Topic: Problems with DKIM
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.7.3
- Deployed with iRedMail Easy or the downloadable installer? Downloadable Installer
- Linux/BSD distribution name and version: Ubuntu 24.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx):Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
I'm trying to configure DKIM for a domain, lonewolftech.services with its own key, as opposed to the default key.
Currently, I keep getting a signature fail on DKIM verification.
amavisd showkeys
root@huginn:/etc/amavis/conf.d# amavisd showkeys
; key#1 1024 bits, s=dkim, d=argentwolf.org, /var/lib/dkim/argentwolf.org.pem
dkim._domainkey.argentwolf.org. 3600 TXT (
"v=DKIM1; p="
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1+u7fCOJqxxbVQQ0lJl5xqRwZ"
"qyrUr1oYD+7zKsJ+GHIB/lkpJ8NmV1rmr8eBczvg0Q68zCJiA3YItdHFsKd1ohA7"
"fid3pwXdJIuteEdKGxG8MTYVgHVDO6mzc37FeresuVefEJxaONq4S8pUI8SDP8G9"
"zPtt37lJcGSU8+4H2QIDAQAB")
; key#2 1024 bits, s=dkim, d=lonewolftech.services, /var/lib/dkim/lonewolftech.services.pem
dkim._domainkey.lonewolftech.services. 3600 TXT (
"v=DKIM1; p="
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv0SHvN+LeHoFJb/UvZXvFtyp"
"/sQ66FzIZyqamWJkvO2QM33TbJh+KskSdJVLA9buIn1UY13D0Js0AJbiwBofD2aI"
"dYIkq7uHSOKyxYRu3fruAOp5C4UhXMDVa86k9bUiIqskGmpCj/SRM3WBaod+Iz9W"
"lo7qKgTK14o/HwF1DwIDAQAB")amavisd testkeys output
root@huginn:/etc/amavis/conf.d# amavisd testkeys
TESTING#1 argentwolf.org: dkim._domainkey.argentwolf.org => pass
TESTING#2 lonewolftech.services: dkim._domainkey.lonewolftech.services => pass/etc/amavis/conf.d/50-user
@dkim_signature_options_bysender_maps = ({
# 'd' defaults to a domain of an author/sender address,
# 's' defaults to whatever selector is offered by a matching key
# Per-domain dkim key
#"domain.com" => { d => "domain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
"lonewolftech.services" => { d => "lonewolftech.services", a => 'rsa-sha256', ttl => 10*24*3600 },
# catch-all (one dkim key for all domains)
'.' => {d => 'argentwolf.org',
a => 'rsa-sha256',
c => 'relaxed/simple',
ttl => 30*24*3600 },
});DNS Dig results:
root@huginn:/etc/amavis/conf.d# dig -t txt dkim._domainkey.lonewolftech.services
; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> -t txt dkim._domainkey.lonewolftech.services
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43435
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;dkim._domainkey.lonewolftech.services. IN TXT
;; ANSWER SECTION:
dkim._domainkey.lonewolftech.services. 884 IN TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv0SHvN+LeHoFJb/UvZXvFtyp/sQ66FzIZyqamWJkvO2QM33TbJh+KskSdJVLA9buIn1UY13D0Js0AJbiwBofD2aIdYIkq7uHSOKyxYRu3fruAOp5C4UhXMDVa86k9bUiIqskGmpCj/SRM3WBaod+Iz9Wlo7qKgTK14o/HwF1DwIDAQAB"
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 14 21:06:56 EDT 2025
;; MSG SIZE rcvd: 306
root@huginn:/etc/amavis/conf.d# dig -t txt default._domainkey.lonewolftech.services
; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> -t txt default._domainkey.lonewolftech.services
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28668
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;default._domainkey.lonewolftech.services. IN TXT
;; ANSWER SECTION:
default._domainkey.lonewolftech.services. 3600 IN TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1+u7fCOJqxxbVQQ0lJl5xqRwZqyrUr1oYD+7zKsJ+GHIB/lkpJ8NmV1rmr8eBczvg0Q68zCJiA3YItdHFsKd1ohA7fid3pwXdJIuteEdKGxG8MTYVgHVDO6mzc37FeresuVefEJxaONq4S8pUI8SDP8G9zPtt37lJcGSU8+4H2QIDAQAB"
;; Query time: 16 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 14 21:07:02 EDT 2025
;; MSG SIZE rcvd: 309I used this website test service (https://appmaildev.com/en/dkim)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=
lonewolftech.services; h=mime-version:user-agent:content-type
:date:to:from:subject:message-id; s=dkim; t=1749948923; x=
1750812924; bh=xhDmI/TaiJZUxm+/hY7zmPySuYw4TJE16bfFTV27NcY=; b=P
y+7p0FCgTw2KFxMPnD6IpzGvZefhSSY6ldQJW520muzL5N9ozPn8p7IYvP4n28jw
b7yiDDd8xyvfgpxkbKL5fm5shtgONIdozp1eE/FfevAhi3JqS120PA4WjpZNj1qQ
AKYEetpWhEhtza+PwzUDJT4+9kDabH/SRZQGeOHplk=
Signed-by: alan@lonewolftech.services
Expected-Body-Hash: xhDmI/TaiJZUxm+/hY7zmPySuYw4TJE16bfFTV27NcY=
Current Utc timestamp: 2025-06-15T00:55:26.278; Signature timestamp: 2025-06-15T00:55:23.000
Current Utc timestamp: 2025-06-15T00:55:26.278; Expiration timestamp: 2025-06-25T00:55:24.000
Canonicalized header: mime-version:1.0
user-agent:Evolution 3.56.0-1
content-type:multipart/alternative; boundary="=-du7zXnVRl3ixMD0CQFpA"
date:Sat, 14 Jun 2025 20:55:21 -0400
to:test-50c1f629@appmaildev.com
from:Alan Johnson Lone Wolf Tech Services <alan@lonewolftech.services>
subject:test
message-id:<ed23f96a342887afd3ecfa81a48b9c7bd0c55922.camel@lonewolftech.services>
Public-Key: v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv0SHvN+LeHoFJb/UvZXvFtyp/sQ66FzIZyqamWJkvO2QM33TbJh+KskSdJVLA9buIn1UY13D0Js0AJbiwBofD2aIdYIkq7uHSOKyxYRu3fruAOp5C4UhXMDVa86k9bUiIqskGmpCj/SRM3WBaod+Iz9Wlo7qKgTK14o/HwF1DwIDAQAB;
DKIM-Result: fail (bad signature)I'm not sure what's not configured properly at this point. The default domain key (argentwolf.org) works fine and passes for the other domains that use it.
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.