[GLLUG] British Gas DKIM failure?
Henrik Morsing
henrik at morsing.cc
Sun Mar 31 14:30:47 UTC 2024
Hi all,
Happy Easter. I have some days off, so finally had some time to look at this.
Having disabled rejection in January gave me some more data to look at and it became obvious that anyone using 1024-bit keys failed the check and anyone using 2048-bit passed.
I found one person out there who said his DKIM checks started failing on 1024-bit keys after he upgraded from OpenSSL 0.9.8 to 1.1.1 (My current version) but sadly no replies.
So, my OpenSSL has a bug, I assume, but it's not really publicly known and no-one seems very concerned about it? Seem very odd.
Tried to find somewhere in the configuration where a limit was set but couldn't find anything and also find it odd if that was the case.
Regards,
Henrik Morsing
On Fri, Jan 12, 2024 at 03:48:17PM +0000, Henrik Morsing via GLLUG wrote:
>
>Good afternoon,
>
>Not dircetly Linux, sorry, but British Gas has spent the last year sending me letters saying they can't email me. When I look into it, their emails are rejected based on a bad DKIM signature.
>
>The problem is, not receiving the email, how can I find out what the problem is? mxtoolbox says their setup is fine, but that surely can't check the signature inside one of their emails.
>
>What is slightly odd is that DMARC policy is set to none, so shouldn't reject anything anyway.
>
>I can't say I'm a DKIM/DMARC expert, but this is what I see:
>
>Dec 22 12:37:12 emil opendkim[768]: 2F7612233E: s=mailjet d=britishgas.co.uk a=rsa-sha256 SSL error:04091068:rsa routines:int_rsa_verify:bad signature
>Dec 22 12:37:13 emil opendmarc[3858740]: 2F7612233E: britishgas.co.uk fail
>Dec 22 12:37:13 emil postfix/cleanup[3996586]: 2F7612233E: milter-reject: END-OF-MESSAGE from o94.p12.mailjet.com[87.253.237.94]: 5.7.1 rejected by DMARC policy for britishgas.co.uk; from=<296f63a1.CAAABPhWdncAAAAAAAAAAKg7aSYAAYCqUv4AAAAAABBDggBlhYBF at a1065858.bnc3.mailjet.com> to=<morsing at morsing.cc> proto=ESMTP helo=<o94.p12.mailjet.com>
>
>Not sure where to go from here though. Smells like their problem to me, but I don't want to tell them that without proof. Any hints?
>
>Regards,
>Henrik Morsing
>--
>
>
>--
>GLLUG mailing list
>GLLUG at mailman.lug.org.uk
>https://mailman.lug.org.uk/mailman/listinfo/gllug
--
More information about the GLLUG
mailing list