1 (edited by poljakov 2015-06-15 13:51:53)

Topic: Cannot check DKIM in DNS

==== Required information ====
- iRedMail version: 0.9.0
- Store mail accounts in: MariaDB
- Web server: Apache
- Linux/BSD distribution name and version: Ubuntu 14.04.2 LTS
====

This is the error log.

The incoming queue is groving and groving, cause DKIM check cannot read the DNS record on a sender server.

Jun 14 23:40:21 iredmail01 opendkim[2996]: 910CF93350B: key retrieval failed (s=default, d=fan-site.hu): 'default._domainkey.fan-site.hu' query timed out
409212 /tmp/opendkim.timeout

Any idea?

DKIM config below.

Syslog                  yes
UMask                   002

OversignHeaders         From

Domain                  mydomain.end
KeyFile                 /root/dkim/mbxselector.private
Selector                mbxselector
Socket                  inet:8891@localhost
UserID                  opendkim

For a quick and dirty solution, we set up to accept mails in case of DNS error, but we think, this is not the right way.

Syslog                  yes
UMask                   002

OversignHeaders         From

Domain                  mydomain.end
KeyFile                 /root/dkim/mbxselector.private
Selector                mbxselector
Socket                  inet:8891@localhost
UserID                  opendkim

On-DNSError accept

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Cannot check DKIM in DNS

poljakov wrote:

==== Required information ====
- iRedMail version: 0.9.0
- Store mail accounts in: MariaDB
- Web server: Apache
- Linux/BSD distribution name and version: Ubuntu 14.04.2 LTS
====

The incoming queue is groving and groving, cause DKIM check cannot read the DNS record on a sender server.

Jun 14 23:40:21 iredmail01 opendkim[2996]: 910CF93350B: key retrieval failed (s=default, d=fan-site.hu): 'default._domainkey.fan-site.hu' query timed out
409212 /tmp/opendkim.timeout

Any idea?

Are you allowed to make DNS queries from the server? Test using: dig google.com
Is outgoing tcp and udp blocked on port 53? Show output from: iptables -L and telnet 8.8.8.8 53

3

Re: Cannot check DKIM in DNS

iRedMail doesn't use OpenDKIM, so you'd better ask support in OpenDKIM mailing list.