[dkim-dev] verification failed problems
Murray S. Kucherawy
msk at sendmail.com
Wed Jun 13 17:13:12 PDT 2007
On Wed, 13 Jun 2007, Eric Allman wrote:
> Ah. I think the problem is that you need to append the \r\n on b=
> before you sign. You're adding it after signing.
Actually the CRLF should not be there when you feed the header to
canonicalization (RFC4871 3.7). Therefore the algorithm you presented
appears to be correct, but that's not code or actual data so it's hard to
say what's actually gone wrong.
If you send a test message to sa-test at sendmail.net and have a DK-style
policy published with a special flag set, our auto-responder will reply to
you with the canonicalizations it generated when receiving your message.
When you get those back, you can diff what we saw against what you sent
and figure out what's gone wrong.
The special flag is "r=", e.g.:
t=y; o=~; r=user at domain
...will cause a failure report to be sent to "user at domain".
--
Murray S. Kucherawy ========================================= msk at sendmail.com
Principal Engineer Sendmail, Inc. Emeryville, CA, USA
(510) 594-5400 http://www.sendmail.com
More information about the dkim-dev
mailing list