Re: "unprotected key" with DNSSEC

From: SM <>
Date: Tue, 30 Aug 2016 19:44:14 -0700

Hi Jim,
At 16:39 30-08-2016, Jim Fenton wrote:
>I sent a test message to myself through a forwarder (I had some problems
>with the milter config after a Linux upgrade) and now it's signing and
>verifying, but reporting that the key is unprotected. But my domain is
>DNSSEC signed, so I wonder why I'm seeing this.


>and Authentication-Results:
>Authentication-Results:; dkim=pass
> reason="1024-bit key; unprotected key"
> header.b=WwWpOCSI; dkim-adsp=pass; dkim-atps=neutral
>Any ideas?

This is what is results for your email to the list:

Authentication-Results:; dkim=pass
         reason="1024-bit key; secure key"
         header.b=Wml4M0eS; dkim-adsp=pass

Did you set "TrustAnchorFile" to point to the DNSSEC "root key".

Received on Wed Aug 31 2016 - 02:44:28 PST

This archive was generated by hypermail 2.3.0 : Wed Aug 31 2016 - 02:54:00 PST