We Keep Coding

mail-sor-xxx.google.com fails DKIM / SPF check

I got a DMARC report for my domain as xyz.xml where it showed me domains & their corresponding checks (either SPF / DKIM) that failed.My problem is I have one entry as follows:
<source_ip></source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>fail</spf>
209.85.220.41 points to mail-sor-xxx.google.com .
My SPF & DKIM :
"v=spf1 include:_spf.google.com ~all"
"v=DKIM1; k=rsa; p=xfdf+sadasfsa+sacsc+""
Why doe DKIM pass & SPF fail ? What am I doing wrong ?
Thanks in advance

I also had the same problem, and saw this thread, says "Safe to ignore it"
https://support.google.com/mail/thread/19303899?hl=en

SPF, DKIM and DMARC all set but dmarc-reports keep saying the opposite

I'm losing my mind (again) on something about e-mails.
I have a Kimsufi/OVH (Debian Wheezy 7.10) server. I have postfix and dovecot all set.
My main domain/hostname is mywebsite.fr, and i'm using mywebsite.fr set on mywebsite.fr.
I set spf, dkim and dmarc entries in dns zones for both of domains. From contact[at]mywebsite[dot]fr and no-reply[at]mywebsite[dot]fr, all the tests I ran are good :
1) auth-resultats#verifier.port25.com
The Port25 Solutions, Inc. team
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
SpamAssassin check: ham
==========================================================
Details:
==========================================================
HELO hostname: mywebsite.fr
Source IP: 91.121.166.194
mail-from: contact#mywebsite.fr
----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result: pass
ID(s) verified: smtp.mailfrom=contact#mywebsite.fr
DNS record(s):
mywebsite.fr. SPF (no records)
mywebsite.fr. 6055 IN TXT "v=spf1 a mx include:mx.ovh.com ~all"
mywebsite.fr. 6054 IN A 91.121.166.194
----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified: header.From=contact#mywebsite.fr
DNS record(s):
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: pass (matches From: contact#mywebsite.fr)
ID(s) verified: header.d=mywebsite.fr
2) dmarcian.com
https://dmarcian.com/dmarc-inspector/mywebsite.fr
All seems good
3) dkimvalidator.com
DKIM Information:
DKIM Signature
Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mywebsite.fr;
s=mail; t=1491673268;
bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
h=Date:From:To:Subject:From;
b=CScyX9ZvWCDL6FGLroXZi/8dFiWmgPbKwcTuSZqPuCHBOR4tv4QdGzxgZ3acWf6AP
AwAt3Y2h+9IHeayu8mT2rl2Bz3E3XbMC6waEHoc645sAOq1nV9l8hAuw73hm6YsvXU
QEAgcDIaD8b5fAXoX99rGkSfD6Rx5ygeuJOs0MzZcxnOzaJM+6mvOzusep4PRv0XvG
eEJYYwL2sNd0qEJSLJ666fhvE781qtwnWaUewlceSgek5bnJ1DVEOsLkcl3uwTabau
PsLZm9SPuqsc+aDRTTNNRKuI2noO1/w3M6XWfZxpYPIeoxwNnflWxP0s9O6+UbhsCJ
PJbZeYVATVFKYKjFJlbwAqPMMmJAiqSWzsXvT06/P/Qw70nT5Q9qK1FI8Uu9NRFhWe
