DKIM DNS entry with 255 characters limit


(EnzoC) #1

Goodmorning everyone,
i have problem with dkim encryption.

My hosting NETSONS truncates DKIM key available from the page Email - Domain to 255 characters.

I have try

( “part one” “part two” …)

and this

the result is

Messaggio originale
ID messaggio	<5e6b-5ab11a80-3-6781eb00@233085339>
Creato alle:	20 marzo 2018 15:29 (consegnato dopo 5 secondi)
Da:	enzo <>
Oggetto:	ciao 5
DKIM:	'FAIL' con il dominio Ulteriori informazioni

Scarica messaggio originale	Copia negli appunti	
Received: by with SMTP id g58csp3987516jal;
        Tue, 20 Mar 2018 07:29:18 -0700 (PDT)
X-Google-Smtp-Source: AG47ELsDrNeGPmsIUx1XDCiVcP3xvjUNRGCFqX2a3GxeQAvGKdWMYHV9za7iJVBx7WQIB1hlDtik
X-Received: by with SMTP id p197mr2252171wme.81.1521556158075;
        Tue, 20 Mar 2018 07:29:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1521556158; cv=none;; s=arc-20160816;
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arc-20160816;
ARC-Authentication-Results: i=1;;
       dkim=neutral (bad format) header.s=default header.b=jkWrY+fT;
       spf=pass ( domain of designates 123.456.678.9 as permitted sender)
Return-Path: <>
Received: from ( [123.456.678.9])
        by with ESMTP id o31si1585996wrc.291.2018.
        for <>;
        Tue, 20 Mar 2018 07:29:17 -0700 (PDT)
Received-SPF: pass ( domain of designates 123.456.678.9 as permitted sender) client-ip=123.456.678.9;
       dkim=neutral (bad format) header.s=default header.b=jkWrY+fT;
       spf=pass ( domain of designates 123.456.678.9 as permitted sender)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 155548E47DF for <>; Tue, 20 Mar 2018 15:29:13 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.11.0 155548E47DF
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=default; t=1521556156; bh=KOf+cP/4nTj/gMW3WaDzmRy4gKTdjQXzcpsdaWubCMM=; h=To:Date:Subject:From:From; b=jkWrY+fTDH3MaCUhQATs0ken7fzC8dSBazgkTBQgygFYOvGJjo4V2ot5I89TsdlQs
Content-Type: multipart/alternative; boundary="----=_=-_OpenGroupware_org_NGMime-24171-1521556152.789238-1------"
User-Agent: SOGoMail 3.2.10
MIME-Version: 1.0
Date: Tue, 20 Mar 2018 15:29:12 +0100
Subject: ciao 5
Message-ID: <5e6b-5ab11a80-3-6781eb00@233085339>
From: enzo <>

Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Length: 0

Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Length: 13



a check on returns for

any idea?

(Stéphane de Labrusse) #2

we have just one key for all domain, you can retrieve it at

cat /etc/opendkim/default.txt

you have no standard to save the public dkim key to you registar, like you see the key is cut in two pieces, and I decided to truncate it in one piece

unfortunately you have to do some attempts, maybe with the raw key format it can help you, do you think it is preferable to get the raw key instead of the customised one

(Davide Principi) #3

We could reduce the key size in /etc/e-smith/events/actions/nethserver-mail-create-opendkim-key, then generate a shorter key:

sed -i 's/2048/1024/' /etc/e-smith/events/actions/nethserver-mail-create-opendkim-key
rm /etc/opendkim/keys/default.*

do you think it is a viable workaround? read comment below!

DKIM+disclaimer problems after upgrade to mail2 module
(Stéphane de Labrusse) #4

We could also say to dkim to use only a 1024 bit size but I worry about weakness. For what I read 2048 is a must nowadays.

But like I read yesterday night, do you really need to wear a helmet in your car :-?

(EnzoC) #5


(Davide Principi) #6

Like @stephdl suggests, there are also some methods/syntax to split long DKIM keys over multiple chunks. It depends on the DNS implementation, so you should refer to your DNS provider’s documentation.

The marked solution is a workaround. It generates a weak key.

(EnzoC) #7

I understand that it is a workaround, I do not know many Italian hosting, but I consider Netsons the most reliable, complete, versatile. In Italy, both aruba and register are very far from the completeness of use of Netsons.
I have a dedicated panel for DKIM and SPF activation!!!

Let’s say that for the moment I’m happy, I’ll be looking for an Italian hosting that does not have this limit.
For the moment Thank you!

(Davide Principi) #8

3 posts were split to a new topic: My emails finish in SPAM only with google