Hi,

I’m trying to install mail::DKIM on Debian Etch using CPAN (Debian apt is too far behind), however I’m getting errors during “make test”. I installed/upgraded all dependancies to recent versions and there are no errors during “make”.

I then force installed Mail::DKIM to check if ot would work anyway.
dkimproxy starts but no email is signed (sying “skipped” in maillog).

I’m by no means a Perl expert and I’m having difficulty finding where the problem is and I also have no idea what the reason behind “DKIM signing - skipped” is.

Could someone please point me in the right direction?

Thanks!
Rob

=== maillog ===

Jun 21 12:56:11 server dkimproxy.out[27309]: DKIM signing - skipped; message-id=[email protected], from=[email protected]

(We have multiple domains: it’s correct that the sending email domain is different from the MTA’s domain.)

=== make / make test result ===

CPAN.pm: Going to build J/JA/JASLONG/Mail-DKIM-0.26.tar.gz

Checking if your kit is complete…
Looks good
Writing Makefile for Mail::DKIM
CPAN: YAML loaded ok (v0.62)
cp lib/Mail/DKIM/KeyValueList.pm blib/lib/Mail/DKIM/KeyValueList.pm
cp lib/Mail/DKIM/PrivateKey.pm blib/lib/Mail/DKIM/PrivateKey.pm
cp lib/Mail/DKIM/Algorithm/rsa_sha256.pm blib/lib/Mail/DKIM/Algorithm/rsa_sha256.pm
cp lib/Mail/DKIM/Algorithm/Base.pm blib/lib/Mail/DKIM/Algorithm/Base.pm
cp lib/Mail/DKIM/Algorithm/rsa_sha1.pm blib/lib/Mail/DKIM/Algorithm/rsa_sha1.pm
cp lib/Mail/DKIM/Canonicalization/DkimCommon.pm blib/lib/Mail/DKIM/Canonicalization/DkimCommon.pm
cp lib/Mail/DKIM/Policy.pm blib/lib/Mail/DKIM/Policy.pm
cp lib/Mail/DKIM/MessageParser.pm blib/lib/Mail/DKIM/MessageParser.pm
cp lib/Mail/DKIM/DkSignature.pm blib/lib/Mail/DKIM/DkSignature.pm
cp lib/Mail/DKIM/PublicKey.pm blib/lib/Mail/DKIM/PublicKey.pm
cp lib/Mail/DKIM/Common.pm blib/lib/Mail/DKIM/Common.pm
cp lib/Mail/DKIM/Signature.pm blib/lib/Mail/DKIM/Signature.pm
cp lib/Mail/DKIM/SignerPolicy.pm blib/lib/Mail/DKIM/SignerPolicy.pm
cp lib/Mail/DKIM/Canonicalization/nowsp.pm blib/lib/Mail/DKIM/Canonicalization/nowsp.pm
cp lib/Mail/DKIM/Signer.pm blib/lib/Mail/DKIM/Signer.pm
cp lib/Mail/DKIM/TextWrap.pm blib/lib/Mail/DKIM/TextWrap.pm
cp lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm blib/lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm
cp lib/Mail/DKIM/Verifier.pm blib/lib/Mail/DKIM/Verifier.pm
cp lib/Mail/DKIM.pm blib/lib/Mail/DKIM.pm
cp lib/Mail/DKIM/Canonicalization/simple.pm blib/lib/Mail/DKIM/Canonicalization/simple.pm
cp lib/Mail/DKIM/Canonicalization/dk_simple.pm blib/lib/Mail/DKIM/Canonicalization/dk_simple.pm
cp lib/Mail/DKIM/Canonicalization/Base.pm blib/lib/Mail/DKIM/Canonicalization/Base.pm
cp lib/Mail/DKIM/Key.pm blib/lib/Mail/DKIM/Key.pm
cp lib/Mail/DKIM/Canonicalization/DkCommon.pm blib/lib/Mail/DKIM/Canonicalization/DkCommon.pm
cp lib/Mail/DKIM/Canonicalization/dk_nofws.pm blib/lib/Mail/DKIM/Canonicalization/dk_nofws.pm
cp lib/Mail/DKIM/Canonicalization/relaxed.pm blib/lib/Mail/DKIM/Canonicalization/relaxed.pm
Manifying blib/man3/Mail::DKIM::Signer.3pm
Manifying blib/man3/Mail::DKIM::Algorithm::Base.3pm
Manifying blib/man3/Mail::DKIM::Algorithm::rsa_sha256.3pm
Manifying blib/man3/Mail::DKIM::Algorithm::rsa_sha1.3pm
Manifying blib/man3/Mail::DKIM::Canonicalization::DkimCommon.3pm
Manifying blib/man3/Mail::DKIM::Policy.3pm
Manifying blib/man3/Mail::DKIM::DkSignature.3pm
Manifying blib/man3/Mail::DKIM::Verifier.3pm
Manifying blib/man3/Mail::DKIM.3pm
Manifying blib/man3/Mail::DKIM::Signature.3pm
Manifying blib/man3/Mail::DKIM::Canonicalization::Base.3pm
Manifying blib/man3/Mail::DKIM::SignerPolicy.3pm
JASLONG/Mail-DKIM-0.26.tar.gz
/usr/bin/make – OK
Running make test
PERL_DL_NONLAZY=1 /usr/bin/perl “-MExtUtils::Command::MM” “-e” “test_harness(0, ‘blib/lib’, ‘blib/arch’)” t/*.t
t/Mail-DKIM…ok
t/policy…ok
t/signature…ok
t/signer…ok
t/signer_policy…ok
t/simple_canonicalization…ok
t/verifier…ok 10/45