g+35wx03zNG5OMgKzKsv9qH06qccBsbfhHXKm63YkxLDhO+2AtdicdWqrMlZQap7V0
CC4VyTCNLZdOASWdLJdh8JDsY2TXNU/Pcpxw0uSf0BigY/0q3qj5O7GRzzSLG1rKz0
+HpvDql/PpsscXt16URaOtO7/rZ6H3EsS1ZkutO5udiwJvoZulraMbI8sQQghR3Yyw
OZqDardodYdVo1tHzTPQ4MJTEKI+2IO4ulCj7/kJ109xpTYo8+8x3I7Z5Bhmnyui7j
TIxRT8MCD1sRUOoP7mD/7Pb0=
Signature Information:
v= Version: 1
a= Algorithm: rsa-sha256
c= Method: relaxed/relaxed
d= Domain: mywebsite.fr
s= Selector: mail
q= Protocol:
bh= g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=
h= Signed Headers: Date:From:To:Subject:From
b= Data: CScyX9ZvWCDL6FGLroXZi/8dFiWmgPbKwcTuSZqPuCHBOR4tv4QdGzxgZ3acWf6AP
AwAt3Y2h+9IHeayu8mT2rl2Bz3E3XbMC6waEHoc645sAOq1nV9l8hAuw73hm6YsvXU
QEAgcDIaD8b5fAXoX99rGkSfD6Rx5ygeuJOs0MzZcxnOzaJM+6mvOzusep4PRv0XvG
eEJYYwL2sNd0qEJSLJ666fhvE781qtwnWaUewlceSgek5bnJ1DVEOsLkcl3uwTabau
PsLZm9SPuqsc+aDRTTNNRKuI2noO1/w3M6XWfZxpYPIeoxwNnflWxP0s9O6+UbhsCJ
PJbZeYVATVFKYKjFJlbwAqPMMmJAiqSWzsXvT06/P/Qw70nT5Q9qK1FI8Uu9NRFhWe
g+35wx03zNG5OMgKzKsv9qH06qccBsbfhHXKm63YkxLDhO+2AtdicdWqrMlZQap7V0
CC4VyTCNLZdOASWdLJdh8JDsY2TXNU/Pcpxw0uSf0BigY/0q3qj5O7GRzzSLG1rKz0
+HpvDql/PpsscXt16URaOtO7/rZ6H3EsS1ZkutO5udiwJvoZulraMbI8sQQghR3Yyw
OZqDardodYdVo1tHzTPQ4MJTEKI+2IO4ulCj7/kJ109xpTYo8+8x3I7Z5Bhmnyui7j
TIxRT8MCD1sRUOoP7mD/7Pb0=
Public Key DNS Lookup
Building DNS Query for mail._domainkey.mywebsite.fr
Retrieved this publickey from DNS: v=DKIM1; k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAomnPCDLufwn5YnIxZ+4veAqdQiTNyk3OsqxTXddGXstKjYefjeJZ/Wgd4vFRheS9DSRjtqLvc66KyM3Ubk37G3S2tXU6dpIPh/poiQuDhdZMWlp829YyR47sYtSSJqFrzd+dKDGfPwrlJb6iIeYksfXOXSHej6s9z1mDobl+fDhORKaB5JySZyPhh/FqCIVMHJffr8tod0Q55MAfRpl38WIJjRjjTXHS2OTNUSQq53kIqSZkx3iFdlxxZh5Tj1DU1bzIGfB4tQaJAGqGhSz4pyzkdc+uVuvXr6NbIrEQ/YnueDHWrbbPoMq77QcToMGqfypgB2CcEU2rlcDYq9aPqYAalv22zY6S0M5FUjlpiHDIR3Hb/ID2ZC2Q/XtCKgaOxr2C4T7Ad0CdcjjQMLnFkOY337U7/P0FgaSQaykiUvSkXDvURgunBv0GLqXfjfwK2Ge8fl+dhYN5bZ/59/GFPcyB/sLHB/cMFWEUyp63RXHBRm+q+c6PMdGIgmoTHYH/0FbYI+/9NHhYOLWhBrgds3x54vStQk0jqYKAipd2494v2dr3p5XlhXU4NEOSEH4FnBfiqoHiYDgjPEIm0ddqH2kBEiuymIoGtWPuBCmY993/1wevOMVjrQlysw2Gf1DZnlbnaytgcSAR0fHgIlLPPoRqGXodvgtW6Zj8ocy71qsCAwEAAQ==
Validating Signature
result = pass
Details:
SPF Information:
Using this information that I obtained from the headers
Helo Address = mywebsite.fr
From Address = contact#mywebsite.fr
From IP = 91.121.166.194
SPF Record Lookup
Looking up TXT SPF record for mywebsite.fr
Found the following namesevers for mywebsite.fr: ns.kimsufi.com nsXXXXXX.ip-91-XXX-166.eu
Retrieved this SPF Record: zone updated 20170408 (TTL = 46739)
using authoritative server (ns.kimsufi.com) directly for SPF Check
Result: pass (Mechanism 'a' matched)
Result code: pass
