Still Can't Made DKIM Works on VestaCP
Posted: Fri Jul 20, 2018 11:28 am
I have struggling this week to make dkim to works with my domains. I use external DNS server (Cloudflare) and not install DNS server on VestaCP. I can not figured out what is going wrong on my setting.
My hostname for VestaCP: vesta.server.com
The site domain to setup the dkim : domain.com
Everyday I got email from root as follow:
Subject: exim paniclog on vesta.server.com has non-zero size
Message: exim paniclog /var/log/exim4/paniclog on vesta.server.com has non-zero size, mail system might be broken. The last 10 lines are quoted below.
2018-07-19 03:10:04 1ffzKN-000240-Sa DKIM: signing failed: RSA_LONG_LINE
The rest line are the same
I check the dkim key pair for vesta.server.com:
Also I recheck the dkim dns record :
After removing /n from the dns record, it seems the public key is identical.
I validate the value on https://dkimcore.org/c/keycheck:
Result in green line says: This is a valid DKIM key record
On the DNS server I put 2 selector in txt record just for sure: mail and default
For mail:
After 12 hours I tested the dkim on https://www.mail-tester.com, result:
SCORE: 4.5/10 Your DKIM signature is not valid
I do similar steps for each individual domain and got similar result.
What on earth is going on?
My hostname for VestaCP: vesta.server.com
The site domain to setup the dkim : domain.com
Everyday I got email from root as follow:
Subject: exim paniclog on vesta.server.com has non-zero size
Message: exim paniclog /var/log/exim4/paniclog on vesta.server.com has non-zero size, mail system might be broken. The last 10 lines are quoted below.
2018-07-19 03:10:04 1ffzKN-000240-Sa DKIM: signing failed: RSA_LONG_LINE
The rest line are the same
I check the dkim key pair for vesta.server.com:
Code: Select all
v-list-mail-domain-dkim admin vesta.server.com
-----BEGIN RSA PRIVATE KEY-----
RSA PRIVATE KEY LONG LONG LINE
-----END RSA PRIVATE KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIjN8JH0rfwx21jZwXJSDZ6ke/
FtvXnT1SCt0vb+skLl1agStgL461iZuVl/OER8WP6cSlpqOO+NCHCJOo+Js0tPcr
Bi+XBYEs0WjbeMBxbF/vOmQkwAvghwSVffpeov8ce404J023lQ4/dQM4WEph/3KB
L3YAmmVhMD8Au8xxGQIDAQAB
-----END PUBLIC KEY-----
Code: Select all
v-list-mail-domain-dkim-dns admin vesta.server.com
RECORD TTL TYPE VALUE
------ --- ---- -----
_domainkey 3600 IN TXT "t=y; o=~;"
mail._domainkey 3600 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIjN8JH0rfwx21jZwXJSDZ6ke/\nFtvXnT1SCt0vb+skLl1agStgL461iZuVl/OER8WP6cSlpqOO+NCHCJOo+Js0tPcr\nBi+XBYEs0WjbeMBxbF/vOmQkwAvghwSVffpeov8ce404J023lQ4/dQM4WEph/3KB\nL3YAmmVhMD8Au8xxGQIDAQAB"
I validate the value on https://dkimcore.org/c/keycheck:
Code: Select all
v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIjN8JH0rfwx21jZwXJSDZ6ke/FtvXnT1SCt0vb+skLl1agStgL461iZuVl/OER8WP6cSlpqOO+NCHCJOo+Js0tPcrBi+XBYEs0WjbeMBxbF/vOmQkwAvghwSVffpeov8ce404J023lQ4/dQM4WEph/3KBL3YAmmVhMD8Au8xxGQIDAQAB
On the DNS server I put 2 selector in txt record just for sure: mail and default
For mail:
Code: Select all
mail._domainkey.vesta.server.com. IN TXT "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIjN8JH0rfwx21jZwXJSDZ6ke/FtvXnT1SCt0vb+skLl1agStgL461iZuVl/OER8WP6cSlpqOO+NCHCJOo+Js0tPcrBi+XBYEs0WjbeMBxbF/vOmQkwAvghwSVffpeov8ce404J023lQ4/dQM4WEph/3KBL3YAmmVhMD8Au8xxGQIDAQAB;"
SCORE: 4.5/10 Your DKIM signature is not valid
I do similar steps for each individual domain and got similar result.
What on earth is going on?