Email DKIM issues for @mydomain.com

pamamolf · Mar 3, 2017

On one of my servers i have an issue with Opendkim not working correctly....

I have done this many times with no issues at it is very easy to do with this Automated script....

Checking the logs i found this:
Code:
no signing table match for 'info@mydomain.com'
Any ideas on what to check?

Thank you

eva2000 · Mar 3, 2017

try running clean command and re-running opendkim.sh ?

edit: moved your posts from https://community.centminmod.com/th...dkim-sh-for-dkim-setup-for-123-09beta01.7017/ to their own thread here

pamamolf · Mar 3, 2017

Problem found but not sure how to fix.....

Checking using:
Code:
cat /etc/opendkim/SigningTable
Code:
*@server.maindomain.com default._domainkey.server.maindomain.com
*@domain2.com default._domainkey.domain2.com
*@domain3.com default._domainkey.domain3.com
There my main domain is missing like this line:
Code:
*@maindomain.com default._domainkey.maindomain.com
But there is a log about my maindomain so i didn't forgot to run Opendkim for it:
Code:
dkim_spf_dns_maindomain.com_150916-012841.txt
But don't know what else i should edit to get this work.....

Which other files need to be edited......Or should i go ahead with a clean option and re run?

I think just running:
Code:
/usr/local/src/centminmod/addons/opendkim.sh maindomain.com
should solve the issue

pamamolf · Mar 3, 2017

I just test this one:
Code:
/usr/local/src/centminmod/addons/opendkim.sh maindomain.com
and i can see listed now at /etc/opendkim/SigningTable

but now i am getting this error at online mail tester :
Code:
Your DKIM signature is not valid

pamamolf · Mar 3, 2017

The DKIM signature of your message is:
Code:
   v=1;
   a=rsa-sha256;
   c=relaxed/simple;
   d=maindomain.com;
   s=default;
   t=1488488270;
   bh=uIa6+XxGOoa1gFu4+4mwiFJBs1Bt81F8Zdqr2uV72JY=;
   h=To:Subject:Date:From:Reply-To:From;
   b=hzpCJ7Z+vR7aeZa8dFfR4WVI6iYrfo5Ta4wu36UJpHdeWSpazkDFMmUfzBmyflarJcfZm7DF+tcHb19wghQ0JQOuK1tmrixBnlP564In1/iFXpXmOP9xaVtx9XxgfGNEaAbpV5Wh9byO3D95Wid8rqMzzEM6xaKcJXieR1m2zO4=
Your public key is:
Code:
"v=DKIM1;
k=rsa;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvJLxDK3jbcm4owWz1asY/B/fjgprvymH/p7GFE0FHl84Ndae85rInYZfRDYmE4EgXCp0ayvasxZWl94JxR8oRetuzYCQdpOu3QlCXOC4bdON7w9xij2JJxli3PBxwkf0XrAdUErRaaGtdrT3QYg3ZsOjJhVj0K6j5z4jFsOWUjQIDAQAB"
Key length: 1024bits

Your DKIM signature is not valid

Algorithm doesn't much ? rsa vs rsa-sha256 ?

Just tested on another online service with result:
Code:
Validating Signature:

result = fail
Details: bad RSA signature
But don't know why as i have the same settings for Postifix and Opendkim on my other servers and never had that issue

eva2000 · Mar 3, 2017

Remember, addons/opendkim.sh is officially only meant for main server hostname i.e. hostname.domain.com of your server and not other domains. So running
Code (Text):
/usr/local/src/centminmod/addons/opendkim.sh maindomain.com
while is supported, the DKIM entry generated on server might not match the DKIM entry sent from emails @maindomain.com if you use a recommended 3rd party @yourdomain.com provider i.e. Zoho Mail, Google Gsuite, Microsoft Live/One domains etc as they have their own DKIM generated DNS TXT entry you would be directed to add.

To troubleshoot addons/opendkim.sh setup post to pastebin.com or gist.github.com the contents of the following files. You can use cat command to output them to display and then highlight and copy and paste the contents.
/etc/opendkim/KeyTable
Code (Text):
cat /etc/opendkim/KeyTable
/etc/opendkim/SigningTable
Code (Text):
cat /etc/opendkim/SigningTable
/etc/opendkim/TrustedHosts
Code (Text):
cat /etc/opendkim/TrustedHosts
/root/centminlogs/dkim_spf_dns_domain.com_${DT} where domain.com is domain name and/or server main hostname.domain.com you are setting up
Code (Text):
cat /root/centminlogs/dkim_spf_dns_domain.com_${DT}
If you run the clean command below, you will reset and wipe all OpenDKIM KeyTable, SigningTable, TrustedHosts entriesin for main hostname for server ONLY leaving any vhostname sites you added as clean command is only for main hostname. And then opendkim.sh will auto re-run addons/opendkim.sh for main hostname to regenerate a new DKIM signature TXT entry and require you to update your main hostname's domain DNS TXT entry for DKIM again.
Code (Text):
/usr/local/src/centminmod/addons/opendkim.sh clean

pamamolf · Mar 3, 2017

Then the issue may be that i use zoho for my @maindomain.com and the server (opencart) send a mail when a user register using the @maindomain.com and rsa doesn't much?

