[dkim-dev] verification failed problems
Michael Thomas
mat at cisco.com
Wed Jun 13 18:04:20 PDT 2007
Likewise, my reflector dkim-test at mtcc.com sends the canonicalized output
in the message back from the reflector itself.
Mike
Murray S. Kucherawy wrote:
> On Wed, 13 Jun 2007, Eric Allman wrote:
>> Ah. I think the problem is that you need to append the \r\n on b=
>> before you sign. You're adding it after signing.
>
> Actually the CRLF should not be there when you feed the header to
> canonicalization (RFC4871 3.7). Therefore the algorithm you presented
> appears to be correct, but that's not code or actual data so it's hard
> to say what's actually gone wrong.
>
> If you send a test message to sa-test at sendmail.net and have a DK-style
> policy published with a special flag set, our auto-responder will
> reply to you with the canonicalizations it generated when receiving
> your message. When you get those back, you can diff what we saw
> against what you sent and figure out what's gone wrong.
>
> The special flag is "r=", e.g.:
>
> t=y; o=~; r=user at domain
>
> ...will cause a failure report to be sent to "user at domain".
>
> --
> Murray S. Kucherawy =========================================
> msk at sendmail.com
> Principal Engineer Sendmail, Inc. Emeryville,
> CA, USA
> (510) 594-5400
> http://www.sendmail.com
> _______________________________________________
> dkim-dev mailing list
> dkim-dev at mipassoc.org
> http://mipassoc.org/mailman/listinfo/dkim-dev
More information about the dkim-dev
mailing list