我正在Node.js中编写自己的DKIM实现,但我的DKIM无法通过时遇到问题。
这是我的邮件正文:
dGVzdA == \ r \ n
这里是正文哈希(sha256):
STFhz2ITzV8iSPWgLK0kfUa69jvk327MHRw2ZpGDvWE =
这是我的dkim标头哈希输入:
来自:[email protected] \ r \ ndkim签名:v = 1; a = rsa-sha256; c =放松; s = wo8vy2th; d = test.test.org; h =来自; bh = STFhz2ITzV8iSPWgLK0kfUa69jvk327MHRw2ZpGDvv =; b =
然后我使用此代码签名:
crypto.createSign('rsa-sha256').update(headerHash).sign({key: processItem.sharedData.dkim_private_key, passphrase: dkimDomainKeyPassphrase}, 'base64');
尚未到达,我得到dkim =失败。我的DNS _domainkey确实可以正确解析。
对于此示例,请注意,我仅使用From:标头来尝试查找问题。实际上,我将使用所有推荐的标题。
编辑:这是失败的原始电子邮件来源:
Delivered-To: [email protected]
Return-Path: <[email protected]>
Authentication-Results: mx.ethereal.email; spf=permerror smtp.mailfrom=test2.cybermancy.org; dkim=fail [email protected]
Received-SPF: PermError (mx.ethereal.email: domain of test2.cybermancy.org does not designate 67.205.181.191 as permitted sender) receiver=mx.ethereal.email; identity=mailfrom; client-ip=67.205.181.191; helo=mta.postagent.io; envelope-from=<[email protected]>
Received-SPF: None (mx.ethereal.email: domain of mta.postagent.io does not designate 67.205.181.191 as permitted sender) receiver=mx.ethereal.email; identity=helo; client-ip=67.205.181.191; helo=mta.postagent.io; envelope-from=<[email protected]>
Received: from mta.postagent.io ([67.205.181.191])
by mx.ethereal.email (Haraka/2.8.23) with ESMTP id 3B44E55E-3604-4C4C-8779-0DADDF805402.1
envelope-from <[email protected]>;
Fri, 17 Jan 2020 14:10:39 +0100
Message-ID: <6649a782-a33d-44c6-86d8-3f5921275db8+1579266637945@mta.postagent.io>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; s=wo8vy2th;
h=mime-version:from:to:date:subject;
d=test2.cybermancy.org;
bh=STFhz2ITzV8iSPWgLK0kfUa69jvk327MHRw2ZpGDvWE=;
b=iIPCncCnPoaFD4qWs0aiAtx8lI3cXK38tkTO23upZI9TweRr72LOTNaXyzOw+In+Rgv8U8e/t8DJKfXjqAV8aS+lbeXOJsxSouN7QfoIxsMh46dLrky/t2hv8rpgFF6xJ+pCD8WeJv8vx/0aSQ3q2qB/BcGjE+Q3nkuEIPLFFNg=
To: [email protected]
From: [email protected]
Subject: test subject
Date: Fri, 17 Jan 2020 13:10:37 +0000
X-report-abuse: Please forward a copy of this message, including all headers, to [email protected]
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: base64
dGVzdA==
并且您确实在DNS记录中发布了签名密钥的公共密钥:wo8vy2th._domainkey.test.test.org?
这要求您有权访问test.org DNS区域。
DKIM签名需要域密钥-这是验证签名的唯一方法。
您读过RFC 6376吗?一件事是必须对CR + LF进行编码。查看3.4.3,看看一个空的主体是否获得正确的sha-256 :(对于c =松弛)
47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
尝试使用传入的DKIM验证邮件作为数据输入来重新创建散列,以验证您的计算。在已知的好邮件上测试您的哈希/松弛/简单测试应该很简单。说从gmail发送给自己