• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2276
  • Last Modified:

DKIM: Test mode

Dear All,

I have deployed DKIM to my production email system. I noted with my email header as below:

Authentication-Results: mx.google.com; spf=pass (google.com: 98.136.44.50 is  permitted by domain of noreply@foo.net)
smtp.mail=noreply@foo.net; dkim=pass (test mode) header.From=noreply@foo.net
Received: from dialup-1-2-3-4.example.net (dialup-1-2-3-4.example.net [192.0.2.200]) by mail-router.example.com (8.11.6/8.11.6) with ESMTP id g1G0r1kA003489;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta;
t=1241199942; bh=QEhHJ/j5vfrx5vc41XbkI/JJltY=;
h=DomainKey-Signature:X-Sender:X-Apparently-To:Received-SPF:
Authentication-Results:Mime-Version:Content-Type:From:Date:
Message-ID:Subject:To:X-System-Of-Record:Sender:Precedence:
X-Google-Loop:Mailing-List:List-Id:List-Post:List-Help:
List-Unsubscribe:X-BeenThere-Env:X-BeenThere:X-Original-Authentication-Results; b=Z5vM83n7lJLDjq0IF5
HymgX20/5J7B0GSEhdZUBSBrnJfl+iQ15aUK6AlekI58Tv6Jyv+kblZhI02z1SyWql2
A==
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: 98.136.44.50 is permitted by domain of sender@example.net) dkim=pass header.i=sender@example.net
Fri, Feb 15 2002 17:19:07 -0800
From: sender@example.net
Date: Fri, Feb 15 2002 16:54:30 -0800
To: receiver@example.com
Message-Id: <12345.abc@example.net>
List-Id: <list@foo.net>
Subject: here's a sample

So what is the test mode implies? Is there a place where test mode means "not a production mode'?

BR,
Khemarin
0
Khemarin
Asked:
Khemarin
  • 4
  • 3
1 Solution
 
PapertripCommented:
You need to remove the t=y flag from your DKIM record in DNS if you want receiving servers to take action upon DKIM check results.

RFC 4871 says:

t=  Flags, represented as a colon-separated list of names (plain-
       text; OPTIONAL, default is no flags set).  The defined flags are
       as follows:

       y   This domain is testing DKIM.  Verifiers MUST NOT treat
           messages from signers in testing mode differently from
           unsigned email, even should the signature fail to verify.
           Verifiers MAY wish to track testing mode results to assist
           the signer.
0
 
KhemarinAuthor Commented:
You mean, I need remove t=1241199942 flags, right? or where?

How about the dkim=pass (test mode) meaning? dose all DKIM are the same?

BR,

Khemarin
0
 
PapertripCommented:
You mean, I need remove t=1241199942 flags, right? or where?
Nope, that is the time stamp added to the signature.  Think of DKIM as 2 separate pieces -- the signing side (added to headers, uses private key) and the DNS record (used to verify DKIM hash, uses public key).  Both of these pieces have different options, but some are "named" the same thing (like t=). I'm referring to the DNS record piece.

How about the dkim=pass (test mode) meaning? dose all DKIM are the same?
I'm not sure what you mean, can you please rephrase your question.

I didn't pay much attention at first to the content of the headers you pasted, but rather I only really paid attention to your question.  That being said, it's difficult to determine exactly what is happening in those headers because of how you changed the domains to fake domains.

I see both example.net and foo.net -- that combined with the fact that you are apparently using Google at some point and that your sending IP resolves to Yahoo makes this confusing for me to figure out exactly what is happening.

Many EE users paste the full unedited headers, there isn't really much to worry about, your mail server related info is already publicly available.  If you want us to be able to help you please paste the unedited headers so we can do the required research.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
KhemarinAuthor Commented:
Thank you so much for your support.

Here is my email header, I'm testing with Gmail:

Delivered-To: khemarin2007@gmail.com
Received: by 10.231.132.193 with SMTP id c1csp359ibt;
        Thu, 15 Mar 2012 19:46:50 -0700 (PDT)
Received: by 10.68.238.39 with SMTP id vh7mr9948299pbc.30.1331866010305;
        Thu, 15 Mar 2012 19:46:50 -0700 (PDT)
Return-Path: <Khemarin.Set@helloabc.com>
Received: from helloabc.com (mail.helloabc.com. [1.1.1.1])
        by mx.google.com with ESMTPS id e9si4893968pbi.141.2012.03.15.19.46.49
        (version=TLSv1/SSLv3 cipher=OTHER);
        Thu, 15 Mar 2012 19:46:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of Khemarin.Set@helloabc.com designates 1.1.1.1 as permitted sender) client-ip=1.1.1.1;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of Khemarin.Set@helloabc.com designates 1.1.1.1 as permitted sender) smtp.mail=Khemarin.Set@helloabc.com; dkim=pass (test mode) header.i=@helloabc.com
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=helloabc.com; s=helloabc_com2; c=relaxed/relaxed;
      h=from:to:subject:thread-topic:thread-index:date:accept-language:content-language:x-ms-has-attach:x-ms-tnef-correlator:content-type:mime-version;
      bh=CfHYAxmo9IWa1Kh9K5evXAha1BDHW/x6zXbHlamX5xA=;
      b=gnStLeUZecBoJ0895uuMOyWMaaEonXQLCCPT1EwzNd9ZPPvat7JsSX+9bEs5D4xPNQxVjqFIIzQ65okRugrypJ0STYKXPWP8B1fuDC+mxKFUpSPgg6yKqOEzySmRB2Io/zKUZVEoK65ZT9qHRsw1ZxBQtllxzErFiDapBNgHKFo=
Message-Id: <201203160246.q2G2kh4L011118-q2G2kh4N011118@mailserver.mail.local>
From: Khemarin Set <Khemarin.Set@helloabc.com>
To: khemarin Set <khemarin2007@gmail.com>
Subject: DKIM
Thread-Topic: DKIM
Thread-Index: Ac0DHv6AlJFQ23T0Tma2zNI247ypBw==
Date: Fri, 16 Mar 2012 02:46:28 +0000
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative;
      boundary="_000_737895503A12894389520C00774923EF3A7C23AE1012231FCDD3411_"
MIME-Version: 1.0

--_000_737895503A12894389520C00774923EF3A7C23AE1012231FCDD3411_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

DKIM

------------------------

- Could you tell me, why my email header dkim=pass (test mode) ? What is the meaning test mode?
- Dose my DKIM valid?

I'm looking to hearing from you.

BR,
Khemarin
0
 
PapertripCommented:
Ah those headers look much better.


- Could you tell me, why my email header dkim=pass (test mode) ? What is the meaning test mode?
Already did, check http:#37726289 for the answer to that as well as the solution to your problem.

- Dose my DKIM valid?
Everything looks correct, except you are still in test mode.
0
 
KhemarinAuthor Commented:
Dear Papertrip,

Everything looks correct, except you are still in test mode.

Do you know, How to remove "test mode"?

BR,
Khemarin
0
 
PapertripCommented:
As I mentioned before you need to remove the t=y flag from your DKIM record in DNS.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now