1

Topic: 550-DKIM Problem

==== Required information ====
- iRedMail version: v1.5.1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: CentOS 6
- Related log if you're reporting an issue: N/A
====

We are getting a 550 error when sending e-mails to a certain domain.

host domain.com said: 550-DKIM:
    encountered the following problem validating mydomain.com: 550
    pubkey_unavailable (in reply to end of DATA command)

I've never heard of Domain Keys before, so I have no idea where to start. Please advise.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: 550-DKIM Problem

These are the message headers from what I sent. (I've removed my actual domain names for security reasons.)

Return-Path: <me@mydomain.com>
Received: from localhost (mail.mydomain.com [127.0.0.1])
    by mail.mydomain.com (Postfix) with ESMTP id EBFD37AD8
    for <user@domain.com>; Fri, 23 Aug 2013 08:34:33 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=
    mydomain.com; h=content-language:x-mailer:content-type
    :content-type:mime-version:message-id:date:date:subject:subject
    :to:from:from; s=dkim; t=1377261273; x=1378125273; bh=NH4iohQTfP
    +CEMGgAgOq6cl4xxZ+gFh6a5FyfdS6PT8=; b=MZxxBa11Ajgf6Tl1hTMxOVxEUP
    IHQStG4j16v4MbvuIVy9JNp1RZDNZ0Pu1dCejRBUN/1UwdN4kLUmUJbNClRo4enu
    8S3DpnWQzjGLReqmO3GpDCtSMzU/FXZ3oq/Dn51bLMeM4hrHOPFsZAFhVjG0DOQy
    1b/GNFfFAK8yP4tE0=
X-Virus-Scanned: amavisd-new at mail.mydomain.com
Received: from mail.mydomain.com ([127.0.0.1])
    by localhost (mail.mydomain.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id 2LzkRzaNkTWn for <tdalloo@allwaystel.com>;
    Fri, 23 Aug 2013 08:34:33 -0400 (EDT)
Received: from MACHINE (unknown [192.168.1.114])
    by mail.mydomain.com (Postfix) with ESMTPA id 24D3D373D
    for <user@domain.com>; Fri, 23 Aug 2013 08:34:33 -0400 (EDT)
From: "Me" <me@mydomain.com>
To: <user@domain.com>
Subject: Test
Date: Fri, 23 Aug 2013 08:34:33 -0400
Message-ID: <001301ce9ffd$1ed10480$5c730d80$@mydomain.com>
MIME-Version: 1.0
Content-Type: multipart/related;
    boundary="----=_NextPart_000_0014_01CE9FDB.97C11230"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Ac6f/RVnwu34iM9qQ6y4pF8j7QCI8w==
Content-Language: en-us

3

Re: 550-DKIM Problem

Here is also an auto Response from a DKIM Verification E-mail Address: (I did not make any changes to this file)

----- Original Message Headers w/ Receiver SMTP Traces ------
Received: from hermes.eastontelecom.com ([173.189.242.201])
          by winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP
          id 3724750557.3203.5060; Fri, 23 Aug 2013 08:50:35 -0400
Received: from localhost (hermes.eastontelecom.com [127.0.0.1])  by hermes.eastontelecom.com (Postfix) with ESMTP id 43A8F7AD8  for <dkim-autorespond@isdg.net>; Fri, 23 Aug 2013 08:41:24 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=  eastontelecom.com; h=content-language:x-mailer:content-type
:content-type:mime-version:message-id:date:date:subject:subject
:to:from:from; s=dkim; t=1377261683; x=1378125683; bh=o4ymjtvT8h  lwlyr7WsDFie3ft27Fy8berjJJcdCEVpU=; b=xHcHrwNfB5aJyFHogyBUkH0Wkh  hJLePvMcwQFQLVLs3jH+LzL/bEEXDa//YhNYC8S+p8kxKoZB+a1MO3bI5FwcMgRy
a4Dnxjp8lMJHVDBnF+148a97tndROpU63AaaIhZqghU4PGJP/yE636MkVDHHdJaO
nudKDJjflJJLpSJeQ=
X-Virus-Scanned: amavisd-new at hermes.eastontelecom.com
Received: from hermes.eastontelecom.com ([127.0.0.1])  by localhost (hermes.eastontelecom.com [127.0.0.1]) (amavisd-new, port 10024)  with ESMTP id C2knjJsOLgYY for <dkim-autorespond@isdg.net>;  Fri, 23 Aug 2013 08:41:23 -0400 (EDT)
Received: from CHRISTMAN (unknown [172.16.0.93])  by hermes.eastontelecom.com (Postfix) with ESMTPA id 6AEADDD2  for <dkim-autorespond@isdg.net>; Fri, 23 Aug 2013 08:41:23 -0400 (EDT)
From: "Colin M. Christman" <cchristman@eastontelecom.com>
To: <dkim-autorespond@isdg.net>
Subject: Test
Date: Fri, 23 Aug 2013 08:41:23 -0400
Message-ID: <001c01ce9ffe$135748c0$3a05da40$@eastontelecom.com>
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_001D_01CE9FDC.8C47CBA0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Ac6f/hMUiJvhe56LQ4CH+ttNGmpg7w==
Content-Language: en-us

