1 Topic by oicrambc (edited by oicrambc 2012-05-26 04:47:58)

  • oicrambc
  • Member
  • Offline
  • Registered: 2012-03-13
  • Posts: 18

Topic: DKIM doesn't work at all...

==== ==== Provide required information ====
- iRedMail version and backend (LDAP/MySQL/PGSQL): 0.7.4
- Linux/BSD distribution name and version: UBUNTU 10.04 Server 64 bits
- Any related log? Log is helpful for troubleshooting.
====

Hello,

I really tried, but my head is exploding!

Several email addresses do not receive my messages, especially hotmail.

So I'm trying to install the feature DKIM. Since SPF is working....

I followed the instructions of these links:

code.google.com/p/iredmail/wiki/DNS_DKIM
iredmail.org/forum/topic415-iredmail-support-dkim-signing-for-additional-domains.html

But the results are always the same:

amavisd-new testkeys

TESTING#1: dkim._domainkey.domain.com => invalid (public key: not available)

dig TXT dkim.domainkey.domain.com

; <<>> DiG 9.7.0-P1 <<>> TXT dkim._domainkey.domain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43510
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;dkim._domainkey.domain.com. IN TXT

;; Query time: 1 msec
;; SERVER: 189.113.76.33#53(189.113.76.33)
;; WHEN: Thu May 24 15:49:12 2012
;; MSG SIZE  rcvd: 55

I really don't know what to do, but I need to resolve this, and i will be very grateful for some help.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by oicrambc (edited by oicrambc 2012-05-25 03:19:52)

  • oicrambc
  • Member
  • Offline
  • Registered: 2012-03-13
  • Posts: 18

Re: DKIM doesn't work at all...

Follow the lines tested in BIND9

xxx.xxx.xx.xx = my Ip address
domain.com = mydomain

$TTL    14400   
@ IN      SOA     ns1.domain.com. root.domain.com. (
                         2012230501     ; Serial
                         604800         ; Refresh
                           7200         ; Retry
                         1209600        ; Expire
                             600 )      ; Negative Cache TTL
;
ns1.domain.com.    IN  A    xxx.xxx.xx.xx
ns1       IN   A    xxx.xxx.xx.xx
webmail       IN   A    xxx.xxx.xx.xx
domain.com.    IN TXT    "v=spf1 +a +mx ~all"
dkim._domainkey.domain.com.    3600 TXT (
  "v=DKIM1; p="
  "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzwfAzAe5XA0PFCGDuF3z2F1Sc"
  "B0DWFb7cCiwyQnSayT1/F2axBofhIVDUtr36HSvLul1GtvUP9Af5oMGzkxxzeN5o"
  "C7o7jBdaMnn7r1d0rYgvjVm9+8WZOVCckDShb/1j2RSb28HFireDIWKouX4rv+Us"
  "UDDISPKrGnp6M3PROwIDAQAB")
_adsp._domainkey.domain.com. IN    TXT    "dkim=all"
@          IN   MX   5   ns1.domain.com.
@          IN   NS       ns1.domain.com.
@          IN   A    xxx.xxx.xx.xx

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: DKIM doesn't work at all...

oicrambc wrote:

TESTING#1: dkim._domainkey.domain.com => invalid (public key: not available)

Amavisd cannot find this DNS record. Did you verify it with below command:

$ dig -t txt dkim._domainkey.domain.com

The content you pasted in first post misses "_".

4 Reply by oicrambc

  • oicrambc
  • Member
  • Offline
  • Registered: 2012-03-13
  • Posts: 18

Re: DKIM doesn't work at all...

ZhangHuangbin wrote:
oicrambc wrote:

TESTING#1: dkim._domainkey.domain.com => invalid (public key: not available)

Amavisd cannot find this DNS record. Did you verify it with below command:

$ dig -t txt dkim._domainkey.domain.com

The content you pasted in first post misses "_".

It was a mistake when writing here, I put the right command:
dig TXT dkim._domainkey.domain.com

I mean, the error persists.

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: DKIM doesn't work at all...

Did you try to verify DKIM record on other machines? e.g. on a Windows desktop.

