Still Can't Made DKIM Works on VestaCP
-
- Posts: 33
- Joined: Sat Jan 20, 2018 3:45 am
- Os: Debian 8x
- Web: apache + nginx
Still Can't Made DKIM Works on VestaCP
I have struggling this week to make dkim to works with my domains. I use external DNS server (Cloudflare) and not install DNS server on VestaCP. I can not figured out what is going wrong on my setting.
My hostname for VestaCP: vesta.server.com
The site domain to setup the dkim : domain.com
Everyday I got email from root as follow:
Subject: exim paniclog on vesta.server.com has non-zero size
Message: exim paniclog /var/log/exim4/paniclog on vesta.server.com has non-zero size, mail system might be broken. The last 10 lines are quoted below.
2018-07-19 03:10:04 1ffzKN-000240-Sa DKIM: signing failed: RSA_LONG_LINE
The rest line are the same
I check the dkim key pair for vesta.server.com:
Also I recheck the dkim dns record :
After removing /n from the dns record, it seems the public key is identical.
I validate the value on https://dkimcore.org/c/keycheck:
Result in green line says: This is a valid DKIM key record
On the DNS server I put 2 selector in txt record just for sure: mail and default
For mail:
After 12 hours I tested the dkim on https://www.mail-tester.com, result:
SCORE: 4.5/10 Your DKIM signature is not valid
I do similar steps for each individual domain and got similar result.
What on earth is going on?
My hostname for VestaCP: vesta.server.com
The site domain to setup the dkim : domain.com
Everyday I got email from root as follow:
Subject: exim paniclog on vesta.server.com has non-zero size
Message: exim paniclog /var/log/exim4/paniclog on vesta.server.com has non-zero size, mail system might be broken. The last 10 lines are quoted below.
2018-07-19 03:10:04 1ffzKN-000240-Sa DKIM: signing failed: RSA_LONG_LINE
The rest line are the same
I check the dkim key pair for vesta.server.com:
Code: Select all
v-list-mail-domain-dkim admin vesta.server.com
-----BEGIN RSA PRIVATE KEY-----
RSA PRIVATE KEY LONG LONG LINE
-----END RSA PRIVATE KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIjN8JH0rfwx21jZwXJSDZ6ke/
FtvXnT1SCt0vb+skLl1agStgL461iZuVl/OER8WP6cSlpqOO+NCHCJOo+Js0tPcr
Bi+XBYEs0WjbeMBxbF/vOmQkwAvghwSVffpeov8ce404J023lQ4/dQM4WEph/3KB
L3YAmmVhMD8Au8xxGQIDAQAB
-----END PUBLIC KEY-----
Code: Select all
v-list-mail-domain-dkim-dns admin vesta.server.com
RECORD TTL TYPE VALUE
------ --- ---- -----
_domainkey 3600 IN TXT "t=y; o=~;"
mail._domainkey 3600 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIjN8JH0rfwx21jZwXJSDZ6ke/\nFtvXnT1SCt0vb+skLl1agStgL461iZuVl/OER8WP6cSlpqOO+NCHCJOo+Js0tPcr\nBi+XBYEs0WjbeMBxbF/vOmQkwAvghwSVffpeov8ce404J023lQ4/dQM4WEph/3KB\nL3YAmmVhMD8Au8xxGQIDAQAB"
I validate the value on https://dkimcore.org/c/keycheck:
Code: Select all
v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIjN8JH0rfwx21jZwXJSDZ6ke/FtvXnT1SCt0vb+skLl1agStgL461iZuVl/OER8WP6cSlpqOO+NCHCJOo+Js0tPcrBi+XBYEs0WjbeMBxbF/vOmQkwAvghwSVffpeov8ce404J023lQ4/dQM4WEph/3KBL3YAmmVhMD8Au8xxGQIDAQAB
On the DNS server I put 2 selector in txt record just for sure: mail and default
For mail:
Code: Select all
mail._domainkey.vesta.server.com. IN TXT "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIjN8JH0rfwx21jZwXJSDZ6ke/FtvXnT1SCt0vb+skLl1agStgL461iZuVl/OER8WP6cSlpqOO+NCHCJOo+Js0tPcrBi+XBYEs0WjbeMBxbF/vOmQkwAvghwSVffpeov8ce404J023lQ4/dQM4WEph/3KBL3YAmmVhMD8Au8xxGQIDAQAB;"
SCORE: 4.5/10 Your DKIM signature is not valid
I do similar steps for each individual domain and got similar result.
