1

Topic: DKIM bad RSA signature

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.8 MARIADB edition.
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version:  Debian GNU/Linux 12
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx):Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
When I issue "amavisd testkey" I've received the folowin error
TESTING#1 domain.com: dkim._domainkey.domain.com => fail (OpenSSL error: data too large for key size)

I have followed the instructions here: https://docs.iredmail.org/sign.dkim.sig … omain.html to generate new key but with 1024-bit key:

amavisd genrsa /var/lib/dkim/domain.com.pem 1024

"amavisd showkey" provided thew new key, which I used to update the DNS records.

I have restarted the amavisd service and the entire host, but now the result is this now:
TESTING#1 domain.com: dkim._domainkey.domain.com => fail (bad RSA signature)

Any suggestions?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: DKIM bad RSA signature

What's the value in your DKIM DNS record?