Also, did you try to add record in Bind with this format (all strings in one line):

dkim._domainkey.domain.com.    3600 TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzwfAzAe5XA0PFCGDuF3z2F1ScB0DWFb7cCiwyQnSayT1/F2axBofhIVDUtr36HSvLul1GtvUP9Af5oMGzkxxzeN5oC7o7jBdaMnn7r1d0rYgvjVm9+8WZOVCckDShb/1j2RSb28HFireDIWKouX4rv+UsUDDISPKrGnp6M3PROwIDAQAB"

6 Reply by oicrambc

  • oicrambc
  • Member
  • Offline
  • Registered: 2012-03-13
  • Posts: 18

Re: DKIM doesn't work at all...

ZhangHuangbin wrote:

Did you try to verify DKIM record on other machines? e.g. on a Windows desktop.

Also, did you try to add record in Bind with this format (all strings in one line):

dkim._domainkey.domain.com.    3600 TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzwfAzAe5XA0PFCGDuF3z2F1ScB0DWFb7cCiwyQnSayT1/F2axBofhIVDUtr36HSvLul1GtvUP9Af5oMGzkxxzeN5oC7o7jBdaMnn7r1d0rYgvjVm9+8WZOVCckDShb/1j2RSb28HFireDIWKouX4rv+UsUDDISPKrGnp6M3PROwIDAQAB"

Hello again, I tried to check on another machine, same error.

I had add the records in one line before. But I tried again and got the same error ...

What a puzzle ..

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: DKIM doesn't work at all...

If it reports the same error on other machine, then the root cause is DNS record, please try to solve it first. For example, add the record in one line, again.

8 Reply by oicrambc

  • oicrambc
  • Member
  • Offline
  • Registered: 2012-03-13
  • Posts: 18

Re: DKIM doesn't work at all...

I retraced every step, re-created the file. pem, I changed my zone file. No success yet ... the error persists ...

Here my new DNS zone file:

$TTL    14400   
@     IN      SOA     ns1.mydomain.mg.gov.br. root.mydomain.mg.gov.br. (
                     2012230504        ; Serial
                         604800        ; Refresh
                           7200        ; Retry
                        1209600        ; Expire
                            600 )      ; Negative Cache TTL
;
ns1.mydomain.mg.gov.br.    IN  A    189.11x.xx.xx
ns1       IN   A    189.11x.xx.xx
www        IN   A    189.11x.xx.xx
webmail       IN   A    189.11x.xx.xx
dkim._domainkey.mydomain.mg.gov.br.    3600 TXT "v=DKIM1; p="MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLWzPlzuKgqPBVRjhxrrPR/NT2u3Cgaz8T0XQz5siI4ZRPXBOauSyJ4Kw01X+MNWfXbguh7hXwVW4D67+AaDmOb0L1MkCYAz6ybwD+DqgAn+iiQM22dOa2/5MdGb0ZsuslKmZ/iB9T8qaDucN9cIpn+0nANC36VssijKKtKFN/mwIDAQAB"
mydomain.mg.gov.br.    IN TXT    "v=spf1 +a +mx ~all"
@          IN   MX   5   ns1.mydomain.mg.gov.br.
@          IN   NS       ns1.mydomain.mg.gov.br.
@          IN   A    189.11x.xx.xx

9 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: DKIM doesn't work at all...

oicrambc wrote:

No success yet ..

No idea at all, sorry.

Could you please show us output of commands:

# amavisd-new testkeys
# dig -t txt your_domain.com

10 Reply by oicrambc (edited by oicrambc 2012-05-30 00:31:26)

  • oicrambc
  • Member
  • Offline
  • Registered: 2012-03-13
  • Posts: 18

Re: DKIM doesn't work at all...

ZhangHuangbin wrote:
oicrambc wrote:

No success yet ..

No idea at all, sorry.

Could you please show us output of commands:

# amavisd-new testkeys
# dig -t txt your_domain.com

curious, now the SPF is not appearing ...

# amavisd-new testkeys

 TESTING#1: dkim._domainkey.mydomain.mg.gov.br => invalid (public key: not available)

dig -t txt mydomain.mg.gov.br

 
; <<>> DiG 9.7.0-P1 <<>> -t TXT mydomain.mg.gov.br
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42823
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mydomain.mg.gov.br.        IN    TXT

;; Query time: 1537 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue May 29 13:20:45 2012
;; MSG SIZE  rcvd: 39

11 Reply by oicrambc

  • oicrambc
  • Member
  • Offline
  • Registered: 2012-03-13
  • Posts: 18

Re: DKIM doesn't work at all...

For the record, I had to change the position of DKIM, SPF had to go first.

Was causing problems to access my domain.

12 Reply by oicrambc

  • oicrambc
  • Member
  • Offline
  • Registered: 2012-03-13
  • Posts: 18

Re: DKIM doesn't work at all...

someone else can help me?

13 Reply by rain6966

  • rain6966
  • Member
  • Offline
  • Registered: 2012-04-13
  • Posts: 64

Re: DKIM doesn't work at all...

Hi  oicrambc:
maybe no need this "

oicrambc wrote:

dkim._domainkey.mydomain.mg.gov.br.    3600 TXT "v=DKIM1; p="MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLWzPlzuKgqPBVRjhxrrPR/NT2u3Cgaz8T0XQz5siI4ZRPXBOauSyJ4Kw01X+MNWfXbguh7hXwVW4D67+AaDmOb0L1MkCYAz6ybwD+DqgAn+iiQM22dOa2/5MdGb0ZsuslKmZ/iB9T8qaDucN9cIpn+0nANC36VssijKKtKFN/mwIDAQAB"

14 Reply by oicrambc

  • oicrambc
  • Member
  • Offline
  • Registered: 2012-03-13
  • Posts: 18

Re: DKIM doesn't work at all...

rain6966 wrote:

Hi  oicrambc:
maybe no need this "

oicrambc wrote:

dkim._domainkey.mydomain.mg.gov.br.    3600 TXT "v=DKIM1; p="MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLWzPlzuKgqPBVRjhxrrPR/NT2u3Cgaz8T0XQz5siI4ZRPXBOauSyJ4Kw01X+MNWfXbguh7hXwVW4D67+AaDmOb0L1MkCYAz6ybwD+DqgAn+iiQM22dOa2/5MdGb0ZsuslKmZ/iB9T8qaDucN9cIpn+0nANC36VssijKKtKFN/mwIDAQAB"

right, that was really left quotation marks. But the error remains.

15 Reply by oicrambc (edited by oicrambc 2012-06-07 01:35:13)

  • oicrambc
  • Member
  • Offline
  • Registered: 2012-03-13
  • Posts: 18

Re: DKIM doesn't work at all...

Almost solved! 

TESTING # 1: dkim._domainkey.mydomain.mg.gov.br => pass

On site: http://www.appmaildev.com/en/dkim/, I still have no answers from dkim, do you guys know another channel for testing?

For the record, the error was apparently in the file: /etc/dkim-filter.conf

16 Reply by sateesh.huvinahalli

  • sateesh.huvinahalli
  • Member
  • Offline
  • Registered: 2012-07-11
  • Posts: 17

Re: DKIM doesn't work at all...

I am also facing same problem dkim public key is not available
this is what i added in DNS zone file
dkim._example.com.      3600 TXT  "v=DKIM1\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD2x1tgfarduYD7Nfs9IrDL0IzBWNIC6liXdqoF55mU1muFx2QTccfN+MKG/fNhNfpHxNXRESOoFD8ZDzcpnDekB47U208dBoqnB7C6MW6s1kw2HxnUkjo3p5HH4YfBmKsDpAo3CJIuY+tWz6LHivt32O3qfJ3eIQhwN95S+KuCwIDAQAB\; s=email\; t=s:y"

if i dig
i am getting this output

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-10.P2.el5_8.1 <<>> dkim._domainkey.indigitalplan.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36471
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;dkim._domainkey.example.com. IN  A

;; ANSWER SECTION:
dkim._domainkey.example.com. 300 IN A     216.36.xx.xx

;; AUTHORITY SECTION:
dkim._domainkey.example.com. 300 IN NS    ns.you-telecom.com.

;; ADDITIONAL SECTION:
ns.you-telecom.com.     300     IN      A       216.36.xx.xx

;; Query time: 2 msec
;; SERVER: 203.187.255.90#53(203.187.xx.xx)
;; WHEN: Fri Jul 13 16:07:11 2012
;; MSG SIZE  rcvd: 133

please assist me on this

17 Reply by sateesh.huvinahalli

  • sateesh.huvinahalli
  • Member
  • Offline
  • Registered: 2012-07-11
  • Posts: 17

Re: DKIM doesn't work at all...

TESTING#1: dkim._mydomain.com => invalid (public key: missing p= tag) for all domain same problem..how to resolve the issue

18 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: DKIM doesn't work at all...

Dear sates.huvinahalli,

First of all, please create a new forum topic for your question, do not hijack other's thread.
Then, reference for you: http://code.google.com/p/iredmail/wiki/DNS_DKIM