Hi Stephdl,
A friend of mine is using GoDaddy as his registrar. He wants to know how to create the DNS record for DKIM.
According to:https://wiki.nethserver.org/doku.php?id=email_protection_resources#how_to_configure_it7
For the DNS record, you recommend:txt default._domainkey or default._domainkey.domain.com v=DKIM1; k=rsa; p=MIIBI…DAQAB; which is 396 characters long.
He wants to use:txt default._domainkey v=DKIM1; k=rsa; p=abcde…vwxyz which is 395 characters long in his Web interface.
It looks like you added the “; ” at the end.
Questions:default._domainkey ?; ” at the end of the TXT Value to be 396 characters long?
Thank you in advance,
Michel-André
1 Like
stephdl
June 18, 2019, 8:20pm
2
you missed the @stephd to call me
michelandre:
For DKIM, is GoDaddy different than 1&1 or other registrars?
yes I think every registar is different for dns side, hence the accordeon we made to display in several format the dkim key. I would like to say that you must test it, you have tools for this
michelandre:
Is it corect to use only default._domainkey ?
yes, we have created one key for all domain hosted on your server
cat /etc/opendkim/keys/default.txt
default._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBMBiv3vMl6Hob4rfPr8eP98TXt3WTiGAcyIamPwHbV5Shjdfh6dBfBrWez2p8DFU/nFvEpUYTY2bnH5SXKnNHs8JEBL6dNEEzWhYNJRLC8LUokrnszXcCcSiUgWXSng90fmO1Zjs0VaGRmO3krLjD0DD+XFQAeHn8sG7y4E93oVLY+qhi3fXRvOQYyKdWiOXOL6Wn30gvED9M"
"Ezxx0UTsUXBRBhopVoLETBdKm+UFMjAwpv79E8qu88y8ldz+jj/KkrkvdhuY1Cactx5RGXMNMgTWJWKD1dtkMcQ5oPwX/yZtl2ZQieyk96YxIMyE6aOCMqmdYMfhqhHExFCtwjMwIDAQAB" ) ; ----- DKIM key default for nethservertest.org
michelandre:
Should he add that “ ; ” at the end of the TXT Value to be 396 characters long?
I think so
# dig +short TXT default._domainkey.de-labrusse.fr @8.8.4.4
"v=DKIM1\; k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDHXY9axEEi2mNiPJarErUkCdnuCIo3pLidherVt+6z6NHrB/Fwc2BWwK97qH9APzbo4cBhm/wtbXAiRnNlcTBMkG4P4lm09a/dR6spVsJ72QMrr+V5M04sLQ+76Ru4K6Pj4iyHJmBlAvORS3v4tpoZgXipi4o9qmbPvcT7JzXucICZ6q5gSKuyQRrKlZKL55" "TR7GWTCJ6VVLhbis74HlMNWfwjhJmcz3z1zMnNKHsDSaQfLplDBi5c3gZFG8hJ7mBVA1fGZHD4SeDv5mSYQrBgFT5Hgij67eSmYtZ5GcMPyn7q3aobCDXHvWVTFQD1x5SNIJohYTBuPQ7SfRNs17QIDAQAB\;"
the ; is a delimiter
Hi greatest,
After much and much googling I found a test site:https://dkimcore.org/tools/keycheck.html
Without “;” at the end.
With “;” at the end.
It looks like this particular tester removed the “;” at the end.
Michel-André
1 Like
stephdl
June 18, 2019, 8:30pm
4
not a problem, it is a delimiter and it is the end
Hi again,
This is from my test site:
# dig +short TXT default._domainkey.micronator-101.org @1.1.1.1 "v=DKIM1\; k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDHXY9axEEi2mNiPJarErUkCdnuCIo3pLidherVt+6z6NHrB/Fwc2BWwK97qH9APzbo4cBhm/wtbXAiRnNlcTBMkG4P4lm09a/dR6spVsJ72QMrr+V5M04sLQ+76Ru4K6Pj4iyHJmBlAvORS3v4tpoZgXipi4o9qmbPvcT7JzXucICZ6q5gSKuyQRrKlZKL55" "TR7GWTCJ6VVLhbis74HlMNWfwjhJmcz3z1zMnNKHsDSaQfLplDBi5c3gZFG8hJ7mBVA1fGZHD4SeDv5mSYQrBgFT5Hgij67eSmYtZ5GcMPyn7q3aobCDXHvWVTFQD1x5SNIJohYTBuPQ7SfRNs17QIDAQAB\;"
"v=DKIM1\; k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGHdVEAmPh9oRVS5e7vqca6ji47YnnmYg4gilZstMNPw+kgUYHyfTepaR3AewxDvwM6C57Jfn7Xcmy0mB/UWwbTk60by7mu1xcFOpN4qn2NopZa3VzcRy6ZCryjVhaxII9vxIvxHeOEGzO/s0Xcv/O76tMDad0LXdhDwCMonkGfIf6oDQzbKljrnsH59lyh0V" "0mUFic/PYxc7i1nS2s+2fRa+hx/VX44a2QAqaMDZPHHhdUQlQyqEokaxqd2GkhlM/WxHZiqhtZpdwX6j1ShouC6W7zLrIsweUOAUkOEjE7jTUQUBRa1Fbogpd98UsSTxM0F66sTAybXb/rB7GhzzwIDAQAB\;"
It looks OK for this site.
I will try it on my main site and let you know.
