Google Apps 電子郵件 DKIM 不會進行身份驗證

我們正在嘗試在我們的 Google Apps/G Suite for Business 域上設置 DKIM 身份驗證，以減少最終進入人們垃圾郵件文件夾的電子郵件數量。我們已經生成了 DKIM 密鑰並在 Google Cloud DNS 中進行了設置，並確認它是使用 3 種不同的 DKIM 工具設置的：

1. 郵件檢查器
2. MX 工具箱
3. DKIM 核心

他們都說它是有效的，但是當我們嘗試開始身份驗證時，它說“電子郵件身份驗證未驗證……”我們等待了建議的 48 小時（儘管 DNS 記錄在 24 小時前可見且正確），但它仍然不會進行身份驗證。

知道還有什麼問題嗎？

域是safedoorpm.com如果您想自己檢查 DNS。

編輯添加電子郵件標題 2016/10/21

這是從我們的域發送到 gmail 的郵件的標題。請注意，它仍在使用gappssmtpDKIM 的預設域，而不是我們的：

Delivered-To: XXXX@gmail.com
Received: by 10.79.95.130 with SMTP id t124csp1047440ivb;
       Thu, 20 Oct 2016 14:30:12 -0700 (PDT)
X-Received: by 10.37.231.193 with SMTP id e184mr4430151ybh.13.1476999012850;
       Thu, 20 Oct 2016 14:30:12 -0700 (PDT)
Return-Path: <XXXX@safedoorpm.com>
Received: from mail-yw0-f176.google.com (mail-yw0-f176.google.com. [209.85.161.176])
       by mx.google.com with ESMTPS id v62si10092566ybg.141.2016.10.20.14.30.12
       for <XXXX@gmail.com>
       (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
       Thu, 20 Oct 2016 14:30:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of XXXX@safedoorpm.com designates 209.85.161.176 as permitted sender) client-ip=209.85.161.176;
Authentication-Results: mx.google.com;
      dkim=pass header.i=@safedoorpm-com.20150623.gappssmtp.com;
      spf=pass (google.com: domain of XXXX@safedoorpm.com designates 209.85.161.176 as permitted sender) smtp.mailfrom=XXXX@safedoorpm.com
Received: by mail-yw0-f176.google.com with SMTP id u124so527ywg.3
       for <XXXX@gmail.com>; Thu, 20 Oct 2016 14:30:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
       d=safedoorpm-com.20150623.gappssmtp.com; s=20150623;
       h=mime-version:from:date:message-id:subject:to;
       bh=rxgZTPk8FeVq2/dWzyjPIHnShPXlQzmPnvfbrUzW/Ss=;
       b=CJ6/IB1YNKvIsO0sUW8BvWyZZdjTQqBofzgOIbuW3Auo0sWtQB4cgWtzjzltr1SyZO
        b+eKJGSrdvRaaaLj7240nZwrVtrmTTlXcx2Qvm2yIp20ilDZWd4pJAAlvSC8wCxDQhYY
        1zwn9UcXxuwD2c05El/DSrdJy+mwVlNv4w3D2v+hPSO0CKS7rKYsjFLEJcQrlAjjANnJ
        itn3oz6DxasplOSmSX8tIOXSHFNnYaJM5lbUtm9cLOWvffclmeShcTbhu/BWWdg1pFHn
        6dXvj6tX7KvbPr9GzH6LnVd71IHe/R65/2VQdqdT0uvJn5KWkc0ziHRlm3HV8JiWXGZf
        oyRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
       d=1e100.net; s=20130820;
       h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
       bh=rxgZTPk8FeVq2/dWzyjPIHnShPXlQzmPnvfbrUzW/Ss=;
       b=IcWYvLXbpDB2CCV40fWymGcvbICsjuJipBhW5d1d9WFAM4jVDsZd+2K5ENwvVM4L20
        DDbYoqPIoNBwFIaqIB3Sx30xVgFb7d4k7SVSfRZJctrY6QQyO/k6KaxL6++AAxHPbcNw
        jls+G5kzs+62OGQzq6w2Z9VNp6CSEyKqqORsAAjEdwa89v8VLLwyRdUoDxZvpiLAFZ8K
        riyjP7ebj5iyKJsuviX24kQ6QEJZh6RAAhILudAw8+vtNM3Ml+UUHOlAqbPPgseUB4qx
        9hSv+9uQA8w2v7sDiNVVCOoJa20bXZTsLmqlJB6yC4Bt2kzIeSpg5GcALx8EfuaGBiCu
        qo+w==
X-Gm-Message-State: AA6/9RmpTg+BzD0kFfXdFBfUIsAcwb0VxlByb8FBWzHYz/gJotrTZ42AzZtIqsANt5a7rf/hu9In1wdErNHioA==
X-Received: by 10.202.53.68 with SMTP id c65mr8679383oia.57.1476999012386; Thu, 20 Oct 2016 14:30:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.202.207.5 with HTTP; Thu, 20 Oct 2016 14:29:31 -0700 (PDT)
From: Mike Totman <XXXX@safedoorpm.com>
Date: Thu, 20 Oct 2016 15:29:31 -0600
Message-ID: <CAGsv74XyfTOqi7eJ4cCD90Dx8VPvFB1NFLujtCvKgDaCOCT0vQ@mail.gmail.com>
Subject: DKIM test 10
To: Mike Totman <XXXX@gmail.com>
Content-Type: multipart/alternative; boundary=001a113d4f2877afad053f52a17e

