Your signature header contained:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=izb.knu.ac.kr;
h=message-id:date:from:mime-version:to:subject:content-type:
content-transfer-encoding; s=dj; bh=QiPZXJCZYs3YqbS59DQ6rAk23YbX
xD8YurNQDfizz78=; b=pGMXFSrqz4ad4yCTUGKdb0XtDefczz+bvyIFSTF9T7gT
SBXUjM/In6JXbJMLMAxDBotxWrhHP8XxTihOfcwRuxdZJhQ4TnPzKrE8qY8KKNEK
ojn7LMpnn4dtcwjbT4KWh12IWLCnKppgUulSgqeWwzyGtCnMxS3aPYGBlPJ7IqU=
Note that there's no "i=". The definition of "g=" says:
g= Granularity of the key (plain-text; OPTIONAL, default is "*").
This value MUST match the Local-part of the "i=" tag of the DKIM-
Signature header field (or its default value of the empty string
if "i=" is not specified), with a single, optional "*" character
matching a sequence of zero or more arbitrary characters
("wildcarding"). An email with a signing address that does not
match the value of this tag constitutes a failed verification.
The intent of this tag is to constrain which signing address can
legitimately use this selector, for example, when delegating a
key to a third party that should only be used for special
purposes. Wildcarding allows matching for addresses such as
"user+*" or "*-offer". An empty "g=" value never matches any
addresses.
As I read this, with "i=" not included in your signature, the only "g="
values that will match it are the empty string and a wildcard of "*" (or
equivalent). Setting "g=bh" will never match "i=".
So your choices are:
- remove the "g=" tag
- begin adding an "i=" tag that contains your mail address so that the
test described above passes
-MSK
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops