Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

Still Can't Made DKIM Works on VestaCP

https://forum.vestacp.com/viewtopic.php?f=12&t=17325

Page 1 of 1

Still Can't Made DKIM Works on VestaCP

Posted: Fri Jul 20, 2018 11:28 am
by yoko eagle
I have struggling this week to make dkim to works with my domains. I use external DNS server (Cloudflare) and not install DNS server on VestaCP. I can not figured out what is going wrong on my setting.
My hostname for VestaCP: vesta.server.com
The site domain to setup the dkim : domain.com

Everyday I got email from root as follow:
Subject: exim paniclog on vesta.server.com has non-zero size
Message: exim paniclog /var/log/exim4/paniclog on vesta.server.com has non-zero size, mail system might be broken. The last 10 lines are quoted below.

2018-07-19 03:10:04 1ffzKN-000240-Sa DKIM: signing failed: RSA_LONG_LINE
The rest line are the same

I check the dkim key pair for vesta.server.com:

Code: Select all

v-list-mail-domain-dkim admin vesta.server.com

-----BEGIN RSA PRIVATE KEY-----
RSA PRIVATE KEY LONG LONG LINE
-----END RSA PRIVATE KEY-----

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIjN8JH0rfwx21jZwXJSDZ6ke/
FtvXnT1SCt0vb+skLl1agStgL461iZuVl/OER8WP6cSlpqOO+NCHCJOo+Js0tPcr
Bi+XBYEs0WjbeMBxbF/vOmQkwAvghwSVffpeov8ce404J023lQ4/dQM4WEph/3KB
L3YAmmVhMD8Au8xxGQIDAQAB
-----END PUBLIC KEY-----
Also I recheck the dkim dns record :

Code: Select all

v-list-mail-domain-dkim-dns admin vesta.server.com

RECORD            TTL         TYPE      VALUE
------            ---         ----      -----
_domainkey        3600   IN   TXT      "t=y; o=~;"
mail._domainkey   3600   IN   TXT      "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIjN8JH0rfwx21jZwXJSDZ6ke/\nFtvXnT1SCt0vb+skLl1agStgL461iZuVl/OER8WP6cSlpqOO+NCHCJOo+Js0tPcr\nBi+XBYEs0WjbeMBxbF/vOmQkwAvghwSVffpeov8ce404J023lQ4/dQM4WEph/3KB\nL3YAmmVhMD8Au8xxGQIDAQAB"
After removing /n from the dns record, it seems the public key is identical.
I validate the value on https://dkimcore.org/c/keycheck:

Code: Select all

v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIjN8JH0rfwx21jZwXJSDZ6ke/FtvXnT1SCt0vb+skLl1agStgL461iZuVl/OER8WP6cSlpqOO+NCHCJOo+Js0tPcrBi+XBYEs0WjbeMBxbF/vOmQkwAvghwSVffpeov8ce404J023lQ4/dQM4WEph/3KBL3YAmmVhMD8Au8xxGQIDAQAB
Result in green line says: This is a valid DKIM key record
On the DNS server I put 2 selector in txt record just for sure: mail and default
For mail:

Code: Select all

mail._domainkey.vesta.server.com. IN TXT "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIjN8JH0rfwx21jZwXJSDZ6ke/FtvXnT1SCt0vb+skLl1agStgL461iZuVl/OER8WP6cSlpqOO+NCHCJOo+Js0tPcrBi+XBYEs0WjbeMBxbF/vOmQkwAvghwSVffpeov8ce404J023lQ4/dQM4WEph/3KBL3YAmmVhMD8Au8xxGQIDAQAB;"
After 12 hours I tested the dkim on https://www.mail-tester.com, result:
SCORE: 4.5/10 Your DKIM signature is not valid

I do similar steps for each individual domain and got similar result.
What on earth is going on?

Re: Still Can't Made DKIM Works on VestaCP

Posted: Sun Jul 22, 2018 6:29 am
by yoko eagle
Anyone please?
Permission seems correct for domain.com dkim.pem.
I use the latest key after disable and enable the dkim for the domain.com

Code: Select all

# ls -al domain.com
total 24
drwxrwx--x  2 Debian-exim mail 4096 Jul 22 06:42 .
drwxr-x--x 23 root        root 4096 Jul 22 06:42 ..
-rw-rw----  1 Debian-exim mail   35 Jul 11 18:35 aliases
-rw-rw----  1 Debian-exim mail    0 Jul 11 18:32 antispam
-rw-rw----  1 Debian-exim mail    0 Jul 11 18:32 antivirus
-rw-rw----  1 Debian-exim mail  891 Jul 15 07:14 dkim.pem
-rw-rw----  1 Debian-exim mail  887 Jul 15 07:00 dkim.pem-0
-rw-r-----  1 root        root  891 Jul 15 04:09 dkim.pem-backup
-rw-rw----  1 Debian-exim mail    0 Jul 11 18:32 fwd_only
-rw-rw----  1 dovecot     mail    0 Jul 11 18:32 passwd
I have tried this selector in cloudflare dns txt record:

Code: Select all

mail   mail._domainkey. IN TXT "v=DKIM1;p=publickey;"
mail   mail._domainkey.domain.com. IN TXT "v=DKIM1;p=publickey;"
mail._domainkey   k=rsa; p=publickey
default   default._domainkey. IN TXT  "v=DKIM1;p=publickey;"
default   default._domainkey.domain.com. IN TXT  "v=DKIM1;p=publickey;"
Still not working

Re: Still Can't Made DKIM Works on VestaCP

Posted: Tue Jul 24, 2018 2:41 am
by yoko eagle
I solved this myself.

The right entry is:

Selector : mail._domainkey
Value without any qoutes: v=DKIM1;k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCubC0zd/A1i20X60r/TPt4Anj5sehodvaY8ulZPFNWgd2xhlW2mH9rswr35eSr66hUYeBFNBfAKLo+1JCVk+sg1pFwTyjQQCfpRLvt4nvv45o/0KwWLaroXgYVdsNiO14HuBrTh3r9tDL5HKiWOdRRLv+L9O4o7vfL928LDGpMCQIDAQAB

Re: Still Can't Made DKIM Works on VestaCP

Posted: Mon Apr 13, 2020 6:37 pm
by dobriyalji
yoko eagle wrote:
Tue Jul 24, 2018 2:41 am
 I solved this myself.

The right entry is:

Selector : mail._domainkey
Value without any qoutes: v=DKIM1;k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCubC0zd/A1i20X60r/TPt4Anj5sehodvaY8ulZPFNWgd2xhlW2mH9rswr35eSr66hUYeBFNBfAKLo+1JCVk+sg1pFwTyjQQCfpRLvt4nvv45o/0KwWLaroXgYVdsNiO14HuBrTh3r9tDL5HKiWOdRRLv+L9O4o7vfL928LDGpMCQIDAQAB
I tried to ADD DKIM Record in DNS but after adding i try to restart named or restart server then NAMED service stopped working...
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/