Local Explanation: mywebsite.fr: 91.121.166.194 is authorized to use 'contact#mywebsite.fr' in 'mfrom' identity (mechanism 'a' matched)
spf_header = Received-SPF: pass (mywebsite.fr: 91.121.166.194 is authorized to use 'contact#mywebsite.fr' in 'mfrom' identity (mechanism 'a' matched)) receiver=ip-172-31-3-128.us-west-1.compute.internal; identity=mailfrom; envelope-from="contact#mywebsite.fr"; helo=mywebsite.fr; client-ip=91.121.166.194
Etc, etc, etc.
All seems good and all the mail-testers i'm sending an e-mails are saying "10/10, you're good to go buddy".
The problem is, I receive dmarc-reports and they are not good.
For example, last in date from yahoo :
<?xml version="1.0"?>
<feedback>
<report_metadata>
<org_name>Yahoo! Inc.</org_name>
<email>postmaster#dmarc.yahoo.com</email>
<report_id>1491615950.716847</report_id>
<date_range>
<begin>1491523200</begin>
<end>1491609599 </end>
</date_range>
</report_metadata>
<policy_published>
<domain>mywebsite.fr</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>none</p>
<pct>100</pct>
</policy_published>
<record>
<row>
<source_ip>91.121.166.194</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>mywebsite.fr</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>mywebsite.fr</domain>
<result>permerror</result>
</dkim>
<spf>
<domain>mywebsite.fr</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>
And last in date from google.com :
<?xml version="1.0" encoding="UTF-8" ?>
<feedback>
<report_metadata>
<org_name>google.com</org_name>
<email>noreply-dmarc-support#google.com</email>
<extra_contact_info>https://support.google.com/a/answer/2466580</extra_contact_info>
<report_id>14868783784049997701</report_id>
<date_range>
<begin>1491523200</begin>
<end>1491609599</end>
</date_range>
</report_metadata>
<policy_published>
<domain>mywebsite.fr</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>none</p>
<sp>none</sp>
<pct>100</pct>
</policy_published>
<record>
<row>
<source_ip>2001:41d0:1:e7c2::1</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>mywebsite.fr</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>mywebsite.fr</domain>
<result>fail</result>
<selector>mail</selector>
</dkim>
<spf>
<domain>mywebsite.fr</domain>
<result>softfail</result>
</spf>
</auth_results>
</record>
<record>
<row>
<source_ip>2001:41d0:1:e7c2::1</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>mywebsite.fr</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>mywebsite.fr</domain>
<result>pass</result>
<selector>mail</selector>
</dkim>
<spf>
<domain>mywebsite.fr</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>
I'm lost, I don't know what to do more than is already set. Don't hesitate ask me more informations, if it can help. Thx...

