1

I have installed openDKIM on a CentOS server running Exim as my MTA. I have gone through the configuration and tested the keys and eveything seems fine.

I have created the public and private keys, added the DNS TXT entry and setup the KeyTable, SigningTable and TrustedHosts. I have also setup the opendkim.conf.

But when I send a mail and use some testing tools like DKIMValidator.com to check the results, I get the error

OpenSSL error: data too large for key size

I dont know what I am doing wrong. I have scanned through the Internet looking for help but havent found any.

Would appreciate if anyone can help.

Edit:

I have added the test result from dkimvalidator below. From the test, you can see how exim sends the data and header. I dont kow why exim breaks the key with those line breaks. I didnt edit the generated private key. I have a feeling that might be the reason for the failure. Or maybe something else. Would appreciate if anyone can figure it out:

Test from GMail:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=lifSWpvlWkPq6fMhfFkb4eqAqh4c/ik5j2MtPtLKdUQ=; b=KAR6yadY27q/HPp9WAwU9CBR5DWByyuGIjt4z7VjufvcoeQosSUkAN2mFbuyl56oQZ ey7DXu8dLLEZt8piarfdxZd+NKOb6I+0T4VdFhH7Qne/274f76k0Bmorejpvo/YY4qhP AzULROQszd3usx7cdZZY850I0b9BJ64WHG2AWJGuWXq8XGqhR4O1hmsdMyysooBEGhtK IiMwdQP5tMqk+kMqVREy0KsyExXj3XqN+pi/dfgNaQ3wGv6jC6s4IYcGjSsZ7+Rlf7Lq QzU3HQRtOEzhV5mVqc0wMQDBkdd33oqEp4tM1klN/iuR8YympALvTQplVZo3wSgH316t 9/Dw==

Test From My Server:

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mydomain.com; s=default; h=Message-ID:Subject:To:From:Date: Content-Transfer-Encoding:Content-Type:MIME-Version:Sender:Reply-To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Rd+JR+hUluBNEkJb3S41AuIaal72ZB3FF0ZK1OG0inU=; b=ZZMDQEK35K8JqZVqeoY+3AB9Z fbsOfeuWUD7nXL7nUAS1DGU0GOMO1mVHLyxvujuyPyXEP/YppNW7GowrFc3V/yqum+GcbEG66zJYw MlQa8OFZeKv4250ku3EJ0lXOkpN9mcLGVNia+/GtDWnfVAlFDhzVgwmhbfR1711qro/ECEFe6jq4o Fe6FLzBbelwIFKHL1iQJC3hCHWxYcnWDjXII6ICXfHHejQ61YUtdewxhw6LyPt2RmXa1xVCsY0ZbD DE14Q5FbAimvbaCiWvmK6avSFph/N/+bKSzFLMemm99oOfsTmuHvXJlZv8Jnqmg9rQO8rekpdeDpl BM3j70czg==;

Edwin Okugbo
  • 11
  • 5
  • The key size for your public key is too small to encrypt the data its being used for. What key size did you initially use when generating these keys? I'd say try a larger key length. – brendonofficial Jul 04 '16 at 14:03
  • opendkim user 1024 bits by default. I didnt change it – Edwin Okugbo Jul 04 '16 at 14:19
  • Hmm, and what's the length in bytes of your resulting TXT record? Depending on the DNS system being used, some only allow a length of 256 bytes, or 512 bytes (BIND allows 512). However, the base64'd string of your RSA public key should fit within 512 bytes if the key size is below 2,700 bits... – brendonofficial Jul 04 '16 at 14:29
  • I have edited the question with more information – Edwin Okugbo Jul 06 '16 at 09:58
  • @EdwinOkugbo did you ever determine the issue? – alexw Mar 02 '17 at 18:39

0 Answers0