---

編輯添加來自 DKIMValidator.com 的輸出 2016/10/21

我還嘗試向 DKIMValidator.com 工具發送電子郵件，這就是結果。請注意，它仍在使用gappssmtpDKIM 的預設域，而不是我們的：

DKIM 資訊：

DKIM Signature


Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
       d=safedoorpm-com.20150623.gappssmtp.com; s=20150623;
       h=mime-version:from:date:message-id:subject:to;
       bh=5wQSTkgMlB+S2PAmekAxIh7O+zBt2H5aC2Ft8cNRJWQ=;
       b=ItJ0UFj97i19qHEFF9ACB5sQY50iZv9ZJ2J9l4JIgSKkSbd/QOi0OGsRWtMe9p5yU4
        vp6z1mgah8DBa+fgCEtTqrOyd+LjaXm0f6FJXyJiV+E7FcdpJ1bSEHyzRlulR0TLqJ/E
        LK0JDXSFNCSUTrWVsrGxIKo7HscI+jY5CR/nTf9cRvTj9Z22lFeukAvVpuhSz88XQeBX
        2TXk2I+p21+L0xAbv0x4OCDgWM5W4WRJUqGi0+gu/IhQBomi/e7wEYZ2f+lvNKRpRggU
        QD2dv15fCibJ3jufVBglpCx9En94UlPuiZqaCi0qqriLnhV/76iBMajI+WyelCG2SimU
        Ht6g==


Signature Information:
v= Version:         1
a= Algorithm:       rsa-sha256
c= Method:          relaxed/relaxed
d= Domain:          safedoorpm-com.20150623.gappssmtp.com
s= Selector:        20150623
q= Protocol:        
bh=                 5wQSTkgMlB+S2PAmekAxIh7O+zBt2H5aC2Ft8cNRJWQ=
h= Signed Headers:  mime-version:from:date:message-id:subject:to
b= Data:            ItJ0UFj97i19qHEFF9ACB5sQY50iZv9ZJ2J9l4JIgSKkSbd/QOi0OGsRWtMe9p5yU4
        vp6z1mgah8DBa+fgCEtTqrOyd+LjaXm0f6FJXyJiV+E7FcdpJ1bSEHyzRlulR0TLqJ/E
        LK0JDXSFNCSUTrWVsrGxIKo7HscI+jY5CR/nTf9cRvTj9Z22lFeukAvVpuhSz88XQeBX
        2TXk2I+p21+L0xAbv0x4OCDgWM5W4WRJUqGi0+gu/IhQBomi/e7wEYZ2f+lvNKRpRggU
        QD2dv15fCibJ3jufVBglpCx9En94UlPuiZqaCi0qqriLnhV/76iBMajI+WyelCG2SimU
        Ht6g==
Public Key DNS Lookup


Building DNS Query for 20150623._domainkey.safedoorpm-com.20150623.gappssmtp.com
Retrieved this publickey from DNS: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2UMfREvlgajdSp3jv1tJ9nLpi/mRYnGyKC3inEQ9a7zqUjLq/yXukgpXs9AEHlvBvioxlgAVCPQQsuc1xp9+KXQGgJ8jTsn5OtKm8u+YBCt6OfvpeCpvt0l9JXMMHBNYV4c0XiPE5RHX2ltI0Av20CfEy+vMecpFtVDg4rMngjLws/ro6qT63S20A4zyVs/V19WW5F2Lulgv+l+EJzz9XummIJHOlU5n5ChcWU3Rw5RVGTtNjTZnFUaNXly3fW0ahKcG5Qc3e0Rhztp57JJQTl3OmHiMR5cHsCnrl1VnBi3kaOoQBYsSuBm+KRhMIw/X9wkLY67VLdkrwlX3xxsp6wIDAQAB
Validating Signature


result = pass
Details: 

---

在最終與 Google 支持人員交談後，我最終嘗試了 1024 位 DKIM 密鑰而不是 2048 位密鑰。那行得通。

我注意到的一件事是 1024 位密鑰的 DNS 記錄都是一個字元串，而我必須在同一記錄中將 2048 位密鑰分解為多個字元串。我的理論是Google管理控制台不能正確辨識，因為我使用的其他工具（問題中的連結）驗證它沒問題。

KIM-簽名：v=1；一個=rsa-sha256；c=放鬆/放鬆；d=safedoorpm-com.20150623.gappssmtp.com；s=20150623；

請注意，在“d=”標籤中有 safedoorpm-com.20150623.gappssmtp.com

我遇到了同樣的問題，現在在 d 標籤中的所有電子郵件中將 DKIM 簽名更改為 1024 後，是 gappssmtp.com 中的域而不是子域。

引用自：https://serverfault.com/questions/810378