eva2000 · Mar 3, 2017

pamamolf said: ↑

Then the issue may be that i use zoho for my @maindomain.com and the server (opencart) send a mail when a user register using the @maindomain.com and rsa doesn't much?
Click to expand...

yes Zoho has it's own DKIM generation key for TXT DNS record you have to setup Most 3rd party @yourdomain.com email providers have their own recommended instructions for DKIM and SPF so consult their documentation and tech support

pamamolf · Mar 4, 2017

Doesn't seem to have a fix for it

Currently the DKIM is supported only for emails generated in Zoho and directly delivered to external servers.
Click to expand...

So creating a DKIM there will not help....

When i enable the DKIM there i can see from mail logs that Opencart is trying to send all mails that a user tries to use to root@domain.com

When i disable the Dkim at Zoho all emails are routed at the correct mails that every user uses but signature not match

Hope someone that uses Zoho can help with it ....

SFLC · Mar 4, 2017

I personally use the dkims from opendkim and also the zoho mail ones all for different domains and it works perfectly, are you forgetting to add your dkim lines in dns?

Examples:
Code:
_dmarc    v=DMARC1; p=none; pct=100; rua=mailto:sdhflsdhflsjdflskf@dmarc.postmarkapp.com; sp=none; aspf=r;

default._domainkey      v=DKIM1; k=rsa; p=kfljsfhwifhuiwieudwoeuidbwfbwcwiubiwfwieiweuhpwnpwbpeiuhdwiuhwieuhwiofowiufwioufwiufwoifbwoifbiwubfwiubfwiubfiwubfiwubefiwubfiwubfiwf
both as type text, and don't forget about your spf line as well, then send a test to your gmail account and look at the header source to see what google thinks about all this

SFLC · Mar 4, 2017

if you're using zoho on the same server or for subdomains then change the key names to something else like xyz.domainkey etc.. because you can't have multiple dkim keys with the same name, and if your dns manager allows you to do that for some reason the outcome would be unknown as im not sure how itll decide between which one to go for

pamamolf · Mar 4, 2017

I have done the above ....

It seems some keys doesn't much or something related is wrong

When a user registers the server generate a welcome email and send it to the user using info@mydomain.com

I am using ZOHO to handle that domain info@mydomain.com but i think there is no related to zoho settings.....

Let me troubleshoot and post here some info that may help....

pamamolf · Mar 4, 2017

From check-auth2@verifier.port25.com:

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: neutral (message not signed)

Just found that i miss at:
Code:
/etc/opendkim/keys
and
Code:
/etc/opendkim/keys/mydomain.com
the file:
Code:
default.private
as i can see on another server that is working i have that file there......

I can see only two files (default and default.txt)

I think that i will need to regenerate opendkim keys to fix that......?

If yes how?

pamamolf · Mar 4, 2017

Code:

Mar  4 03:25:57 server postfix/pickup[16973]: 2B574A033E: uid=1001 from=<info@mydomain.com>
Mar  4 03:25:57 server postfix/cleanup[19128]: 2B574A033E: message-id=<20170304032557.2B574A033E@server.mydomain.com>
Mar  4 03:25:57 server opendkim[16994]: 2B574A033E: DKIM-Signature field added (s=default, d=mydomain.com)
Mar  4 03:25:57 server postfix/qmgr[16974]: 2B574A033E: from=<info@mydomain.com>, size=1675, nrcpt=1 (queue active)
Mar  4 03:25:57 server postfix/pickup[16973]: 3C7E4A017E: uid=1001 from=<info@mydomain.com>
Mar  4 03:25:57 server postfix/cleanup[19128]: 3C7E4A017E: message-id=<20170304032557.3C7E4A017E@server.mydomain.com>
Mar  4 03:25:57 server opendkim[16994]: 3C7E4A017E: DKIM-Signature field added (s=default, d=mydomain.com)
Mar  4 03:25:57 server postfix/qmgr[16974]: 3C7E4A017E: from=<info@mydomain.com>, size=1043, nrcpt=1 (queue active)
Mar  4 03:25:57 server postfix/local[19136]: 3C7E4A017E: to=<root@mydomain.com>, orig_to=<info@mydomain.com>, relay=local, delay=0.14, delays=0.09/0.04/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
Mar  4 03:25:57 server postfix/qmgr[16974]: 3C7E4A017E: removed
Mar  4 03:25:59 server postfix/smtp[19133]: Untrusted TLS connection established to mailtest.com[94.23.206.89]:25: TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)
Mar  4 03:26:00 server postfix/smtp[19133]: 2B574A033E: to=<blabla@mailtest.com>, relay=mail-tester.com[94.23.206.89]:25, delay=3, delays=0.1/0.12/2.6/0.19, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 181469F7A6)
Mar  4 03:26:00 server postfix/qmgr[16974]: 2B574A033E: removed