Anyway, looking over your results from those other testers, it looks like you're using a 4096 DKIM, which produces key sizes over 512 bytes. Drop your DKIM size back down to 2048 and I think your issues will go away with the DKIM Failures. I seen numerous instances where large key sizes cause DKIM Failures.
Also the results from google show an ipv6 address as the source IP, I have a feeling Google might be bugged, that is might not be doing the SPF Lookup correctly concerning a and aaaa records, you should add ip6:2001:41d0:1:e7c2::1 to your SPF and see if that resolves the SPF Failures at Google.
In theory, When an ESP receives and ipv6 IP they should look up the aaaa record for SPF if a is specified as a mechanism and a if IPv4 is specified"

The SPF problem you're seeing is an alignment problem. SPF only counts for DMARC when the Return-Path domain and the Header From domain are on the same organizational domain. In somewhat oversimplified terms, they need to be the same or have a common parent domain that isn't a TLD.
From the reports, you can see that your Return-Path domain (used for SPF) is vaeserveur.fr while the header from domain is calendridel.fr. In this case, it doesn't matter that SPF yields a pass - that pass value won't be used for DMARC. See the discussion here - https://www.rfc-editor.org/rfc/rfc7489#section-3.1
As for DKIM, the other answer is on point. Verifiers don't generally support 4096 bit keys, and they don't actually have to according to the RFC - https://www.rfc-editor.org/rfc/rfc6376#section-3.3.3

Mule ESB + RabbitMQ reliability and up-time: how to re-create a deleted exchange automatically at runtime

I've got a Large mule application that receives on multiple queues and publishes to at least one exchange. I'm manually QA'ing the application by deleting the queues and exchanges to see if mule will retry to connect (and also shut down rabbit altogether)
This question is for when an exchange is deleted. The messages go into a locked anonymous queue named something like: amq.gen-gFs6-7sP2nw1ntgobO6cBg
I'm looking for a way to reconnect the exchange and still pass through the messages. Is this even possible?
I've set options like
exchangeDurable="true"
queueDurable="true"
Is there any other things (or rabbit configs) that I need to do or would be beneficial to me?
Next Test: Shutdown RabbitMQ in the middle of processing.
Code:
<mule xmlns:jdbc-ee="http://www.mulesoft.org/schema/mule/ee/jdbc"
xmlns:vm="http://www.mulesoft.org/schema/mule/vm"
xmlns:http="http://www.mulesoft.org/schema/mule/http"
xmlns="http://www.mulesoft.org/schema/mule/core"
xmlns:amqp="http://www.mulesoft.org/schema/mule/amqp"
xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
xmlns:spring="http://www.springframework.org/schema/beans" version="EE-3.4.2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mulexml="http://www.mulesoft.org/schema/mule/xml"
xmlns:file="http://www.mulesoft.org/schema/mule/file"
xsi:schemaLocation="http://www.mulesoft.org/schema/mule/ee/jdbc http://www.mulesoft.org/schema/mule/ee/jdbc/current/mule-jdbc-ee.xsd
http://www.mulesoft.org/schema/mule/xml http://www.mulesoft.org/schema/mule/xml/current/mule-xml.xsd
http://www.mulesoft.org/schema/mule/vm http://www.mulesoft.org/schema/mule/vm/current/mule-vm.xsd
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/amqp http://www.mulesoft.org/schema/mule/amqp/current/mule-amqp.xsd
http://www.mulesoft.org/schema/mule/file http://www.mulesoft.org/schema/mule/file/current/mule-file.xsd"
xmlns:context="http://www.springframework.org/schema/context">
<amqp:connector name="amqpAutoAckLocalhostConnector"
host="${config.status_reporting.host}"
port="${config.status_reporting.port}"
virtualHost="${config.status_reporting.virtual_host}"
username="${config.status_reporting.username}"
password="${config.status_reporting.password}"
requestedHeartbeat="${config.status_reporting.requestedHeartbeat}"
doc:name="AMQP Connector for Status Messages"/>
<flow name="send_status" doc:name="send_status">
<vm:inbound-endpoint path="send_status" exchange-pattern="one-way" responseTimeout="10000" doc:name="VM" />
<logger message="starting send status" level="DEBUG" doc:name="Logger"/>
<!-- some code here has been removed for stackoverflow question -->
<flow-ref name="cwm_send" doc:name="flow ref"/>
</flow>
<flow name="cwm_send" doc:name="cwm_send">
<amqp:outbound-endpoint exchangeName="${config.status_reporting.exchange_name}"
exchangeType="topic"
exchangeDurable="${config.status_reporting.exchange_is_durable}"
routingKey="${config.status_reporting.routing_key}"
connector-ref="amqpAutoAckLocalhostConnector" doc:name="AMQP Out" queueDurable="true" responseTimeout="10000"/>
</flow>
<flow name="send_ingest_status" doc:name="send_ingest_status">
<vm:inbound-endpoint exchange-pattern="request-response" responseTimeout="10000" doc:name="VM" path="send_ingest_status"/>
<vm:outbound-endpoint path="send_status" exchange-pattern="one-way" doc:name="Send Status">
<set-payload value="#[[
'status_code': 'foo',
'status_descr': 'test description.',
'status_final': '0',
'version': '1.0']]"/>
</vm:outbound-endpoint>
</flow>
</mule>
Thank you.

