Join Log in
Score:1
Adam avatar Server

Configuring DKIM using DNS and hosting on VPS

ar flag
Adam

I'm using Mail Enable on my VPS and have copied the generated DKIM (see screenshot 1) to my DNS. (yes, I've restarted the VPS already): enter image description here

Now my DNS settings are configured at hosting company A, and point to the VPS I host at company B: enter image description here

The strange thing now is that when I try and check the DKIM validity, dmarcanalyzer.com says it's incorrect whereas mxtoolbox.com shows it's correct.

The DKIM report I get from Google (and other email service providers) shows fail for the dkim node. See the full report here: enter image description here

I'm sending my emails via localhost (and prefer to keep doing so), but am also wondering if localhost and a DKIM for a specific domain may conflict and cause this issue.

I've been in contact with hosting company A, and they state the DNS settings are correct and everything is configured and working as expected on their end. I have no idea where else I can and need to configure my DKIM settings now.

ps. I also checked here:

UPDATE 1

Via mail-tester.com, I get the DKIM signature of your message is:

v=1;
c=relaxed/relaxed;
h=mime-version:from:date:message-id:subject:to:content-type;
d=example.com;
s=default.domainkey;
a=rsa-sha256;
bh=9GbEYuoERz+rKK0duec8ZYNDPzF429KQdM3YJavh32U=;
b=YQxDCBHCx1n1aLE0uVyOb2QsT2wOnkFqziZcyZtdNsGtMwz2y7ItPpB1MMkL5VZJl8Jgtszh9DomKhBPQ50WwAmIi/ayrR8hq61h0I2zdBNOs9A2bTYSBd/H11iTXGOuc8FFS3GHj+ohh3E+r+V6gvi4NF5shQ041OEdeZNUigUDRRr0eRDUnrK2/jq5ERWNDcg3MCDZI7Kcgj75BDJKfxBioVesKTV3/iLLuoBiDdVRdjqdAQC0Izc7KXweYab0wAiWvsCKvzBAyh0ieYFYHR4Wy3RAsKNUAwJkOJLF2IzvIBJaeIU8KVqJHONJ+IV40l13EsMZQUINZhJG9hvbbw==;

UPDATE 2

As per @anx's suggestions below I generated a new key rsa2021 and added that to my DNS:

"v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAum44LLMyisKD6mOwTaXQqNjYsI6bNBS4uzhA03RaifyRDmmIKUPNv1bGb3QGihdDFzKbL+aax6o3INZSFcf1o5rKr8+3a2gAf+p2daNlycFQFmsWK94h4Vtu6j0VZ5E7bElFI0NQ/MYBOVwUST6H5DOsygGK9uWm8zVSBk8QtknZlLCPJYjHYc8V3dejnYcNIjBDtPKCB20E0q0pzIm63Dn8Z78J9wSvsSGl4FLN/3Tr96RLxwhqu+tFN04OVpdmlKnM7IQ3pGFMSEXqUoucndPUqzaNgT/u8GtowBoz72UgpDzuxkiehvg7PK/FPC6Vj/jTwe9d3oj/ZMN2ujMWYQIDAQAB;"

I then send an email via smtp.example.com and then checking here: http://isnotspam.com

I still see DKIM fails:

* 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
X-Spam-Status: Yes, hits=6.4 required=-20.0 tests=BAYES_99,BAYES_999,
DKIM_SIGNED,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,MISSING_SUBJECT,
SPF_PASS,T_DKIM_INVALID autolearn=no autolearn_force=no version=3.4.0
Envelope-to: [email protected]
Delivery-date: Fri, 13 Aug 2021 09:07:46 +0000
Received: from vpsnr12.myisp.com ([12.12.12.12] helo=mail.domainA.com)
by localhost.localdomain with esmtp (Exim 4.84_2)
(envelope-from <[email protected]>)
144
1 + 5
vps
us flag
glts
It’s not clear how we can help you with this. For DKIM, the private key used by your mail server and the public key published in the DNS must be a valid pair of RSA keys. We cannot check that for you. I quickly ran your public key through OpenSSL: it is rejected as invalid.
1
Reply
Adam avatar
ar flag
Adam
Thanks! Just to confirm: this error indicates my private and public key do not match? And it might be relevant but I'm sending emails through `localhost`, but for that I don't think I can configure a DKIM key, or does it not matter?
0
Reply
us flag
glts
I guess that the whole DKIM management is done by this MailEnable software? I don’t know how that works and suggest looking there for an answer. Nor can I answer if private and public keys don’t match, just that there seems to be a problem with the public key as published.
0
Reply
Adam avatar
ar flag
Adam
Thanks to the both of you. @anx: I now also added the Google report, but I don't see more details that could help me. [at]glts: I already started a conversation with MailEnable, but they're not as responsive as the folks here :)
0
Reply
Adam avatar
ar flag
Adam
@anx thanks! That link to test is really good. I added update 1, could you have another look? ps. (I used images as I don't want Google to index all of my content, but now have used your suggestion in my latest update)
0
Reply
Score:4
anx avatar Server
fr flag
anx

Your DKIM selector is.. odd.

d=example.com; s=default.domainkey;

While this is perfectly valid..

Periods are allowed in selectors and are component separators. [..] In a DNS implementation, this can be used to allow delegation of a portion of the selector namespace.

.. because DKIM keys are stored in a subdomain named "_domainkey" it is unusual to have the selector also contain "domainkey". If you really wanted that as a selector, you would place the key at default.domainkey._domainkey.example.com - I did not notice at first because I confirmed the key at default._domainkey.example.com.

Recommendation: Remove the extra domainkey out of the two such labels. Only use periods in the selector if intend to make use of how that interfaces with the meaning of dots in DNS context, otherwise it is just an unnecessary source of confusion.

Configure a key with a name actually encoding something that helps remember what this key is or at some later point: was (which is my main reason to recommend things like rsa2021 over default). Depending on how your mail server is configured, you may want to delete the misplaced key and generate a new one, this time setting a name from the start - this is to avoid other mismatches in the configuration.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.