Hi, I'm having some problems trying to get dkim to work. After I updated ISPConfig 3.1.13 (CentOS 7), I set up dkim for one domain. I checked "/etc/amavid/amavisd.conf" and it looked like this: Code: $enable_dkim_verification = 1; $enable_dkim_signing = 1; # load DKIM signing code $signed_header_fields{'received'} = 0; # turn off signing of Received @dkim_signature_options_bysender_maps = ( { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } ); 1; # insure a defined return so i added this: Code: dkim_key(mydomain.com', 'default', '/var/lib/amavis/dkim/mydomain.com.private'); "amavisd showkeys" looks ok: Code: ; key#1 4096 bits, i=default, d=mydomain.com, /var/lib/amavis/dkim/mydomain.com.private default._domainkey.mydomain.com. 3600 TXT ("v=DKIM1; p=" "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuOyEbI4OvMvkOUiegknM" "Xd90OUTQkfwpha11rWBjshQWB6COilnKnIVu+W0cDFNEzSAUCitBFEex/A5CBjYy" "3Xr/nTU28XQsy7+3eTfkJv4ieffDWGz28EDiGd8GwjOPYm+yr5Y0JOdEvc+/5p9G" "MleItLmxlUICpPhN1nTha9HAdETNXR5QWMZvcGU0uVmJHzmJ3YzmwR97gK06kMSn" "E/YE0MQmru8cF8vEe1epi/GMk/uOocod4RGhhB0QkKyzH7zemgAJ5bNWKPvdAO8R" "LECBAy95sBObfFu//R8O1aXnnsn/lMnV5j+FA3PinZitZuF4NUhuGV0BOLzDwFLh" "gS31CAXeezDzH9Eh5jhJf6Wuyl7FZyqZYWIEejL7sxYI1VZdHEFVZ8OuPVvirElk" "GOsMsq+hIxeRmWEkWMMHbQtKDxbVgW+c40GVK5EXrC+hVrZZwIGTQUQwmf1wxj8H" "Toum/WQDHUVOSsvKbs8DJjS8u39J1+0lFPADqzef0czruSLEQllczt4qz5HVH9gq" "smmykwiB5UGA23gTcB+RgW03jiR8p1bVYzaAFN/KkbiAZUy/XLbfjK3fVDLwYz//" "0ICQKsZFv1GtRzlXBJCaQzvQPUCPSMaW+68MukiihdyZF94OiCTDwXgVTdrjcC5a" "NY56uUVoyCDUKpA5f5hBcGMCAwEAAQ==") but "amavisd testkeys" shows a fault Code: TESTING#1 mydomain.com: default._domainkey.mydomain.com => invalid (public key: not available) I tried recreating the keys a few times but the problem still remains. I use a external DNS from namecheap where I added the right public key. I don't have a clue where the problem is. Can anybody help? Found something strange: the domainkey which is saved in ISPConfig is different to the output of "amavisd showkeys". ISPConfig: v=DKIM1; t=s; p=MIICIjANB.... "amavisd showkeys" output: "v=DKIM1; p=" "MIICIjANB.... here the t=s; is missing. The external DNS only accepts the ISPConfig version. May be this is the problem?
Thanks for your fast reply. I added this code "dkim_key(mydomain.com', 'default', '/var/lib/amavis/dkim/mydomain.com.private');" to amavisd.conf because ISPConfig seems not write this file. I recreated the key in ISPConfig several times and nothing was added in amavisd.conf. Should I remove the code?
Some time ago i had similar problem. ISPConfig were putting data in /etc/60-dkim, while it should into /etc/amavisd/60-dkim . Check if it isn't similar problem for You, and if yes, try to link one into second location.
Yes it looks similar, the data is in /etc/60-dkim but when I try to set the link an error occurs: Code: ln: the symbolic link "/etc/amavisd/60-dkim" could not be created: the file already exists
You are trying to make link from /etc/60-dkim into /etc/amavisd/60-dkim, when that file is already there
Oh my fault. Now the link works but the problem still remains. amavisd showkeys is ok amavisd testkeys => invalid (public key: not available) I tried: Code: amavisd -u amavis debug Error in config file "/etc/amavisd.conf": Error in config file "/etc/amavisd/60-dkim": Can't open PEM file /var/lib/amavis/dkim/mydomain.com.private: Permission denied at /usr/sbin/amavisd line 638. and Code: ls -al /var/lib/amavis/dkim drwxr-x--- 2 amavis amavis 79 24. Jan 11:56 . drwxr-x--- 3 root root 17 16. Jan 13:22 .. -rw-r--r-- 1 root root 3294 24. Jan 11:56 mydomain.com.private -rw-r--r-- 1 root root 800 24. Jan 11:56 mydomain.com.public Is something wrong with chmod or ownership? Shouldn't the Dkim keys be set to amavis:amavis?
I fixed the problem. For all who have the same problem, here is what i did: 1. I fixed the bug in ispconfig and dkim signing, like Nicram explained: ispconfig writes the wrong file. Code: mv /etc/amavisd/60-dkim /etc/amavisd/60-dkim.old ln -s /etc/60-dkim /etc/amavisd/60-dkim After that the following error occures: Code: Error in config file "/etc/amavisd/60-dkim": Can't open PEM file /var/lib/amavis/dkim/mydomain.com.private: Permission denied at /usr/sbin/amavisd line 638. And amavisd service stopped working and cannot be restarted. 2. I checked the ownership and chmod settings but everything was right. Code: ls -al /var/lib/amavis/dkim drwxr-x--- 2 amavis amavis 79 24. Jan 11:56 . drwxr-x--- 3 root root 17 16. Jan 13:22 .. -rw-r--r-- 1 root root 3294 24. Jan 11:56 mydomain.com.private -rw-r--r-- 1 root root 800 24. Jan 11:56 mydomain.com.public 3. I set the group ownership to the amavis UPG recursively from the /var/lib/amavis folder. Like it is explained here. Code: chgrp -R amavis /var/lib/amavis 4. I restarted amavisd service and everything is working fine.
