1

Topic: DKIM Keys? Domain must not be empty

When I try to get the DKIM keys, I get this:

root@mail:~# amavisd-new showkeys
Error in config file "/etc/amavis/conf.d/50-user": dkim_key: domain must not be empty: (,dkim,/var/lib/dkim/.pem) at /usr/sbin/amavisd-new line 627.

iRedmail Version: 1.6.0 MARIADB edition
OS: Debian 11
I believe mySQL
Nginx
Not using iRedAdmin-Pro yet, just started

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 (edited by butternutsquash 2022-07-28 22:28:01)

Re: DKIM Keys? Domain must not be empty

Hi,

I would say make sure you have the right privileges on your files and directories

-r-------- 1 amavis amavis 1675 Jun 24 15:27 /var/lib/dkim/yourdomain.com.pem

Also make sure /etc/amavis/conf.d/50-user is populated with the right info. See example below (replace yourdomain.com with your real domain name).

#
# DKIM
#
# Enable DKIM verification globally.
$enable_dkim_verification = 1;

# Disable DKIM signing globally, because it's controlled per policy bank.
#$enable_dkim_signing = 1;

# Add dkim_key here.
dkim_key('yourdomain.com', 'dkim', '/var/lib/dkim/yourdomain.com.pem');

@dkim_signature_options_bysender_maps = ({
    # 'd' defaults to a domain of an author/sender address,
    # 's' defaults to whatever selector is offered by a matching key

    # Per-domain dkim key
 
    "yourdomain.com"  => { d => "yourdomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
  
    # catch-all (one dkim key for all domains)
#    '.' => {d => 'yourdomain.com',
#            a => 'rsa-sha256',
#            c => 'relaxed/simple',
#            ttl => 30*24*3600 },

});

3 (edited by EverquestForLife 2022-07-31 08:39:02)

Re: DKIM Keys? Domain must not be empty

butternutsquash wrote:

Hi,

I would say make sure you have the right privileges on your files and directories

-r-------- 1 amavis amavis 1675 Jun 24 15:27 /var/lib/dkim/yourdomain.com.pem

Also make sure /etc/amavis/conf.d/50-user is populated with the right info. See example below (replace yourdomain.com with your real domain name).

#
# DKIM
#
# Enable DKIM verification globally.
$enable_dkim_verification = 1;

# Disable DKIM signing globally, because it's controlled per policy bank.
#$enable_dkim_signing = 1;

# Add dkim_key here.
dkim_key('yourdomain.com', 'dkim', '/var/lib/dkim/yourdomain.com.pem');

@dkim_signature_options_bysender_maps = ({
    # 'd' defaults to a domain of an author/sender address,
    # 's' defaults to whatever selector is offered by a matching key

    # Per-domain dkim key
 
    "yourdomain.com"  => { d => "yourdomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
  
    # catch-all (one dkim key for all domains)
#    '.' => {d => 'yourdomain.com',
#            a => 'rsa-sha256',
#            c => 'relaxed/simple',
#            ttl => 30*24*3600 },

});

Ok so there actually isn't a file in that folder  So I created one and gave it the correct permissions but I'm logged in as root anyway:

root@mail:/var/lib/dkim# touch cheesegoatemails.com.pem
root@mail:/var/lib/dkim# ls -a
.  ..  cheesegoatemails.com.pem  .pem
root@mail:/var/lib/dkim# chmod 754 cheesegoatemails.com.pem
root@mail:/var/lib/dkim# ls -a
.  ..  cheesegoatemails.com.pem  .pem

root@mail:/var/lib/dkim# amavisd-new showkeys
Error in config file "/etc/amavis/conf.d/50-user": dkim_key: domain must not be empty: (,dkim,/var/lib/dkim/cheesegoatemails.com.pem) at /usr/sbin/amavisd-new line 627.


Then the 50-user file, I did go through to the spot you suggested and combed through the file for other places and put my domain name in.  However it still had the same error on reboot sad

4

Re: DKIM Keys? Domain must not be empty

can't help you without contents of your config

5

Re: DKIM Keys? Domain must not be empty

EverquestForLife wrote:

Error in config file "/etc/amavis/conf.d/50-user": dkim_key: domain must not be empty: (,dkim,/var/lib/dkim/cheesegoatemails.com.pem) at /usr/sbin/amavisd-new line 627.

Seems you have a line which starts with "dkim_key(" parameter name, but you didn't specify the actual domain name in this parameter. Please double check.

The correct format is like this:

dkim_key('yourdomain.com', 'dkim', '/var/lib/dkim/yourdomain.com.pem');