What on earth is going on?
-
- Posts: 33
- Joined: Sat Jan 20, 2018 3:45 am
- Os: Debian 8x
- Web: apache + nginx
Re: Still Can't Made DKIM Works on VestaCP
Anyone please?
Permission seems correct for domain.com dkim.pem.
I use the latest key after disable and enable the dkim for the domain.com
I have tried this selector in cloudflare dns txt record:
Still not working
Permission seems correct for domain.com dkim.pem.
I use the latest key after disable and enable the dkim for the domain.com
Code: Select all
# ls -al domain.com
total 24
drwxrwx--x 2 Debian-exim mail 4096 Jul 22 06:42 .
drwxr-x--x 23 root root 4096 Jul 22 06:42 ..
-rw-rw---- 1 Debian-exim mail 35 Jul 11 18:35 aliases
-rw-rw---- 1 Debian-exim mail 0 Jul 11 18:32 antispam
-rw-rw---- 1 Debian-exim mail 0 Jul 11 18:32 antivirus
-rw-rw---- 1 Debian-exim mail 891 Jul 15 07:14 dkim.pem
-rw-rw---- 1 Debian-exim mail 887 Jul 15 07:00 dkim.pem-0
-rw-r----- 1 root root 891 Jul 15 04:09 dkim.pem-backup
-rw-rw---- 1 Debian-exim mail 0 Jul 11 18:32 fwd_only
-rw-rw---- 1 dovecot mail 0 Jul 11 18:32 passwd
Code: Select all
mail mail._domainkey. IN TXT "v=DKIM1;p=publickey;"
mail mail._domainkey.domain.com. IN TXT "v=DKIM1;p=publickey;"
mail._domainkey k=rsa; p=publickey
default default._domainkey. IN TXT "v=DKIM1;p=publickey;"
default default._domainkey.domain.com. IN TXT "v=DKIM1;p=publickey;"
-
- Posts: 33
- Joined: Sat Jan 20, 2018 3:45 am
- Os: Debian 8x
- Web: apache + nginx
Re: Still Can't Made DKIM Works on VestaCP
I solved this myself.
The right entry is:
Selector : mail._domainkey
Value without any qoutes: v=DKIM1;k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCubC0zd/A1i20X60r/TPt4Anj5sehodvaY8ulZPFNWgd2xhlW2mH9rswr35eSr66hUYeBFNBfAKLo+1JCVk+sg1pFwTyjQQCfpRLvt4nvv45o/0KwWLaroXgYVdsNiO14HuBrTh3r9tDL5HKiWOdRRLv+L9O4o7vfL928LDGpMCQIDAQAB
The right entry is:
Selector : mail._domainkey
Value without any qoutes: v=DKIM1;k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCubC0zd/A1i20X60r/TPt4Anj5sehodvaY8ulZPFNWgd2xhlW2mH9rswr35eSr66hUYeBFNBfAKLo+1JCVk+sg1pFwTyjQQCfpRLvt4nvv45o/0KwWLaroXgYVdsNiO14HuBrTh3r9tDL5HKiWOdRRLv+L9O4o7vfL928LDGpMCQIDAQAB
-
- Posts: 14
- Joined: Mon Apr 13, 2020 6:27 pm
- Os: CentOS 6x
- Web: apache + nginx
Re: Still Can't Made DKIM Works on VestaCP
I tried to ADD DKIM Record in DNS but after adding i try to restart named or restart server then NAMED service stopped working...yoko eagle wrote: ↑Tue Jul 24, 2018 2:41 amI solved this myself.
The right entry is:
Selector : mail._domainkey
Value without any qoutes: v=DKIM1;k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCubC0zd/A1i20X60r/TPt4Anj5sehodvaY8ulZPFNWgd2xhlW2mH9rswr35eSr66hUYeBFNBfAKLo+1JCVk+sg1pFwTyjQQCfpRLvt4nvv45o/0KwWLaroXgYVdsNiO14HuBrTh3r9tDL5HKiWOdRRLv+L9O4o7vfL928LDGpMCQIDAQAB