Michel-André
stephdl
June 18, 2019, 8:36pm
6
on your site I needed to paste this to be validated
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBMBiv3vMl6H
ob4rfPr8eP98TXt3WTiGAcyIamPwHbV5Shjdfh6dBfBrWez2p8DFU/nFvEpUYTY2bnH5SXKnNH
s8JEBL6dNEEzWhYNJRLC8LUokrnszXcCcSiUgWXSng90fmO1Zjs0VaGRmO3krLjD0DD+XFQAeH
n8sG7y4E93oVLY+qhi3fXRvOQYyKdWiOXOL6Wn30gvED9MEzxx0UTsUXBRBhopVoLETBdKm+UF
MjAwpv79E8qu88y8ldz+jj/KkrkvdhuY1Cactx5RGXMNMgTWJWKD1dtkMcQ5oPwX/yZtl2ZQie
yk96YxIMyE6aOCMqmdYMfhqhHExFCtwjMwIDAQAB
each dns provider gets different user interface, nothing standard
Hi again,
After thinking, I will not include it on my main site but I also have a second test site for my friend at GoDaddy.
I didn’t include the “;” at the end.
And the test at: https://dkimcore.org/tools/keycheck.html
I will wait a few days to make sure everthing is working then I will try on my main site.
I tried it 2-3 months ago and I had some problems which I don’t remember exactly what they were. I removed it after that.
I hope this time all will be OK.
Thank you very much for your replies.
Michel-André
Hi again,
Luckyly I didn’t try it on my main domain.
Sending mail with Webmail from toto@domain-dkim.com :
Erreur SMTP : [451] 4.7.1 Service unavailable - try again later
Mail log:
can't load key from /etc/opendkim/keys/default.private: Permission denied
Checking:
# ls -als /etc/opendkim/keys/default.private
4 -r--r----- 1 opendkim opendkim 1679 22 janv. 12:32 /etc/opendkim/keys/default.private
Deleted DKIM from domain-dkim.com record at GoDaddy and disabled it in Web interface.
All is working fine now, I can send and receive mail from toto@domain-dkim.com testing domain to titi@main-domain.org back and forth.
What am I missing here?
Michel-André
Hi again Stephdl,
I tested with a LOCAL machine and 2 domains (1 main domain dev.org , 1 Vhost dev.net ) ; both with DKIM enabled.
Where is the errors from, on main server connected directly to Internet?
Is it because I enabled DKIM only on the Vhost and not on the main domain?
Michel-André
Hi all,
It is not a problem from GoDaddy as I have another domain at ionos.fr and I have the same problem. There is something wrong in NethServer config somewhere…
Jun 22 12:44:02 dorgee httpd: [WARNING] NethServer\Module\Mail\Domain\Modify: file_get_contents(/var/lib/nethserver/mail-disclaimers/my-domaine-name.raw): failed to open stream: No such file or directory
ls gives no such file…
# systemctl status opendkim
...
can't load key from /etc/opendkim/keys/default.private: Permission denied
6440B100086B0: error loading key 'default._domainkey.micronator-dev.org'
can't load key from /etc/opendkim/keys/default.private: Permission denied
3A6CD100086AD: error loading key 'default._domainkey.micronator-dev.org'
ls -als /etc/opendkim/keys/default.private
4 -r--r----- 1 opendkim opendkim 1679 22 janv. 12:32 /etc/opendkim/keys/default.private
# systemctl restart opendkim
# systemctl status opendkim
...Stopped DomainKeys Identified Mail (DKIM) Milter.
...Starting DomainKeys Identified Mail (DKIM) Milter...
...Started DomainKeys Identified Mail (DKIM) Milter.
...OpenDKIM Filter v2.11.0 starting (args: -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid)
I use TOR to connect to vhost mail and connection is OK.
Tried to send mail: still this error
Reboot as: Problems with Emailserver update (rspamd)
I can send from main domain to toto@vhost but toto@vhost can not reply. It receives the above error.
The message is in queue: Destination: “michelandre@main-domain.org+learn_spam”@spamtrain.nh
I disabled DKIM from Vhost and all is working correctly…
Someone has a suggestion?
Michel-André
Hi all,
Can someone explains what _rspamd is doing there?
# ls -alsd /etc/opendkim
0 drwxr-xr-x 3 root _rspamd 93 22 juin 14:32 /etc/opendkim
And here with the keys?
# ls -als /etc/opendkim
total 28
0 drwxr-xr-x 3 root _rspamd 93 22 juin 14:32 .
12 drwxr-xr-x. 119 root root 8192 22 juin 14:32 ..
4 -rw-r--r-- 1 root root 504 18 juin 17:11 default.txt
0 drwxr-x--- 2 _rspamd _rspamd 48 26 avril 21:42 keys
4 -rw-r----- 1 opendkim opendkim 500 22 juin 14:32 KeyTable
4 -rw-r----- 1 opendkim opendkim 1425 22 juin 14:32 SigningTable
4 -rw-r----- 1 opendkim opendkim 601 22 janv. 12:32 TrustedHosts
Solution:
yum reinstall -y opendkim
Checking:
# ls -alsd /etc/opendkim
0 drwxr-xr-x 3 root opendkim 93 22 juin 17:28 /etc/opendkim
And the keys.
# ls -als /etc/opendkim
total 28
0 drwxr-xr-x 3 root opendkim 93 22 juin 17:28 .
12 drwxr-xr-x. 119 root root 8192 22 juin 17:28 ..
4 -rw-r--r-- 1 root root 504 18 juin 17:11 default.txt
0 drwxr-x--- 2 opendkim opendkim 48 20 déc. 2016 keys
4 -rw-r----- 1 opendkim opendkim 600 22 juin 17:28 KeyTable
4 -rw-r----- 1 opendkim opendkim 1484 22 juin 17:28 SigningTable
4 -rw-r----- 1 opendkim opendkim 601 22 janv. 12:32 TrustedHosts
Now, everything is working correctly.
Excuse me but, after so much troubles to find the solution, which one is the crappy software here, opendkim or rspamd? I would vote for rspamd .
Michel-André
