DKIM: Test mode

Dear All,

I have deployed DKIM to my production email system. I noted with my email header as below:

Authentication-Results: mx.google.com; spf=pass (google.com: 98.136.44.50 is  permitted by domain of noreply@foo.net)
smtp.mail=noreply@foo.net; dkim=pass (test mode) header.From=noreply@foo.net
Received: from dialup-1-2-3-4.example.net (dialup-1-2-3-4.example.net [192.0.2.200]) by mail-router.example.com (8.11.6/8.11.6) with ESMTP id g1G0r1kA003489;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta;
t=1241199942; bh=QEhHJ/j5vfrx5vc41XbkI/JJltY=;
h=DomainKey-Signature:X-Sender:X-Apparently-To:Received-SPF:
Authentication-Results:Mime-Version:Content-Type:From:Date:
Message-ID:Subject:To:X-System-Of-Record:Sender:Precedence:
X-Google-Loop:Mailing-List:List-Id:List-Post:List-Help:
List-Unsubscribe:X-BeenThere-Env:X-BeenThere:X-Original-Authentication-Results; b=Z5vM83n7lJLDjq0IF5
HymgX20/5J7B0GSEhdZUBSBrnJfl+iQ15aUK6AlekI58Tv6Jyv+kblZhI02z1SyWql2
A==
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: 98.136.44.50 is permitted by domain of sender@example.net) dkim=pass header.i=sender@example.net
Fri, Feb 15 2002 17:19:07 -0800
From: sender@example.net
Date: Fri, Feb 15 2002 16:54:30 -0800
To: receiver@example.com
Message-Id: <12345.abc@example.net>
List-Id: <list@foo.net>
Subject: here's a sample

So what is the test mode implies? Is there a place where test mode means "not a production mode'?

BR,
Khemarin
KhemarinAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PapertripCommented:
You need to remove the t=y flag from your DKIM record in DNS if you want receiving servers to take action upon DKIM check results.

RFC 4871 says:

t=  Flags, represented as a colon-separated list of names (plain-
       text; OPTIONAL, default is no flags set).  The defined flags are
       as follows:

       y   This domain is testing DKIM.  Verifiers MUST NOT treat
           messages from signers in testing mode differently from
           unsigned email, even should the signature fail to verify.
           Verifiers MAY wish to track testing mode results to assist
           the signer.
0
KhemarinAuthor Commented:
You mean, I need remove t=1241199942 flags, right? or where?

How about the dkim=pass (test mode) meaning? dose all DKIM are the same?

BR,

Khemarin
0
PapertripCommented:
You mean, I need remove t=1241199942 flags, right? or where?
Nope, that is the time stamp added to the signature.  Think of DKIM as 2 separate pieces -- the signing side (added to headers, uses private key) and the DNS record (used to verify DKIM hash, uses public key).  Both of these pieces have different options, but some are "named" the same thing (like t=). I'm referring to the DNS record piece.

How about the dkim=pass (test mode) meaning? dose all DKIM are the same?
I'm not sure what you mean, can you please rephrase your question.

I didn't pay much attention at first to the content of the headers you pasted, but rather I only really paid attention to your question.  That being said, it's difficult to determine exactly what is happening in those headers because of how you changed the domains to fake domains.

I see both example.net and foo.net -- that combined with the fact that you are apparently using Google at some point and that your sending IP resolves to Yahoo makes this confusing for me to figure out exactly what is happening.

Many EE users paste the full unedited headers, there isn't really much to worry about, your mail server related info is already publicly available.  If you want us to be able to help you please paste the unedited headers so we can do the required research.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

KhemarinAuthor Commented:
Thank you so much for your support.

Here is my email header, I'm testing with Gmail:

Delivered-To: khemarin2007@gmail.com
Received: by 10.231.132.193 with SMTP id c1csp359ibt;
        Thu, 15 Mar 2012 19:46:50 -0700 (PDT)
Received: by 10.68.238.39 with SMTP id vh7mr9948299pbc.30.1331866010305;
        Thu, 15 Mar 2012 19:46:50 -0700 (PDT)
Return-Path: <Khemarin.Set@helloabc.com>
Received: from helloabc.com (mail.helloabc.com. [1.1.1.1])
        by mx.google.com with ESMTPS id e9si4893968pbi.141.2012.03.15.19.46.49
        (version=TLSv1/SSLv3 cipher=OTHER);
        Thu, 15 Mar 2012 19:46:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of Khemarin.Set@helloabc.com designates 1.1.1.1 as permitted sender) client-ip=1.1.1.1;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of Khemarin.Set@helloabc.com designates 1.1.1.1 as permitted sender) smtp.mail=Khemarin.Set@helloabc.com; dkim=pass (test mode) header.i=@helloabc.com
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=helloabc.com; s=helloabc_com2; c=relaxed/relaxed;
      h=from:to:subject:thread-topic:thread-index:date:accept-language:content-language:x-ms-has-attach:x-ms-tnef-correlator:content-type:mime-version;
      bh=CfHYAxmo9IWa1Kh9K5evXAha1BDHW/x6zXbHlamX5xA=;
      b=gnStLeUZecBoJ0895uuMOyWMaaEonXQLCCPT1EwzNd9ZPPvat7JsSX+9bEs5D4xPNQxVjqFIIzQ65okRugrypJ0STYKXPWP8B1fuDC+mxKFUpSPgg6yKqOEzySmRB2Io/zKUZVEoK65ZT9qHRsw1ZxBQtllxzErFiDapBNgHKFo=
Message-Id: <201203160246.q2G2kh4L011118-q2G2kh4N011118@mailserver.mail.local>
From: Khemarin Set <Khemarin.Set@helloabc.com>
To: khemarin Set <khemarin2007@gmail.com>
Subject: DKIM
Thread-Topic: DKIM
Thread-Index: Ac0DHv6AlJFQ23T0Tma2zNI247ypBw==
Date: Fri, 16 Mar 2012 02:46:28 +0000
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative;
      boundary="_000_737895503A12894389520C00774923EF3A7C23AE1012231FCDD3411_"
MIME-Version: 1.0

--_000_737895503A12894389520C00774923EF3A7C23AE1012231FCDD3411_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

DKIM

------------------------

- Could you tell me, why my email header dkim=pass (test mode) ? What is the meaning test mode?
- Dose my DKIM valid?

I'm looking to hearing from you.

BR,
Khemarin
0
PapertripCommented:
Ah those headers look much better.


- Could you tell me, why my email header dkim=pass (test mode) ? What is the meaning test mode?
Already did, check http:#37726289 for the answer to that as well as the solution to your problem.

- Dose my DKIM valid?
Everything looks correct, except you are still in test mode.
0
KhemarinAuthor Commented:
Dear Papertrip,

Everything looks correct, except you are still in test mode.

Do you know, How to remove "test mode"?

BR,
Khemarin
0
PapertripCommented:
As I mentioned before you need to remove the t=y flag from your DKIM record in DNS.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.