This problem also seems to occur when an exchange is declared only in an outbound endpoint. There is an open bug concerning this in the Mulesoft JIRA, and you can vote for it to help them prioritize it.
I took a look at the source code, and the problem seems to be that there is simply no code to declare exchanges when an outbound endpoint is started. In your case, you'd probably want the code to run at the time the message is sent, or maybe at the time the exchange is deleted. This timing wouldn't be covered by the aforementioned bug, but you might open a new issue describing the use case and the desired functionality. And a pull request would probably be even better! ;)

Email alert when build fails in CruiseControl.Net

I have setup a Continuous Integration environment using CruiseControl.Net. I want to know how an email can be sent to a person at the time of a build failure.
Thanks in Advance.

You can use an <email> block within your <publishers> block.
Our system looks like this:
<publishers>
<xmllogger />
<email from="cruise#ourcompany.com" mailhost="mail.ourcompany.com" includeDetails="TRUE" mailport="25" useSSL="FALSE">
<users>
<user name="Mr Happy" group="buildmaster" address="mrhappy#ourcompany.com" />
<user name="Mr Strong" group="buildmaster" address="mrstrong#ourcompany.com" />
</users>
<groups>
<group name="buildmaster" notification="change" />
</groups>
<converters>
<regexConverter find="$" replace="#ourcompany.com" />
</converters>
<modifierNotificationTypes>
<NotificationType>Failed</NotificationType>
<NotificationType>Fixed</NotificationType>
</modifierNotificationTypes>
</email>
</publishers>
NB, we use an <svn> source control block to get latest source and trigger a build. The <regexConverter> section takes the svn user and adds "#ourcompany.com" to the end to form an email address.
You will need the details for an SMTP server to send the email. I believe it is possible to use gmail for this, but our company has its own SMTP server.
With this system, the "build masters" (Mr Happy and Mr Strong) will get an email whenever the build status changes, and anyone who has committed code into SVN will get an email when the build their code causes fails or is fixed.
The <xmllogger/> section is necessary as by default (if you have no <publishers> section), there is an XML logger publisher. This logs the information for the web interface.

send xmpp <message> to component on other domain

step 1:on the same domain(.myserver.kicks-ass.net), i able to send to the mycomponent,succesfully.
step 2:when i login to other domain ,example gmail.com and try send to another user on test#.myserver.kicks-ass.net, success as well.
step 3:just like step2, but i send the to mycomponent.myserver.kicks-ass.net , i get below error
<message xmlns='jabber:client'
to='mycomponent.myserver.kicks-ass.net'
from='user#gmail.com/123'
type='chat'>
<body>
just t4st
</body>
<x xmlns='jabber:x:event'>
<offline/>
<composing/>
</x>
</message>
<message xmlns='jabber:client'
to='user#gmail.com/123'
from='mycomponent.myserver.kicks-ass.net'
type='error'>
<body>
just t4st
</body>
<x xmlns='jabber:x:event'>
<offline/>
<composing/>
</x>
<error code='404'
type='cancel'>
<remote-server-not-found xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
</error>
</message>

Do you have an SRV record for:
_xmpp-server._tcp.mycomponent.myserver.kicks-ass.net
You can test for this with the following shell command:
% dig +short -t SRV _xmpp-server._tcp.mycomponent.myserver.kicks-ass.net.
Can you telnet to that host/port from outside your network? For example:
% dig +short -t SRV _xmpp-server._tcp.jabber.org.
30 30 5269 hermes.jabber.org.
% telnet hermes.jabber.org 5269
Trying 208.68.163.220...
Connected to hermes.jabber.org.
Escape character is '^]'.
<<
<stream:error><bad-format xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>
Connection closed by foreign host