[Solved] DKIM public key error on CentOS (Postfix not signing?)

4 posts / 0 new
Last post
#1 Fri, 06/17/2016 - 16:05
itmustbe
itmustbe's picture

[Solved] DKIM public key error on CentOS (Postfix not signing?)

Hi!

I've searched the threads but I can't seem quite to find the answer, other than that someone with my exact problem fixed by reinstalling.

First off, I went to DKIM under "Email Messages" in Virtualmin, clicked the "Install Now" button, and everything appeared to go well without any errors. My DNS is off-server, so first I listed all my domains for which I use email under "Additional domains to sign for". Then I carefully copied the information from Virtualmin's "DNS records for additional domains" into TXT records for each of my domains DNS.

So far, so good, but now, when I try sending email, I get the error in the message headers "dkim=temperror (no key for signature) header.i=@beedrives.com"

When I test at http://dkimcore.org/c/keycheck (with selector "beehive") I get the error "A public-key (p=) is required"

But checking my domain in Terminal with "dig txt beedrives.com" I see the public key showing up properly.

I tried disabling and reenabling DKIM signing, to no avail. I reboot the server, again to no avail.

When I reenabled DKIM, I made note of the following (again, all seemed to go well):

Finding virtual servers to enable DKIM for ..
.. no virtual servers with DNS and email enabled were found, but enabling for 7 extra domains
Extracting public key from private key in /etc/dkim.key ..
.. done

Setting domain and selector in DKIM filter configuration ..
.. done

Enabling DKIM filter at boot time ..
.. done

Starting DKIM filter ..
.. done

Configuring mail server to use DKIM filter ..
.. done

I'm using CentOS Linux 6.8, Webmin version 1.801, Virtualmin version 5.03

What might I be doing wrong at this point?

Thanks so much!

Elise

Fri, 06/17/2016 - 18:36
nylle

i cant find any key under the selector: beehive

i can see your key aswell via terminal but there is a space in your key. i had a different issue earlier and i used the site youre also using (http://dkimcore.org/c/keycheck) it told me to remove any spaces. so i did and got it working.

also make sure you have your DNS Settings right, mine looks like this here: - http://imgur.com/4kuwTJL - german menue but shouldnt be a prob - because i tried to find your key with your selector on different sites and none could find it. this seems to be your main problem.

also, to check everything when youre done, you can just send a blank mail to check-auth@verifier.port25.com and get your results. (looks like this)

Summary of Results
==========================================================
SPF check:          pass
DomainKeys check:   neutral
DKIM check:         pass
Sender-ID check:    pass
SpamAssassin check: ham

hope i could help.

nylle

i'm just getting started :|

Fri, 06/17/2016 - 19:17
itmustbe
itmustbe's picture

Oh hi thank you you've helped so much, it's working now! Actually the apparent space was a red herring (I didn't have to change anything about my key, that was just Terminal adding that space for a newline; I checked and I had no spaces in my actual DNS entry). But your image upload made my newbie error crystal clear! I feel so silly... I didn't realize I had to put a special subdomain for that TXT record, namely beehive._domainkey in my case (I was just using the @ shortcut for my domain before in that field)... so now, when I run the key check at http://dkimcore.org/c/keycheck for beehive / beedrives.com I get valid results! And I just emailed myself at Gmail and I get a DKIM pass too :) Thank you so so much for uploading that image, I must have overlooked that critical little piece in the help files I read, and not realized the TXT record for DKIM had to have the odd selector._domainkey syntax in the subdomain field! I just fixed all my other domains too. Thank you!!!

Fri, 06/17/2016 - 19:30 (Reply to #3)
nylle

youre welcome, i had/have issues with sending mails to gmail too. since i started not long ago with all of this i wanted to fix them today and my mails still get flagged by gmail even tho i think i have everything right. well, there is bigger issues atm and i'll probably get the gmail issue fixed soonish.

at least its working for you :) have fun with your sites!

i'm just getting started :|

Topic locked