1

Topic: Can't pass DKIM signature verification because of extra space

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.4 (updated from 1.6.0)
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version: Ubuntu 22.04.03
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,
I'm trying to pass DKIM verification through mxtoolbox deliverability service but can't.

I have 3 domains on my mail server. 2 of them work perfect. But last domain can't pass the DKIM verification.

I compare the difference between domains and found, that DKIM signature of last domain has an extra space:

v=1; a=rsa-sha256; c=relaxed/simple; d= my-domain-name.com; h=content-transfer-encoding:content-type :subject:from:to:content-language:user-agent:mime-version:date :message-id; s=dkim; t=1694823469; x=1695687470; bh=F7ndoL6kX66T 9FqSrturyhoqoYalK7+UwtaSPf1tGLY=; b=ocFw3TFQsIQ7B1i1nEO5LE+jz65o Y7Q74VwdFZHoUddoOyvgtwQE6NZZFujT0ji/w5OAKC9NK9EG5XAJIDTNPhD/HpTi w6WEbiZcKsrVVXVKZDW88uStwRXa9D2gwFjEbb0A57VuHKLvbUhD35J1e/qp98Nu 22T80uSX6eYNunrKW2N490aySboez1VplXMvL6213Rc6iMBToX6+OccpxL5v2Cvk +pxnY0rLyGWE61wBwgkZkJJ3moTcYXTV1+r9hVOHgCjy7DlxhPvJeLMh2+7uLrt+ 8Irc8FqvO1mmwWDCFnsi4WcajS0ec0nY0CI0sdhaD0rKRwsnIPN2E2OvdQ==

Take a look on "d= my-domain-name.com; " it has the space after "d=". That is all the difference between correct domains and incorrect one.

I tried:

  • Update iredmail to the latest version.

  • Run "apt update".

  • Recreate the domain through iRedAdmin.

  • Use other DKIM verification services. But they note the same issue "DKIM signature is not verified"

The rows from file "/etc/amavis/conf.d/50-user". They have no extra spaces.

dkim_key('my-domain-name.com', 'dkim', '/var/lib/dkim/my-domain-name.com.pem');
...
"my-domain-name.com"  => { d => "my-domain-name.com", a => 'rsa-sha256', ttl => 10*24*3600 },

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Stable release is out.

2

Re: Can't pass DKIM signature verification because of extra space

Looks like the domain name in /etc/amavis/conf.d/50-user has an extra space, i suggest double check:

@dkim_signature_options_bysender_maps = ({
    "domain.com"  => { d => "domain.com", ...},

    # catch-all (one dkim key for all domains)
    '.' => {d => 'PH_FIRST_DOMAIN', ...},
});

3

Re: Can't pass DKIM signature verification because of extra space

does the domain contain special chars?

4

Re: Can't pass DKIM signature verification because of extra space

ZhangHuangbin wrote:

Looks like the domain name in /etc/amavis/conf.d/50-user has an extra space, i suggest double check:

@dkim_signature_options_bysender_maps = ({
    "domain.com"  => { d => "domain.com", ...},

    # catch-all (one dkim key for all domains)
    '.' => {d => 'PH_FIRST_DOMAIN', ...},
});

No, it doesn't have any spaces. The

 d => "domain.com"

section is correct.

5

Re: Can't pass DKIM signature verification because of extra space

Cthulhu wrote:

does the domain contain special chars?

It has only Latin characters and two "-". It has 3 words that breaks by "-". It looks like this "my-domain-name.com".