Failed test ‘‘good_ietf01_1.txt’ should ‘pass’’

at t/verifier.t line 125.

t/verifier…NOK 16/45

Failed test ‘‘good_ietf01_2.txt’ should ‘pass’’

at t/verifier.t line 125.

t/verifier…NOK 17/45

Failed test ‘‘multiple_1.txt’ should ‘pass’’

at t/verifier.t line 125.

t/verifier…NOK 18/45

Failed test ‘‘bad_ietf01_1.txt’ should ‘fail’’

at t/verifier.t line 125.

t/verifier…NOK 19/45

Failed test ‘determined body had been altered’

t/verifier…NOK 20/45# at t/verifier.t line 50.

Failed test ‘‘bad_ietf01_2.txt’ should ‘fail’’

at t/verifier.t line 125.

t/verifier…NOK 21/45

Failed test ‘determined message had been altered’

t/verifier…NOK 22/45# at t/verifier.t line 52.

Failed test ‘‘bad_ietf01_3.txt’ should ‘fail’’

at t/verifier.t line 125.

t/verifier…NOK 23/45

Failed test ‘determined RSA failure’

t/verifier…NOK 24/45# at t/verifier.t line 54.

Failed test ‘‘bad_1.txt’ should ‘fail’’

at t/verifier.t line 125.

t/verifier…ok 26/45

Failed test ‘‘good_dk_yahoo.txt’ should ‘pass’’

at t/verifier.t line 125.

t/verifier…NOK 28/45

Failed test ‘‘good_dk_1.txt’ should ‘pass’’

at t/verifier.t line 125.

t/verifier…NOK 29/45

Failed test ‘‘good_dk_2.txt’ should ‘pass’’

at t/verifier.t line 125.

t/verifier…ok 40/45# Looks like you failed 13 tests of 45.
t/verifier…dubious
Test returned status 13 (wstat 3328, 0xd00)
DIED. FAILED tests 16-25, 28-30
Failed 13/45 tests, 71.11% okay
Failed Test Stat Wstat Total Fail List of Failed

t/verifier.t 13 3328 45 13 16-25 28-30
Failed 1/7 test scripts. 13/104 subtests failed.
Files=7, Tests=104, 6 wallclock secs ( 1.21 cusr + 0.10 csys = 1.31 CPU)
Failed 1/7 test programs. 13/104 subtests failed.
make: *** [test_dynamic] Error 13
JASLONG/Mail-DKIM-0.26.tar.gz
/usr/bin/make test – NOT OK
Running make install
make test had returned bad status, won’t install without force

The ‘make test’ is failing the “verify.t” test, which usually points to some sort of DNS issue. Check that any servers listed in your /etc/resolv.conf file are up and responding to DNS queries.

Also, in the Mail-DKIM directory, you could try “cd t; ./verify.t” which might give more information about why it’s failing.

Regarding your “skipped” messages… Dkimproxy will only sign a message if the message has a “From” or “Sender” header of a domain that it has a private key for. You have to list those domains in the startup arguments for Dkimproxy. So if you want to sign messages with From: [email protected], then start dkimproxy.out with a --domain=corp.nl argument.

Hope that helps.

The server in question is also runs a DNS service (resolv.conf pointing to it) resolving any existing domain I throw at it.
I performed the verifier.t test by hand and it complains about the OpenSSL public key being too long. An example of this is (all tests failing look like this):

verifying message ‘multiple_1.txt’

result: invalid (public key: OpenSSL error: too long)

not ok 18 - ‘multiple_1.txt’ should ‘pass’

Failed test ‘‘multiple_1.txt’ should ‘pass’’

at ./verifier.t line 125.

I don’t know why I would be getting this message when other applications using ssl are working correctly.
I force-installed it and it seems to work anyway. Perhaps you can shed some light on this?

Yes, thanks Jason. I found out what the problem was with the “skipped” thing.
The script uses “hostname -d” which in my case does not return the domain name it should sign messages for. I fixed that by giving it the domain name and it worked. (The testserver was in the same domain so I didn’t notice it before.)

I cannot. Probably it’s an issue with whatever version of OpenSSL libraries and the Perl Crypt::RSA::PenSSL module you have installed. But, if things “seem” to be working ok, then I’d leave them alone.

Hi Jason,

I want help from you.
I have installed dkim with four domains ( use config file “/usr/local/dkimproxy/etc/dkimproxy_out.conf” ) which is working fine.
Now I have to enble dkim for 1000 domains.
so let me know how can do this?
have any parameter use for enable for all domains mails which are traving in dkim setup.

pradeep

I cannot. Probably it’s an issue with whatever version of OpenSSL libraries and the Perl Crypt::RSA::PenSSL module you have installed. But, if things “seem” to be working ok, then I’d leave them alone.