Vous n'êtes pas identifié(e).

#1 14-10-2017 à 08:59

GG le sympa
Administrateur
Lieu : Graçay
Inscription : 03-08-2006 à 14:41
Messages : 17 599

Re : Code: HM5310, Source: DKIM::SignHash_, Description: Unable to parse th

"ERROR"	6852	"2017-10-14 02:18:55.366"	"Severity: 3 (Medium), Code: HM5310, Source: DKIM::SignHash_, Description: Unable to parse the private key file."
"ERROR"	6852	"2017-10-14 02:18:55.366"	"Severity: 3 (Medium), Code: HM5308, Source: DKIM::Sign, Description: Failed to create siganture."
"ERROR"	6852	"2017-10-14 02:18:55.366"	"Severity: 3 (Medium), Code: HM5306, Source: DKIMSigner::Sign, Description: Message signing using DKIM failed."

Ce problème survient quand la private key dkim ne peut etre lue sur le serveur ou alors le fichier est mal encodé.


1) hmailserver utilise l'utilisateur SYSTEM pour ses droits donc donné la lecture à SYSTEM pour ce fichier

2) ensuite quand on fait un copié collé de la clé privée (la publique dans les dns pas de soucis) générée sur un site web dans un fichier texte, on obtient aussi ce message d'érreur a cause d'un problème de formatage du fichier, même quand on supprime tous les commentaires et saut de ligne

j'ai trouvé une solution : générez une clé avec http://dkimcore.org/tools/

ce site vous propose ensuite d'enregistrer la clé privée en format texte et bingo, faites un clic droit sur le lien, enregistrez sous, mettez la clé ou vous voulez mais surtout ne faites pas de modification du fichier téléchargé.

ensuite mettez la clé publique dans vos DNS en copié collé

v=DKIM1; k=rsa; p=masupercle

et... attendez ! la propagation DNS c'est entre 1h et 12h !

évidemment que pendant ce laps de temps vous allez vous manger un DKIM FAIL

A savoir qu'avec le symptôme lié a cette erreur hmailserver ne charge même pas de signature donc c'est comme si vous n'aviez pas coché la signature dkim lorsque vous envoyez un message

le seul moyen est d'activer les logs et de regarder dans error_hmailserver_xxxx.log

type d'erreur si vous n'atendez pas la propagation ou si les clés ne correspondent pas :

This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com.  The service allows email senders to perform
a simple check of various sender authentication mechanisms.  It is provided
free of charge, in the hope that it is useful to the email community.  While
it is not officially supported, we welcome any feedback you may have at
<[email protected]>.

Thank you for using the verifier,

The Port25 Solutions, Inc. team

==========================================================
Summary of Results
==========================================================
SPF check:          pass
DKIM check:         fail
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  mail.brakstar.com
Source IP:      37.59.54.42
mail-from:      [email protected]

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result:         pass
ID(s) verified: [email protected]

DNS record(s):
    brakstar.com. 10800 IN TXT "v=spf1 ip4:37.59.54.42 ~all"


----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         fail (signature doesn't verify)
ID(s) verified: 

Canonicalized Headers:
    from:Jeremy'20'GAUTIER'20'<[email protected]>'0D''0A'
    subject:vggg'0D''0A'
    date:Sat,'20'14'20'Oct'20'2017'20'10:11:50'20'+0200'0D''0A'
    message-id:<[email protected]>'0D''0A'
    to:[email protected]'0D''0A'
    mime-version:1.0'0D''0A'
    content-type:text/plain;'20'charset=utf-8;'20'format=flowed'0D''0A'
    content-transfer-encoding:7bit'0D''0A'
    dkim-signature:v=1;'20'a=rsa-sha256;'20'd=brakstar.com;'20's=key1;'20'c=relaxed/relaxed;'20'q=dns/txt;'20'h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;'20'bh=3yTXwfpH+zYcMYAG1wPKcnpKqQQPvW1IN+ezhZ+q+CM=;'20'b=

Canonicalized Body:
    '0D''0A'
    '0D''0A'
    '0D''0A'
    gggg'0D''0A'
    

DNS record(s):
    key1._domainkey.brakstar.com. 10800 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCykbSeqBlWKaPUz/M6+Vx8OYNzfRGtA0DX9cxHRHrfGATu+
mZFEUlpk7xIKSNikImyOnPClz
96Q0kwZT4ZcZBLV2jCN6JgIHsICKHNjTXTyGqucMN7cgRd6QZ8IMr4ST0O8DSuBY6e8xfEP33pQKJY8eagaqwtVTP//bHPJfIZ6QIDAQAB"

Public key used for verification: key1._domainkey.brakstar.com (1024 bits)

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions.  If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.4.1 (2015-04-28)

