We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Still Can't Made DKIM Works on VestaCP
-
- Posts: 33
- Joined: Sat Jan 20, 2018 3:45 am
- Os: Debian 8x
- Web: apache + nginx
Still Can't Made DKIM Works on VestaCP
I have struggling this week to make dkim to works with my domains. I use external DNS server (Cloudflare) and not install DNS server on VestaCP. I can not figured out what is going wrong on my setting.
My hostname for VestaCP: vesta.server.com
The site domain to setup the dkim : domain.com
Everyday I got email from root as follow:
Subject: exim paniclog on vesta.server.com has non-zero size
Message: exim paniclog /var/log/exim4/paniclog on vesta.server.com has non-zero size, mail system might be broken. The last 10 lines are quoted below.
2018-07-19 03:10:04 1ffzKN-000240-Sa DKIM: signing failed: RSA_LONG_LINE
The rest line are the same
I check the dkim key pair for vesta.server.com:
Also I recheck the dkim dns record :
After removing /n from the dns record, it seems the public key is identical.
I validate the value on https://dkimcore.org/c/keycheck:
Result in green line says: This is a valid DKIM key record
On the DNS server I put 2 selector in txt record just for sure: mail and default
For mail:
After 12 hours I tested the dkim on https://www.mail-tester.com, result:
SCORE: 4.5/10 Your DKIM signature is not valid
I do similar steps for each individual domain and got similar result.
What on earth is going on?
My hostname for VestaCP: vesta.server.com
The site domain to setup the dkim : domain.com
Everyday I got email from root as follow:
Subject: exim paniclog on vesta.server.com has non-zero size
Message: exim paniclog /var/log/exim4/paniclog on vesta.server.com has non-zero size, mail system might be broken. The last 10 lines are quoted below.
2018-07-19 03:10:04 1ffzKN-000240-Sa DKIM: signing failed: RSA_LONG_LINE
The rest line are the same
I check the dkim key pair for vesta.server.com:
Code: Select all
v-list-mail-domain-dkim admin vesta.server.com
-----BEGIN RSA PRIVATE KEY-----
RSA PRIVATE KEY LONG LONG LINE
-----END RSA PRIVATE KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIjN8JH0rfwx21jZwXJSDZ6ke/
FtvXnT1SCt0vb+skLl1agStgL461iZuVl/OER8WP6cSlpqOO+NCHCJOo+Js0tPcr
Bi+XBYEs0WjbeMBxbF/vOmQkwAvghwSVffpeov8ce404J023lQ4/dQM4WEph/3KB
L3YAmmVhMD8Au8xxGQIDAQAB
-----END PUBLIC KEY-----
Code: Select all
v-list-mail-domain-dkim-dns admin vesta.server.com
RECORD TTL TYPE VALUE
------ --- ---- -----
_domainkey 3600 IN TXT "t=y; o=~;"
mail._domainkey 3600 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIjN8JH0rfwx21jZwXJSDZ6ke/\nFtvXnT1SCt0vb+skLl1agStgL461iZuVl/OER8WP6cSlpqOO+NCHCJOo+Js0tPcr\nBi+XBYEs0WjbeMBxbF/vOmQkwAvghwSVffpeov8ce404J023lQ4/dQM4WEph/3KB\nL3YAmmVhMD8Au8xxGQIDAQAB"
I validate the value on https://dkimcore.org/c/keycheck:
Code: Select all
v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIjN8JH0rfwx21jZwXJSDZ6ke/FtvXnT1SCt0vb+skLl1agStgL461iZuVl/OER8WP6cSlpqOO+NCHCJOo+Js0tPcrBi+XBYEs0WjbeMBxbF/vOmQkwAvghwSVffpeov8ce404J023lQ4/dQM4WEph/3KBL3YAmmVhMD8Au8xxGQIDAQAB
On the DNS server I put 2 selector in txt record just for sure: mail and default
For mail:
Code: Select all
mail._domainkey.vesta.server.com. IN TXT "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIjN8JH0rfwx21jZwXJSDZ6ke/FtvXnT1SCt0vb+skLl1agStgL461iZuVl/OER8WP6cSlpqOO+NCHCJOo+Js0tPcrBi+XBYEs0WjbeMBxbF/vOmQkwAvghwSVffpeov8ce404J023lQ4/dQM4WEph/3KBL3YAmmVhMD8Au8xxGQIDAQAB;"
SCORE: 4.5/10 Your DKIM signature is not valid
I do similar steps for each individual domain and got similar result.
