Hello,
dkim=fail ("headers rsa verify failed") header.d=hostedtalk.net header.s=x header.b=L0ZDua3o;
Currently DKIM string is published as two TXT records:
$ dig txt x._domainkey.hostedtalk.net +short @8.8.8.8
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugL4705XWDjrbo9gObsyrWlpUgJVx1UnY5CSgh7oRZjtfoq9cC0dsB3/2IFxNkhEtSugRAweyd5/kxLxs5nq1Gmpg3inZEGJjDDvdDeIMBBZWbIk4JivCDhR4WzLrfCineTHP+/rOszoH4J6icarGePiMAnm59hwEaI2cvw9nvd+ld8zJcsOGE23jfhAOMn+9" "sjiKDG0S9VDsp+v7Fndq7PNUxsNTzPJOZ+q387ACTQWV3Nxr55V/BCzK3Zwp3YE8RT/GxosAdabCWO7nEUrHAkJf4jBZqlHtcp+xYZ5hb5k9qVZYkrLtCy23CJoDp9qlq6MGi9BtUc0N/ehMB036wIDAQAB"
Answers
x._domainkey.hostedtalk.net: type TXT, class IN
Name: x._domainkey.hostedtalk.net
Type: TXT (Text strings) (16)
Class: IN (0x0001)
Time to live: 243 (4 minutes, 3 seconds)
Data length: 412
TXT Length: 255
TXT [truncated]: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugL4705XWDjrbo9gObsyrWlpUgJVx1UnY5CSgh7oRZjtfoq9cC0dsB3/2IFxNkhEtSugRAweyd5/kxLxs5nq1Gmpg3inZEGJjDDvdDeIMBBZWbIk4JivCDhR4WzLrfCineTHP+/rOszoH4J6icarGePiMAnm59h
TXT Length: 155
TXT: sjiKDG0S9VDsp+v7Fndq7PNUxsNTzPJOZ+q387ACTQWV3Nxr55V/BCzK3Zwp3YE8RT/GxosAdabCWO7nEUrHAkJf4jBZqlHtcp+xYZ5hb5k9qVZYkrLtCy23CJoDp9qlq6MGi9BtUc0N/ehMB036wIDAQAB
DKIM should be posted as a single TXT record to fix this.
mfs
January 25, 2022, 9:35pm
2
According to RFC and i.e. the OpenDKIM manual, long (or “large”) keys can be published like that; that selector (per se) seems to pass any test
1 Like
Hrm, you’re right, I’m wrong. It’s something with the key itself then. Maybe the private key for email signing and public key on the domain are out of sync.
Erisa
May 27, 2022, 12:35pm
4
I’m seeing this too. Something is wrong with DKIM. Noticed it when my mailserver sent HostedTalk notifications to spam.
dkim=fail ("headers rsa verify failed") header.d=hostedtalk.net header.s=x header.b=SwUm83Cy;
Happy to send the full headers to any admin if helps to debug things.
X-Spamd-Result: default: False [13.47 / 15.00];
R_DKIM_REJECT(8.00)[hostedtalk.net:s=x];
SEM_URIBL_FRESH15(3.00)[fiskea.com:url];
BAD_REP_POLICIES(2.00)[];
MV_CASE(0.50)[];
MANY_INVISIBLE_PARTS(0.10)[2];
MIME_GOOD(-0.10)[multipart/alternative,text/plain];
HAS_LIST_UNSUB(-0.01)[];
MX_GOOD(-0.01)[];
IP_REPUTATION_HAM(-0.01)[asn: 398810(0.00), country: US(-0.01), ip: 136.175.108.128(0.00)];
HAS_REPLYTO(0.00)[[email protected] ];
FROM_HAS_DN(0.00)[];
TO_MATCH_ENVRCPT_ALL(0.00)[];
PREVIOUSLY_DELIVERED(0.00)[[email protected] ];
RCPT_COUNT_ONE(0.00)[1];
REPLYTO_EQ_FROM(0.00)[];
CLAM_VIRUS_FAIL(0.00)[failed to scan and retransmits exceed];
RCVD_COUNT_TWO(0.00)[2];
DMARC_NA(0.00)[hostedtalk.net];
BCC(0.00)[];
RCPT_MAILCOW_DOMAIN(0.00)[erisa.uk];
RCVD_TLS_ALL(0.00)[];
TO_DN_NONE(0.00)[];
ARC_SIGNED(0.00)[erisa.uk:s=dkim:i=1];
HAS_XOIP(0.00)[];
RCVD_VIA_SMTP_AUTH(0.00)[];
ARC_NA(0.00)[];
R_SPF_ALLOW(0.00)[+ip4:136.175.108.0/22];
FROM_EQ_ENVFROM(0.00)[];
MID_RHS_MATCH_FROM(0.00)[];
DKIM_TRACE(0.00)[hostedtalk.net:-];
ASN(0.00)[asn:398810, ipnet:136.175.108.0/24, country:US];
MIME_TRACE(0.00)[0:+,1:+,2:~];
GREYLIST(0.00)[pass,body]
X-Rspamd-Queue-Id: 55C91E007D
X-Spam: Yes
Razza
May 27, 2022, 3:33pm
5
Broken dkim isn’t a new issue it’s been like that since as far back as 2020 https://hostballs.com/t/the-ball-pit/18/17132
It’s a feature where I try to tank the domain reputation for giggles. That or I keep forgetting to look
2 Likes
ckt
May 31, 2022, 10:30pm
7
I get that DMARC did not pass despite the fact that SPF succeeds and DMARC is not defined. Though that’s just weirdness on my end.
