I run a virtual machine under AWS EC2, it is a Turnkey Linux, which AFAIK is based on Ubuntu / Debian.
I have a website wich runs on Wordpress and it has a Newsletter subscriber base of about 10.000 people, so i want to use Amazon SES to send e-mails, cheap and good deliverability rate.
Problem is i have to DKIM Sign e-mails by myself... so i am using a Wordpress plugin which is based on phpMailer.
Plugin sends the e-mail correctly, my SPF records are fine, Amazon SES works perfectly, only problem is the DKIM SIGN - e-mails are not being correctly signed.
I am stuck @ a point where the plugin tries to do a openssl_pkey_get_private - it should return something but it returns nothing. It also throws an error on openssl_error_string() object, as shown below:
error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
This error does not stop the script, i had to dig to find it.
Well, the script then goes on, as it tries to openssl_sign with a empty privKey.
The result is a email wich does not validate DKIM. Below is a header DKIM bit from my Gmail inbox:
DKIM-Signature: v=1; a=rsa-sha1; q=dns/txt; l=233; s=ses;
t=1336494976; c=relaxed/simple;
h=From:To:Subject;
d=joaodedeus.com.br;
z=From:=20=3D?UTF-8?Q?Casa_Dom_In=3DC3=3DA1cio_de_Loyola?=3D=20<novidades@joaodedeus.com.br>
|To:=20ddutra@cristalinacomunicacao.com.br
|Subject:=20Test=20message=20from=20your=20WordPress=20blog;
bh=Z+aAYGyi+5Sk1vIJcjjdy28rCuQ=;
b=
Here is what http://www.brandonchecketts.com/emailtest.php says about this e-mail's DKIM Sign:
result = fail
Details: OpenSSL error: data too small for key size
Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha1; q=dns/txt; l=270; s=ses;
t=1336494983; c=relaxed/simple;
h=From:To:Subject;
d=joaodedeus.com.br;
z=From:=20=3D?UTF-8?Q?Casa_Dom_In=3DC3=3DA1cio_de_Loyola?=3D=20
|To:=20fb7oNYUCwX@www.brandonchecketts.com
|Subject:=20Test=20message=20from=20your=20WordPress=20blog;
bh=LVAqBtz26jyffwhHPhhXdLQOLhA=;
b=
Signature Information:
v= Version: 1
a= Algorithm: rsa-sha1
c= Method: relaxed/simple
d= Domain: joaodedeus.com.br
s= Selector: ses
q= Protocol: dns/txt
bh= LVAqBtz26jyffwhHPhhXdLQOLhA=
h= Signed Headers: From:To:Subject
b= Data:
**Public Key DNS Lookup**
Building DNS Query for ses._domainkey.joaodedeus.com.br
Retrieved this publickey from DNS: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYCkhM+6KDL5ndu4uhaP+jBp1BYBVN8Z8/BnXJ7JFc/HXcqW9Emt1vgmlcVqzBcHLFLk6GRRMbm4RIgOV1TCkr41ZTB8UYCjmUB6qqSY88hCdVIBQmTHgxq2DWhzlWiiOlqzeIQuMiMc0lgEaO8Zq3+d5gntPZXoxmTPQH32zA7wIDAQAB
Here is what the phpmailer DKIM_Sign function tries to do:
public function DKIM_Sign($s) {
$privKeyStr = file_get_contents($this->DKIM_private);
if ($this->DKIM_passphrase!='') {
$privKey = openssl_pkey_get_private($privKeyStr,$this->DKIM_passphrase);
} else {
$privKey = $privKeyStr;
}
$privKey = $privKeyStr;
if (openssl_sign($s, $signature, $privKey)) {
return base64_encode($signature);
}
}
Problem is openssl_pkey_get_private returns nothing. Then the openssl_sign function tries to sign with a EMPTY $privKey.
$privKeyStr reads the key correctly (file_get_contents), if i echo it, its the same content as the key.
$this->DKIM_passphrase is also correct, j0@0d3deus5.
Here is how i generated the keys, following the Wordpress Amazon SES DKIM Mailer plugin's instruction:
openssl genrsa -des3 -passout pass:change-me -out .htkeyprivate 1024 && openssl rsa -in .htkeyprivate -passin pass:change-me -pubout -out .htkeypublic
Of course i changed pass:change-me to the correct passphrase, j0@0d3deus5.
I cannot do without DKIM. Seems like hotmail relies heavily on it.
Here is a exemple from my hotmail account -> note that it goes directly to Junk Folder due to DKIM ERROR.
x-store-info:4r51+eLowCe79NzwdU2kRyU+pBy2R9QCQ1WNUtV+VDcgEpN5KOTd9UyMPxTZoGJzS/h26zeEkCEVmH2zMg90yYxKot4DO0sKOsk98MBHLTNpOuzjxN5a42AR5Kz/5hEhx7XveDgnXqY=
Authentication-Results: hotmail.com; sender-id=pass (sender IP is 199.255.192.147) header.from=novidades@joaodedeus.com.br; dkim=permerror header.d=joaodedeus.com.br; x-hmca=pass
X-SID-PRA: novidades@joaodedeus.com.br
X-DKIM-Result: PermError
X-Message-Status: n:0:n
X-SID-Result: Pass
X-AUTH-Result: PASS
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD00
X-Message-Info: 11chDOWqoTkwLXPc6a+BBmU8PZ8Fa4uSQFuX56QoKCDSXsl9i7U4MyfUnfj2m3DtVW2PyTXMqyT/fwR9UtNuG4HNxTPmpoMwQBL+DemPeAzSpRs8zDKsN3uVpfPKiw+g1EW50e42Qd0=
Received: from a192-147.smtp-out.amazonses.com ([199.255.192.147]) by BAY0-MC4-F33.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Tue, 8 May 2012 10:26:29 -0700
X-PHPMAILER-DKIM: phpmailer.anatta.com
DKIM-Signature: v=1; a=rsa-sha1; q=dns/txt; l=233; s=ses;
t=1336497986; c=relaxed/simple;
h=From:To:Subject;
d=joaodedeus.com.br;
z=From:=20=3D?UTF-8?Q?Casa_Dom_In=3DC3=3DA1cio_de_Loyola?=3D=20<novidades@joaodedeus.com.br>
|To:=20dmnq_sl@hotmail.com
|Subject:=20Test=20message=20from=20your=20WordPress=20blog;
bh=X6QtcRzw7+F7llznB77GikLQnko=;
b=
Any help is welcome.
Best regards and sorry for my english.