And as i can check at online validation services using as selector: default i pass with no issues all checks for Dkim....

So my DNS should be ok..... The sha1 and sha-256 doesn't seem to match

eva2000 · Mar 4, 2017

pamamolf said: ↑

I have done the above ....

It seems some keys doesn't much or something related is wrong

When a user registers the server generate a welcome email and send it to the user using info@mydomain.com

I am using ZOHO to handle that domain info@mydomain.com but i think there is no related to zoho settings.....

Let me troubleshoot and post here some info that may help....
Click to expand...

then you shouldn't be using local Postfix for anything, your web application should have support for using external smtp server at Zoho and emails sent from info@mydomain.com should be sent from the defined Zoho smtp server within your web app and mail servers should look up the DKIM and SPF DNS TXT entries that Zoho got you to setup for their servers. None of the emails from info@mydomain.com should be sent from local Postfix in this case and by default Centmin Mod doesn't configure Postfix to send emails from @mydomain.com anyway. Centmin Mod default for locally sent email is from root@mainhostname.mydomain.com which is what addons/opendkim.sh runs setup for @mainhostname.mydomain.com sent emails and what Getting Started Guide Step 1 mainhostname.mydomain.com DNS setup outline and https://community.centminmod.com/th...ver-email-doesnt-end-up-in-spam-inboxes.6999/ is for.

pamamolf · Mar 4, 2017

Ok thanks George

I am trying to avoid the SMTP and try to use a valid Dkim signature on my server ....

I always do it that way and works... Now i don't know why it doesn't work only for this server....

I just check again on another server and is working...

The only difference is the bounce address that on working server is:

nginx@mydomain.com

and the not working one has:

info@mydomain.com

Also the signed email that is working has the sha256 on it so there is no related issues there...

Anyway i will try to figure it out....

Thanks !

@SFLC

Do you use SMTP for your emails?

Can you please send a mail and check that your Dkim is ok at mail-tester.com ?

pamamolf · Mar 4, 2017

Another one that i thing the added header may cause this issue:

On working one:
h=To:Subjectate:From;

On not working one:
h=To:Subjectate:From:Reply-To:From;

I think the issue may be here at Reply-To:From; but don't know how to remove it yet

Both checks here are ok:

Check a DKIM Core Key

It has to do with the headers i think and the bounce mail.....

eva2000 · Mar 4, 2017

FYI, sending emails via smtp server are more reliable especially if you're using 3rd party smtp transactional providers like Amazon SES, Sendgrid, Mailgun etc

pamamolf · Mar 4, 2017

Ok problem solved

Please don't hit me on the head

Checking the Dkim key was look at least the first digits and the digits at the end like the ones that i had on my DNS provider and i didn't replace it ...

Now i replace my old key with the key that i was generated and i am getting 10/10 on tests !

It seems the key was not the same but starting and ending with the same letters/digits!

WOW

I will do a test after a few hours just to be sure about it and all seems to be good

eva2000 · Mar 4, 2017

pamamolf said: ↑

Now i replace my old key with the key that i was generated and i am getting 10/10 on tests !
Click to expand...

where did old and new DKIM keys come from ? addons/opendkim.sh right ?

Log in / Register

Forums

Join the community today

Email DKIM issues for @mydomain.com

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

pamamolf Premium Member Premium Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

SFLC Active Member

SFLC Active Member

pamamolf Premium Member Premium Member

pamamolf Premium Member Premium Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Join the community today

Email DKIM issues for @mydomain.com

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

pamamolf Premium Member Premium Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

SFLC Active Member

SFLC Active Member

pamamolf Premium Member Premium Member

pamamolf Premium Member Premium Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

.