DKIM Woes Again

[nightstryke]

Alright So I had to re-install Debian Wheezy 64-bit on my Server and VestaCP as well.

Now no matter what I do whether it's generate dkim keys inside or out of VestaCP no matter what they're not showing up as working when i send an email to [email protected] to check.

DKIM always shows up as permerror.

Help!

[noureddine]

I have the same problem on centos. Already found a fix?

I have already tried viewtopic.php?f=12&t=4862&p=11610&hilit=dkim#p11610

but still nothing...

[nightstryke]

Nope haven't got i working, I should have never installed the new update it ruined the working version I had. :(

[noureddine]

I get the following errors:

DomainKey result: none (no signature)
============================================================


============================================================
DKIM result: permerror (no key)

But I have created the keys and can see them in vestacp dns.

[nightstryke]

Yeah I've got the key, but vestacp isn't signing the outgoing mail.

[nightstryke]

Ok I think I might have figured out what the issue is with DKIM, apparently VestaCP DKIM generation keeps defaulting DKIM record from mixed upper-case and lower-case DKIM key to just lower-case which the TXT record should have v=DKIM1; before the k=rsa;

I have not found a way to fix this, but that's the problem.

[nightstryke]

Sorry to double post, but I finally got DKIM working as I said VestaCP keeps turning the DKIM TXT record into lower case instead of mixed upper and lower case. Also the DKIM TXT record needs to start with v=DKIM1 in order to work. What you have to do in most cases is delete and recreate the DKIM record a couple times to get it working properly. Doing so will require you to have the generated DKIM record and key, so you may want to use http://www.port25.com/support/domainkeysdkim-wizard/ to generate your DKIM keys in order to get it working. This is a pain in the proverbial rear.

[2kreative]

Hrmm this is a shame, is there a bug tracker somewhere - what are the chances that this will get sorted in the coming weeks?

[SCelik]

http://bugs.vestacp.com/

[jarland]

I found that I can't just take the DKIM public key output from Vesta and paste it straight to my DNS record, so I altered mine to work. Here's what I did in my Vesta install to pull the DNS record ready to go, ready to copy and paste to my DNS editor:

/usr/local/vesta/bin/v-list-mail-domain-dkim-dns

Comment out these lines:

Code: Select all

    echo -e "\t\"_domainkey\": {"
    echo "        \"TTL\": \"3600\","
    echo "        \"TXT\": \"'t=y; o=~;'\""
    echo -e "\t},"

By replacing them as:

Code: Select all

    #echo -e "\t\"_domainkey\": {"
    #echo "        \"TTL\": \"3600\","
    #echo "        \"TXT\": \"'t=y; o=~;'\""
    #echo -e "\t},"

Then I commented out this line:

Code: Select all

    echo "_domainkey      3600    IN    TXT    \"t=y; o=~;\""

Replacing it as:

Code: Select all

    #echo "_domainkey      3600    IN    TXT    \"t=y; o=~;\""

Next, I changed this line:

Code: Select all

    pub=$(cat $USER_DATA/mail/$domain.pub | sed ':a;N;$!ba;s/\n/\\n/g')

To this:

Code: Select all

    pub=$(cat $USER_DATA/mail/$domain.pub | sed '/^-/d' | awk '{printf "%s", $1}')

Now I run this from CLI...

Code: Select all

v-list-mail-domain-dkim-dns [username] [domain]

And I get a return like this:

Code: Select all

mail._domainkey 3600    IN    TXT    "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0xV1NRp5dEcBG0f8WQBTtRHSIjwJx7Qzvh7uwD6XYGkHhQUYfzhj+0s/heNCgUaWKgaRheN8+wDrNm6VpGo/3ZUylWpEReE3GmS1ir/rbBjfNLxTBYUl9qVTo9F2iJ1n1qU2DeJaAAWGzwaqfBdVZVr1D9h6jdJVGLx3wAf+mjQIDAQAB"

Probably more than you need, but to share, I then made this bash script on our central server so that other guys who handle support could pull a DNS record for a client by typing "dkim domainname" in:

Code: Select all

#!/bin/bash
# Usage: dkim domainname
user=$(ssh [email protected] -p 2200 "/usr/local/vesta/bin/v-search-domain-owner $1")
ssh [email protected] -p 2200 "/usr/local/vesta/bin/v-list-mail-domain-dkim-dns $user $1"