I have configured dkim, spf and dmarc dns entries, and a receiving mailserver’s rspamd states that dkim verification succeeded (R_DKIM_ALLOW Symbol green with -0.2 score), so everything seems setup correctly. But in nethserver cockpit I see:
What could here be the problem? I copied the dkim entry and created a corresponding TXT record at my provider. The host entry is default._domainkey.ourdomain.com and the rest was pasted from dkim configuration on my nethserver. The .ourdomain.com suffix is created automatically upon saving the new TXT record even if I only want to have default._domainkey, as proposed within nethserver after saving it becomes default._domainkey.ourdomain.com. I asked my provider if it is possible to have it saved without this and they say no.
I had the same problem once. It turned out I missed 1 character in the DNS settings of my domain registrar. Can you doublecheck if the string in the txt record of your domain registrar DNS settings is EXACTLY the same as the string provided by NethServer?
This much is correct, and your DNS host is exactly right–any records you’d be creating would be within your own ourdomain.com zone. And that’s what DKIM should be looking for, too.
Thanks for confirmation about setting the domainkey the way it should be danb35.
I double-checked, that there is no typo, and even re-copy/pasted it.
Now the strange thing is if I send a mail from my nethserver to my private mailserver, I can see that dkim passes but as in my dns I have set dmarc rule set to strict, it seems incorrect that I see in the mailheader c=relaxed/relaxed which is not what I would expect. Thus I believe there maight be an old configuration active?
How could I uninstall/reinstall opendkim correctly including deleting its configuration, in order to be sure there is no old configuration coming inbetween?
Or I could send a mail, if someone experienced is willing to check the mailheader?
Thanks, I did test mentioned site and all looks good. Score8.2 of 10, dkim signature valid, passed spf and dmarc too. So I guess, maybe I should ignore the initially mentioned error in nethserver.
-0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid This rule is automatically applied if your email contains a DKIM signature but other positive rules will also be added if your DKIM signature is valid. See immediately below.
0.1 DKIM_VALID Message has at least one valid DKIM or DK signature Wunderbar! Ihre Signatur ist gültig.
0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author’s domain Großartig! Ihre Signatur ist gültig und sie kommt von der Domain
0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain
-1.985 PYZOR_CHECK Similar message reported on Pyzor (http://pyzor.org) https://pyzor.readthedocs.io/en/latest/ Testen Sie einen echten Inhalt, Test Newsletter wird immer von Pyzor gekennzeichnet werden
Ihre Nachricht oder Anfrage weißen Listen einstellen (http://public.pyzor.org/whitelist/)
0.001 SPF_PASS SPF: sender matches SPF record Wunderbar! Ihr SPF-Eintrag ist gültig.
