Page 1 of 2
DKIM Woes Again
Posted: Sun May 11, 2014 5:49 am
by nightstryke
Alright So I had to re-install Debian Wheezy 64-bit on my Server and VestaCP as well.
Now no matter what I do whether it's generate dkim keys inside or out of VestaCP no matter what they're not showing up as working when i send an email to
[email protected] to check.
DKIM always shows up as permerror.
Help!
Re: DKIM Woes Again
Posted: Tue May 13, 2014 8:50 am
by noureddine
I have the same problem on centos. Already found a fix?
I have already tried
viewtopic.php?f=12&t=4862&p=11610&hilit=dkim#p11610
but still nothing...
Re: DKIM Woes Again
Posted: Thu May 15, 2014 8:27 pm
by nightstryke
Nope haven't got i working, I should have never installed the new update it ruined the working version I had. :(
Re: DKIM Woes Again
Posted: Thu May 15, 2014 9:22 pm
by noureddine
I get the following errors:
DomainKey result: none (no signature)
============================================================
============================================================
DKIM result: permerror (no key)
But I have created the keys and can see them in vestacp dns.
Re: DKIM Woes Again
Posted: Fri May 16, 2014 1:38 pm
by nightstryke
Yeah I've got the key, but vestacp isn't signing the outgoing mail.
Re: DKIM Woes Again
Posted: Sat May 17, 2014 7:43 pm
by nightstryke
Ok I think I might have figured out what the issue is with DKIM, apparently VestaCP DKIM generation keeps defaulting DKIM record from mixed upper-case and lower-case DKIM key to just lower-case which the TXT record should have v=DKIM1; before the k=rsa;
I have not found a way to fix this, but that's the problem.
Re: DKIM Woes Again
Posted: Sat May 17, 2014 8:00 pm
by nightstryke
Sorry to double post, but I finally got DKIM working as I said VestaCP keeps turning the DKIM TXT record into lower case instead of mixed upper and lower case. Also the DKIM TXT record needs to start with v=DKIM1 in order to work. What you have to do in most cases is delete and recreate the DKIM record a couple times to get it working properly. Doing so will require you to have the generated DKIM record and key, so you may want to use
http://www.port25.com/support/domainkeysdkim-wizard/ to generate your DKIM keys in order to get it working. This is a pain in the proverbial rear.
Re: DKIM Woes Again
Posted: Sun May 25, 2014 9:21 pm
by 2kreative
Hrmm this is a shame, is there a bug tracker somewhere - what are the chances that this will get sorted in the coming weeks?
Re: DKIM Woes Again
Posted: Wed May 28, 2014 7:59 pm
by SCelik
Re: DKIM Woes Again
Posted: Mon Jun 02, 2014 1:28 am
by jarland
I found that I can't just take the DKIM public key output from Vesta and paste it straight to my DNS record, so I altered mine to work. Here's what I did in my Vesta install to pull the DNS record ready to go, ready to copy and paste to my DNS editor:
/usr/local/vesta/bin/v-list-mail-domain-dkim-dns
Comment out these lines:
Code: Select all
echo -e "\t\"_domainkey\": {"
echo " \"TTL\": \"3600\","
echo " \"TXT\": \"'t=y; o=~;'\""
echo -e "\t},"
By replacing them as:
Code: Select all
#echo -e "\t\"_domainkey\": {"
#echo " \"TTL\": \"3600\","
#echo " \"TXT\": \"'t=y; o=~;'\""
#echo -e "\t},"
Then I commented out this line:
Code: Select all
echo "_domainkey 3600 IN TXT \"t=y; o=~;\""
Replacing it as:
Code: Select all
#echo "_domainkey 3600 IN TXT \"t=y; o=~;\""
Next, I changed this line:
Code: Select all
pub=$(cat $USER_DATA/mail/$domain.pub | sed ':a;N;$!ba;s/\n/\\n/g')
To this:
Code: Select all
pub=$(cat $USER_DATA/mail/$domain.pub | sed '/^-/d' | awk '{printf "%s", $1}')
Now I run this from CLI...
Code: Select all
v-list-mail-domain-dkim-dns [username] [domain]
And I get a return like this:
Code: Select all
mail._domainkey 3600 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0xV1NRp5dEcBG0f8WQBTtRHSIjwJx7Qzvh7uwD6XYGkHhQUYfzhj+0s/heNCgUaWKgaRheN8+wDrNm6VpGo/3ZUylWpEReE3GmS1ir/rbBjfNLxTBYUl9qVTo9F2iJ1n1qU2DeJaAAWGzwaqfBdVZVr1D9h6jdJVGLx3wAf+mjQIDAQAB"
Probably more than you need, but to share, I then made this bash script on our central server so that other guys who handle support could pull a DNS record for a client by typing "dkim domainname" in:
Code: Select all
#!/bin/bash
# Usage: dkim domainname
user=$(ssh [email protected] -p 2200 "/usr/local/vesta/bin/v-search-domain-owner $1")
ssh [email protected] -p 2200 "/usr/local/vesta/bin/v-list-mail-domain-dkim-dns $user $1"