1 Topic by KNERD

  • KNERD
  • Member
  • Offline
  • Registered: 2019-01-25
  • Posts: 63

Topic: "Your DKIM signature is not valid"

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):  1.4.x
- Deployed with iRedMail Easy or the downloadable installer? Downloadable
- Linux/BSD distribution name and version: Debian 11
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Using a mail tester, it is reporting  the above error.

Following the guide from the documentation:

https://docs.iredmail.org/setup.dns.html#dkim

I am using that as a means to set it up.

When get to the tests:

dig -t txt dkim._domainkey.mydomain.com 

This one shows everything is okay.

The next one, nslookup -type=txt dkim._domainkey.foodmall.com reports domain not found.


Then trying final  test for "amavisd testkeys" the following is returned:

=> fail (OpenSSL error: data too large for key size)

Any clues on correcting this?

Thanks!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by Cthulhu (edited by Cthulhu 2023-03-24 03:30:58)

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 814

Re: "Your DKIM signature is not valid"

i checked both:

dig -t txt dkim._domainkey.foodmall.com
nslookup -type=txt dkim._domainkey.foodmall.com

Both results in NXDOMAIN

Are you sure that the TXT record exists?

https://dnschecker.org/all-dns-records- … dns=google

You have neither a MX, PTR, or SPF record

Is it even your domain?

3 Reply by KNERD

  • KNERD
  • Member
  • Offline
  • Registered: 2019-01-25
  • Posts: 63

Re: "Your DKIM signature is not valid"

Cthulhu wrote:

i checked both:

dig -t txt dkim._domainkey.foodmall.com
nslookup -type=txt dkim._domainkey.foodmall.com

Both results in NXDOMAIN

Are you sure that the TXT record exists?

https://dnschecker.org/all-dns-records- … dns=google

You have neither a MX, PTR, or SPF record

Is it even your domain?

I am quoting from the docs page, as you could of seen. From the testing page I also get the following:


-0.1        DKIM_INVALID        DKIM or DK signature exists, but is not valid
-0.1        DKIM_SIGNED        Message has a DKIM or DK signature, not necessarily valid
This rule is automatically applied if your email contains a DKIM signature but other positive rules will also be added if your DKIM signature is valid. See immediately below.
-0.001        SPF_HELO_NONE        SPF: HELO does not publish an SPF Record
0.001        SPF_PASS        SPF: sender matches SPF record
Great! Your SPF is valid

4 Reply by Cthulhu (edited by Cthulhu 2023-03-24 05:44:01)

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 814

Re: "Your DKIM signature is not valid"

i really cannot help you without correct domain name

5 Reply by KNERD

  • KNERD
  • Member
  • Offline
  • Registered: 2019-01-25
  • Posts: 63

Re: "Your DKIM signature is not valid"

Cthulhu wrote:

i really cannot help you without correct domain name

voce.systems

6 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 814

Re: "Your DKIM signature is not valid"

there is no DKIM key listed under this domain

what is your DNS setting?

dkim._domainkey needs to be a TXT record

7 Reply by KNERD (edited by KNERD 2023-03-24 06:32:41)

  • KNERD
  • Member
  • Offline
  • Registered: 2019-01-25
  • Posts: 63

Re: "Your DKIM signature is not valid"

Cthulhu wrote:

there is no DKIM key listed under this domain

what is your DNS setting?

dkim._domainkey needs to be a TXT record


As I mentioned, I did follow what the documentation indicates, unless I have some sort of typo in there

Under host:   dkim._domainkey.voce.systems

Post's attachments

Screenshot from 2023-03-23 17-29-25.png
Screenshot from 2023-03-23 17-29-25.png 9.71 kb, 2 downloads since 2023-03-23 

You don't have the permssions to download the attachments of this post.

8 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 814

Re: "Your DKIM signature is not valid"

https://dnschecker.org/all-dns-records- … dns=google

you messed it up a little bit, if you add a DNS record, dont append the domain itself

just remove .voce.systems and save

i'll check after you told me the changes were made with a non caching private DNS resolver

9 Reply by KNERD

  • KNERD
  • Member
  • Offline
  • Registered: 2019-01-25
  • Posts: 63

Re: "Your DKIM signature is not valid"

Cthulhu wrote:

https://dnschecker.org/all-dns-records- … dns=google

you messed it up a little bit, if you add a DNS record, dont append the domain itself

just remove .voce.systems and save

i'll check after you told me the changes were made with a non caching private DNS resolver

Okay done

10 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 814

Re: "Your DKIM signature is not valid"

https://dnschecker.org/all-dns-records- … dns=google

I checked and dnschecker also confirms it is correct now and already propagated

can you also confirm with amavisd testkeys?

11 Reply by KNERD

  • KNERD
  • Member
  • Offline
  • Registered: 2019-01-25
  • Posts: 63

Re: "Your DKIM signature is not valid"

Cthulhu wrote:

https://dnschecker.org/all-dns-records- … dns=google

I checked and dnschecker also confirms it is correct now and already propagated

can you also confirm with amavisd testkeys?

That is failing . I have another domain hosted on the mail server also so I guess I need to fix the domain over there also.

12 Reply by KNERD

  • KNERD
  • Member
  • Offline
  • Registered: 2019-01-25
  • Posts: 63

Re: "Your DKIM signature is not valid"

Okay, also done. I had moved servers, and the other domain was actually correct, but an outdated DKIM signature.

It's passed now.

Thanks a lot for your assistance!