender 0.8.16 by Jenda Krynicky, Czechlands
        running on (
        under account "cbartels"
Message-ID: <>

Received on Tue Dec 13 2011 - 17:52:09 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:22 PST