What on earth is going on?
-
- Posts: 33
- Joined: Sat Jan 20, 2018 3:45 am
- Os: Debian 8x
- Web: apache + nginx
Re: Still Can't Made DKIM Works on VestaCP
Anyone please?
Permission seems correct for domain.com dkim.pem.
I use the latest key after disable and enable the dkim for the domain.com
I have tried this selector in cloudflare dns txt record:
Still not working
Permission seems correct for domain.com dkim.pem.
I use the latest key after disable and enable the dkim for the domain.com
Code: Select all
# ls -al domain.com
total 24
drwxrwx--x 2 Debian-exim mail 4096 Jul 22 06:42 .
drwxr-x--x 23 root root 4096 Jul 22 06:42 ..
-rw-rw---- 1 Debian-exim mail 35 Jul 11 18:35 aliases
-rw-rw---- 1 Debian-exim mail 0 Jul 11 18:32 antispam
-rw-rw---- 1 Debian-exim mail 0 Jul 11 18:32 antivirus
-rw-rw---- 1 Debian-exim mail 891 Jul 15 07:14 dkim.pem
-rw-rw---- 1 Debian-exim mail 887 Jul 15 07:00 dkim.pem-0
-rw-r----- 1 root root 891 Jul 15 04:09 dkim.pem-backup
-rw-rw---- 1 Debian-exim mail 0 Jul 11 18:32 fwd_only
-rw-rw---- 1 dovecot mail 0 Jul 11 18:32 passwd
Code: Select all
mail mail._domainkey. IN TXT "v=DKIM1;p=publickey;"
mail mail._domainkey.domain.com. IN TXT "v=DKIM1;p=publickey;"
mail._domainkey k=rsa; p=publickey
default default._domainkey. IN TXT "v=DKIM1;p=publickey;"
default default._domainkey.domain.com. IN TXT "v=DKIM1;p=publickey;"
-
- Posts: 33
- Joined: Sat Jan 20, 2018 3:45 am
- Os: Debian 8x
- Web: apache + nginx
Re: Still Can't Made DKIM Works on VestaCP
I solved this myself.
The right entry is:
Selector : mail._domainkey
Value without any qoutes: v=DKIM1;k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCubC0zd/A1i20X60r/TPt4Anj5sehodvaY8ulZPFNWgd2xhlW2mH9rswr35eSr66hUYeBFNBfAKLo+1JCVk+sg1pFwTyjQQCfpRLvt4nvv45o/0KwWLaroXgYVdsNiO14HuBrTh3r9tDL5HKiWOdRRLv+L9O4o7vfL928LDGpMCQIDAQAB
The right entry is:
Selector : mail._domainkey
Value without any qoutes: v=DKIM1;k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCubC0zd/A1i20X60r/TPt4Anj5sehodvaY8ulZPFNWgd2xhlW2mH9rswr35eSr66hUYeBFNBfAKLo+1JCVk+sg1pFwTyjQQCfpRLvt4nvv45o/0KwWLaroXgYVdsNiO14HuBrTh3r9tDL5HKiWOdRRLv+L9O4o7vfL928LDGpMCQIDAQAB
-
- Posts: 14
- Joined: Mon Apr 13, 2020 6:27 pm
- Os: CentOS 6x
- Web: apache + nginx
Re: Still Can't Made DKIM Works on VestaCP
I tried to ADD DKIM Record in DNS but after adding i try to restart named or restart server then NAMED service stopped working...yoko eagle wrote: ↑Tue Jul 24, 2018 2:41 amI solved this myself.
The right entry is:
Selector : mail._domainkey
Value without any qoutes: v=DKIM1;k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCubC0zd/A1i20X60r/TPt4Anj5sehodvaY8ulZPFNWgd2xhlW2mH9rswr35eSr66hUYeBFNBfAKLo+1JCVk+sg1pFwTyjQQCfpRLvt4nvv45o/0KwWLaroXgYVdsNiO14HuBrTh3r9tDL5HKiWOdRRLv+L9O4o7vfL928LDGpMCQIDAQAB