-------------- DKIM Verification Flags -------------- Ignore Granularity: No Ignore Body Length: No Subject Required  : No Check ADSP Policy : Yes

------------- DKIM Verification Results ------------- Total Signatures: 1
ADSP Policy     : none
Verify Results  : DKIM_NEUTRAL

* Signature #1 INVALID - DKIM_SELECTOR_DNS_PERM_FAILURE
- Author Domain: eastontelecom.com
- Signer Domain: eastontelecom.com
- Selector: dkim
- Identity: eastontelecom.com
- Hash Method: SHA256
- Signature Type: 1st Party Signature [2]
- Signature Protection: None

Authentication-Results: dkim.winserver.com;
  dkim=fail (DKIM_SELECTOR_DNS_PERM_FAILURE) header.d=eastontelecom.com header.s=dkim header.i=eastontelecom.com;
  adsp=none author.d=eastontelecom.com signer.d=eastontelecom.com;

o Additional Analysis Notes: 

DKIM_SELECTOR_DNS_PERM_FAILURE: selector error: permanent dns failure requesting selector

4

Re: 550-DKIM Problem

Did you add record in DNS server for DKIM? Reference:
http://code.google.com/p/iredmail/wiki/DNS_DKIM

5

Re: 550-DKIM Problem

Zhang, thanks for the reply. I have not done that. I didn't know I needed to. I followed the instructions from the link you posted, however I'm a tad confused on the output. We are using an Server 2008 machine to manage DNS, and I think I put it in correctly.

About how long will it take for the "testkeys" to find a public key? Will I need to register this DNS record with godaddy (who registers the domain)?

6

Re: 550-DKIM Problem

cchristm wrote:

About how long will it take for the "testkeys" to find a public key?

It depends on how long your DNS server caches DNS records, and how long your DNS client (on mail server) caches them.

cchristm wrote:

Will I need to register this DNS record with godaddy (who registers the domain)?

Is your DNS server (server 2008) available on internet to resolve your domain? If so, no need to register in other DNS providers.

7

Re: 550-DKIM Problem

ZhangHuangbin wrote:

Is your DNS server (server 2008) available on internet to resolve your domain? If so, no need to register in other DNS providers.

It doesnt appear so (I may be mistaken.) When I do an nslookup from outside of our network, it gives our WAN IP address (provided by Windstream.) This IP address is of our circuit, and I haven't assigned our DNS server a "real" IP address.

When I set up our DNS server, I had it using the DNS servers provided by Windstream to update our DNS entries from the outside world. In that case, would I have to provide that through GoDaddy?

8

Re: 550-DKIM Problem

I wonder if I'm not adding the DKIM entry in DNS correctly.  I added a TXT type entry for our Forward Lookup Zone. I'm using the name of our domain (same as parent folder), instead of giving it a FQDN. Here is what I get from the 'testkeys'

TESTING#1: dkim._domainkey.mydomain.com => invalid (public key: not available)

Should I give it the FQDN of "dkim._domainkey.mydomain.com"

9

Re: 550-DKIM Problem

cchristm wrote:

Should I give it the FQDN of "dkim._domainkey.mydomain.com"

YES.

I hope you can reply your own forum topic in a short time, not a month later. Otherwise i have to read the whole topic to understand what your issue is.

10

Re: 550-DKIM Problem

It worked!

So sorry for the delays, I'm overworked and stacked with projects that little things like this don't have the time to get addressed.

As always, you're the best!