Double Dkim Setup

youthful-zorse · November 23, 2023, 1:26am

I am able to use double dkim but getting the error that dkim sign-in is in alphabetical order,
example if my selectors are aaec01 and ac01 and i desc the order ac01 to be first shown aac01 in the first.
So my question is how to set the order

wez · November 23, 2023, 1:33am

Can you expand a bit more about the error you are seeing? That doesn’t sound like something from inside kumomta. Where is it coming from? Please also share the relevant kumomta configuration that is in use.

Mike · November 23, 2023, 1:46am

We’re going to need more information here, what does your configuration look like? What is the full authentication-results header you’re referring to?

youthful-zorse · November 23, 2023, 1:54am

this is my configuration

youthful-zorse · November 23, 2023, 1:55am

now when i am checking my email header the set order should reflect but that’s seems not to be happening

Mike · November 23, 2023, 1:56am

Ok, post headers?

youthful-zorse · November 23, 2023, 1:57am

ok

youthful-zorse · November 23, 2023, 1:57am

ARC-Authentication-Results: i=1; mx.google.com;
dkim=temperror (no key for signature) header.i=@ header.s=5nXKKHgBnyGAcLwvMLZIq header.b=BWs7+J1e;
dkim=temperror (no key for signature) header.i=@acl.pinchappmails.com header.s=aace01 header.b=sg7+W0h0;
dkim=pass header.i=@ header.s=acls01 header.b=fYbdXIqc;

this the email header I have received

wez · November 23, 2023, 1:58am

Note that, per the DKIM RFC, DKIM at signing time, each signature is added at the top of the message. So if you sign multiple times the order of the headers in the message will be to have the most recent signature at the top, then the one before it, and so on.

Mike · November 23, 2023, 2:00am

You also have mag instead of msg multiple times.

youthful-zorse · November 23, 2023, 2:00am

that is correct i have just missed that point to make it correct

youthful-zorse · November 23, 2023, 2:01am

sp in this case what needs to be done

wez · November 23, 2023, 2:03am

The order of the signatures shouldn’t matter, but if you want them to be in a different order, you can change the order of the msg:dkim_sign calls to be the other way around

Mike · November 23, 2023, 2:04am

Why are you sigfning the same domain with three different selectors?

youthful-zorse · November 23, 2023, 2:04am

the domains are different

youthful-zorse · November 23, 2023, 2:05am

I have just called the key which are being placed

Mike · November 23, 2023, 2:06am

Not according to the sample you have provided, you passed the from_header().domain in each.

youthful-zorse · November 23, 2023, 2:07am

ok it should be the domain instead of from.header()

Mike · November 23, 2023, 2:11am

At any rate, based on the paths in your pseudocode, I’m not seeing any of those keys passing the DKIM tester at MX Toolbox, so you may have DNS issues more than signing order issues.

youthful-zorse · November 23, 2023, 2:14am

only 1 key will pass the dkim tester acls01