[GLLUG] British Gas DKIM failure?

Steve Parker steve at steve-parker.org
Tue Jul 9 00:13:12 UTC 2024 

Just noticed that the last I heard from this group was in March. Has it 
been unusually quiet, or am I missing out?

On 31/03/2024 18:12, Henrik Morsing via GLLUG wrote:
>
> Hi again,
>
> I just installed the DKIM Verifier extension to Thunderbird on my 
> laptop and that fails the email as well. My laptop has OpenSSL 3.1.4, 
> so that has the bug as well.
>
> Still no closer to fixing this though.
>
> Regards,
> Henrik Morsing
>
>
>
> On Sun, Mar 31, 2024 at 03:30:47PM +0100, Henrik Morsing via GLLUG wrote:
>>
>> Hi all,
>>
>> Happy Easter. I have some days off, so finally had some time to look 
>> at this.
>>
>> Having disabled rejection in January gave me some more data to look 
>> at and it became obvious that anyone using 1024-bit keys failed the 
>> check and anyone using 2048-bit passed.
>>
>> I found one person out there who said his DKIM checks started failing 
>> on 1024-bit keys after he upgraded from OpenSSL 0.9.8 to 1.1.1 (My 
>> current version) but sadly no replies.
>>
>> So, my OpenSSL has a bug, I assume, but it's not really publicly 
>> known and no-one seems very concerned about it? Seem very odd.
>>
>> Tried to find somewhere in the configuration where a limit was set 
>> but couldn't find anything and also find it odd if that was the case.
>>
>> Regards,
>> Henrik Morsing
>>
>>
>>
>>
>> On Fri, Jan 12, 2024 at 03:48:17PM +0000, Henrik Morsing via GLLUG 
>> wrote:
>>>
>>> Good afternoon,
>>>
>>> Not dircetly Linux, sorry, but British Gas has spent the last year 
>>> sending me letters saying they can't email me. When I look into it, 
>>> their emails are rejected based on a bad DKIM signature.
>>>
>>> The problem is, not receiving the email, how can I find out what the 
>>> problem is? mxtoolbox says their setup is fine, but that surely 
>>> can't check the signature inside one of their emails.
>>>
>>> What is slightly odd is that DMARC policy is set to none, so 
>>> shouldn't reject anything anyway.
>>>
>>> I can't say I'm a DKIM/DMARC expert, but this is what I see:
>>>
>>> Dec 22 12:37:12 emil opendkim[768]: 2F7612233E: s=mailjet 
>>> d=britishgas.co.uk a=rsa-sha256 SSL error:04091068:rsa 
>>> routines:int_rsa_verify:bad signature
>>> Dec 22 12:37:13 emil opendmarc[3858740]: 2F7612233E: 
>>> britishgas.co.uk fail
>>> Dec 22 12:37:13 emil postfix/cleanup[3996586]: 2F7612233E: 
>>> milter-reject: END-OF-MESSAGE from 
>>> o94.p12.mailjet.com[87.253.237.94]: 5.7.1 rejected by DMARC policy 
>>> for britishgas.co.uk; 
>>> from=<296f63a1.CAAABPhWdncAAAAAAAAAAKg7aSYAAYCqUv4AAAAAABBDggBlhYBF at a1065858.bnc3.mailjet.com> 
>>> to=<morsing at morsing.cc> proto=ESMTP helo=<o94.p12.mailjet.com>
>>>
>>> Not sure where to go from here though. Smells like their problem to 
>>> me, but I don't want to tell them that without proof. Any hints?
>>>
>>> Regards,
>>> Henrik Morsing
>>> -- 
>>>
>>>
>>> -- 
>>> GLLUG mailing list
>>> GLLUG at mailman.lug.org.uk
>>> https://mailman.lug.org.uk/mailman/listinfo/gllug
>>
>> -- 
>>
>>
>> -- 
>> GLLUG mailing list
>> GLLUG at mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/gllug
>

More information about the GLLUG mailing list