[GLLUG] British Gas DKIM failure?
Marco van Beek
mvanbeek at supporting-role.co.uk
Tue Jul 9 08:38:08 UTC 2024
"It's quiet. It's too damn quiet..."
On 09/07/2024 01:13, Steve Parker via GLLUG wrote:
> Just noticed that the last I heard from this group was in March. Has
> it been unusually quiet, or am I missing out?
>
> On 31/03/2024 18:12, Henrik Morsing via GLLUG wrote:
>>
>> Hi again,
>>
>> I just installed the DKIM Verifier extension to Thunderbird on my
>> laptop and that fails the email as well. My laptop has OpenSSL 3.1.4,
>> so that has the bug as well.
>>
>> Still no closer to fixing this though.
>>
>> Regards,
>> Henrik Morsing
>>
>>
>>
>> On Sun, Mar 31, 2024 at 03:30:47PM +0100, Henrik Morsing via GLLUG
>> wrote:
>>>
>>> Hi all,
>>>
>>> Happy Easter. I have some days off, so finally had some time to look
>>> at this.
>>>
>>> Having disabled rejection in January gave me some more data to look
>>> at and it became obvious that anyone using 1024-bit keys failed the
>>> check and anyone using 2048-bit passed.
>>>
>>> I found one person out there who said his DKIM checks started
>>> failing on 1024-bit keys after he upgraded from OpenSSL 0.9.8 to
>>> 1.1.1 (My current version) but sadly no replies.
>>>
>>> So, my OpenSSL has a bug, I assume, but it's not really publicly
>>> known and no-one seems very concerned about it? Seem very odd.
>>>
>>> Tried to find somewhere in the configuration where a limit was set
>>> but couldn't find anything and also find it odd if that was the case.
>>>
>>> Regards,
>>> Henrik Morsing
>>>
>>>
>>>
>>>
>>> On Fri, Jan 12, 2024 at 03:48:17PM +0000, Henrik Morsing via GLLUG
>>> wrote:
>>>>
>>>> Good afternoon,
>>>>
>>>> Not dircetly Linux, sorry, but British Gas has spent the last year
>>>> sending me letters saying they can't email me. When I look into it,
>>>> their emails are rejected based on a bad DKIM signature.
>>>>
>>>> The problem is, not receiving the email, how can I find out what
>>>> the problem is? mxtoolbox says their setup is fine, but that surely
>>>> can't check the signature inside one of their emails.
>>>>
>>>> What is slightly odd is that DMARC policy is set to none, so
>>>> shouldn't reject anything anyway.
>>>>
>>>> I can't say I'm a DKIM/DMARC expert, but this is what I see:
>>>>
>>>> Dec 22 12:37:12 emil opendkim[768]: 2F7612233E: s=mailjet
>>>> d=britishgas.co.uk a=rsa-sha256 SSL error:04091068:rsa
>>>> routines:int_rsa_verify:bad signature
>>>> Dec 22 12:37:13 emil opendmarc[3858740]: 2F7612233E:
>>>> britishgas.co.uk fail
>>>> Dec 22 12:37:13 emil postfix/cleanup[3996586]: 2F7612233E:
>>>> milter-reject: END-OF-MESSAGE from
>>>> o94.p12.mailjet.com[87.253.237.94]: 5.7.1 rejected by DMARC policy
>>>> for britishgas.co.uk;
>>>> from=<296f63a1.CAAABPhWdncAAAAAAAAAAKg7aSYAAYCqUv4AAAAAABBDggBlhYBF at a1065858.bnc3.mailjet.com>
>>>> to=<morsing at morsing.cc> proto=ESMTP helo=<o94.p12.mailjet.com>
>>>>
>>>> Not sure where to go from here though. Smells like their problem to
>>>> me, but I don't want to tell them that without proof. Any hints?
>>>>
>>>> Regards,
>>>> Henrik Morsing
>>>> --
>>>>
>>>>
>>>> --
>>>> GLLUG mailing list
>>>> GLLUG at mailman.lug.org.uk
>>>> https://mailman.lug.org.uk/mailman/listinfo/gllug
>>>
>>> --
>>>
>>>
>>> --
>>> GLLUG mailing list
>>> GLLUG at mailman.lug.org.uk
>>> https://mailman.lug.org.uk/mailman/listinfo/gllug
>>
>
More information about the GLLUG
mailing list