Re: OpenDKIM bug ?

From: Ole Frendved Hansen <>
Date: Thu, 10 Jan 2019 18:29:15 +0000

Hi Ken,

But the problem could steam from DNS-problem in your installation?

Referring to the sample in your first post:
[sample start]
failed to parse Authentication-Results: header field

key retrieval failed (s=selector1-Q2e-onmicrosoft-com,<>): '<>' query failed
[sample end]
I can look up the key easily:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtFzLYI19GpU/IyAjIxj1OPYUaH/yw28tk8r9qsIMA3KBawuYxmypWEju36fCZDJbMGsTYqJKqvMZ7ZapgGlIs/6cq1VpfAC252hABuDhplPidECPz78HzCumqgot+lEWcy9DvjJmk40AnnAIe5g7F9zt8DH8hjWhQj9JOy6xoVwIDAQAB; n=1024,1452993956,1

Best regards,

DeiC, Danish e-Infrastructure Cooperation,<>

Den 10. jan. 2019 kl. 19.01 skrev Ken <<>>:

For those following this, the test with Angelo using Outlook via Office 356 resulted in the same
 results I've been seeing

On Thu, Jan 10, 2019 at 11:44 AM Ken <<>> wrote:
Thanks for the offer Angelo

I think based on the amount of domains this is happening with along with the fact it only happens with a very specific sending environment it's confirmed.

But if you'd like to try, you can send an email to<>.
I'd assume Outlook via O365 would be a good place to start, but I'm only guessing on what's being used based on the companies involved.


On Thu, Jan 10, 2019 at 11:28 AM Fazzina, Angelo <<>> wrote:
Hi, I am willing to help conduct a test.
What email address do you want me to send to ?

Should I send using telnet commands or you want me to send with Outlook or T-bird client ?
My domain<> is on O365 but I have access to other smtp servers if you want me to send from them.

Then you can check your logs again….
Pretty sure we have default setup in O365 but I have opendkim setup on some smtp servers.


ITS Service Manager:
Spam and Virus Prevention
Mass Mailing
G Suite/Gmail<>
University of Connecticut, ITS, SSG, Server Systems

From:<> <<>> On Behalf Of Ken
Sent: Thursday, January 10, 2019 10:34 AM
Subject: OpenDKIM bug ?

I'm currently running OpenDKIM 2.10.3
I'm seeing instances (thousands per day) where verification's fail with:
[sample start]
failed to parse Authentication-Results: header field

key retrieval failed (s=selector1-Q2e-onmicrosoft-com,<>): '<>' query failed
[sample end]
This is occurring with legitimate sources.
Banks, Stores, Technology companies, and seems to be limited to any domain using what appears to be Outlook/Office 365

If it were one off (one domain out of thousands) I could easily chalk it up to bad sender configuration. But it's not, it's thousands of emails from hundreds of (valid) senders a day
Any insight would be appreciated
Thank you

Received on Thu Jan 10 2019 - 18:29:37 PST

This archive was generated by hypermail 2.3.0 : Fri Jan 11 2019 - 06:00:00 PST