Result:         ham (-1.8 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 NO_DNS_FOR_FROM        DNS: Envelope sender has no MX or A DNS records
 0.0 T_SPF_TEMPERROR        SPF: test of record failed (temperror)
 0.0 T_SPF_HELO_TEMPERROR   SPF: test of HELO record failed (temperror)
-0.0 RP_MATCHES_RCVD        Envelope sender domain matches handover relay domain
-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                            [score: 0.0016]
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
 0.0 T_DKIM_INVALID         DKIM-Signature header exists but is not valid



==============================================================
Explanation of the possible results (based on RFCs 7601, 7208)
==============================================================


DKIM Results
============

none:  The message was not signed.

pass:  The message was signed, the signature or signatures were
    acceptable to the ADMD, and the signature(s) passed verification
    tests.

fail:  The message was signed and the signature or signatures were
    acceptable to the ADMD, but they failed the verification test(s).

policy:  The message was signed, but some aspect of the signature or
    signatures was not acceptable to the ADMD.

neutral:  The message was signed, but the signature or signatures
    contained syntax errors or were not otherwise able to be
    processed.  This result is also used for other failures not
    covered elsewhere in this list.

temperror:  The message could not be verified due to some error that
    is likely transient in nature, such as a temporary inability to
    retrieve a public key.  A later attempt may produce a final
    result.

permerror:  The message could not be verified due to some error that
    is unrecoverable, such as a required header field being absent.  A
    later attempt is unlikely to produce a final result.


SPF Results
===========

none:  Either (a) no syntactically valid DNS domain name was extracted from
    the SMTP session that could be used as the one to be authorized, or
    (b) no SPF records were retrieved from the DNS.

neutral:  The ADMD has explicitly stated that it is not asserting whether
    the IP address is authorized.

pass:  An explicit statement that the client is authorized to inject mail
    with the given identity.

fail:  An explicit statement that the client is not authorized to use the
    domain in the given identity.

softfail:  A weak statement by the publishing ADMD that the host is probably
    not authorized.  It has not published a stronger, more definitive policy
    that results in a "fail".

temperror:  The SPF verifier encountered a transient (generally DNS) error
    while performing the check.  A later retry may succeed without further
    DNS operator action.

permerror: The domain's published records could not be correctly interpreted.
    This signals an error condition that definitely requires DNS operator
    intervention to be resolved.


"iprev" Results
===============

pass:  The DNS evaluation succeeded, i.e., the "reverse" and
    "forward" lookup results were returned and were in agreement.

fail:  The DNS evaluation failed.  In particular, the "reverse" and
    "forward" lookups each produced results, but they were not in
    agreement, or the "forward" query completed but produced no
    result, e.g., a DNS RCODE of 3, commonly known as NXDOMAIN, or an
    RCODE of 0 (NOERROR) in a reply containing no answers, was
    returned.

temperror:  The DNS evaluation could not be completed due to some
    error that is likely transient in nature, such as a temporary DNS
    error, e.g., a DNS RCODE of 2, commonly known as SERVFAIL, or
    other error condition resulted.  A later attempt may produce a
    final result.

permerror:  The DNS evaluation could not be completed because no PTR
    data are published for the connecting IP address, e.g., a DNS
    RCODE of 3, commonly known as NXDOMAIN, or an RCODE of 0 (NOERROR)
    in a reply containing no answers, was returned.  This prevented
    completion of the evaluation.  A later attempt is unlikely to
    produce a final result.




==========================================================
Original Email
==========================================================

Return-Path: <[email protected]>
Received: from mail.brakstar.com (37.59.54.42) by verifier.port25.com id hs73cc2bkd0p for <[email protected]>; Sat, 14 Oct 2017 04:11:50 -0400 (envelope-from <[email protected]>)
Authentication-Results: verifier.port25.com; spf=pass  [email protected];
 dkim=fail reason="signature doesn't verify"  
dkim-signature: v=1; a=rsa-sha256; d=brakstar.com; s=key1;
	c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
	bh=3yTXwfpH+zYcMYAG1wPKcnpKqQQPvW1IN+ezhZ+q+CM=;
	b=LN1LDTDdMB+KVHwxJTBV/SKxFCHmsxgmU5uDonF1eX+4gnXlCJHn0HxsFDnYlG0wwJJl+JqYTmJ3
07xzpY96TH5ErGOJRs7X/x9DX7XKhnmw3Yqv6QFxHoYK1nyV4QymfVT8qnF8iE992lOhcTmSyVcQ8
2pbDmoryGlYuLYiVk8=
Received: from [192.168.50.90] (Unknown [81.56.135.55])
	by mail.brakstar.com with ESMTPA
	; Sat, 14 Oct 2017 10:11:55 +0200
From: Jeremy GAUTIER <[email protected]>
Subject: vggg
To: [email protected]
Message-ID: <[email protected]>
Date: Sat, 14 Oct 2017 10:11:50 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: fr
Content-Transfer-Encoding: 7bit
gggg

Hors ligne

  • Accueil
  •  » Serveurs
  •  » Code: HM5310, Source: DKIM::SignHash_, Description: Unable to parse th

Réponse rapide

Veuillez composer votre message et l'envoyer

Pied de page des forums