Hi there, I've setup DKIM for my mails since some time now. Recently I've noticed that the DKIM signature for my mails was invalid. Code: 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid What do I have to do in order to fix this as my public key in my TXT record is valid? Thanks Eliott
Maybe amavis is not using that key? But check what key is in name service: Code: host -t txt default._domainkey.yourdomain.tld. If you set up your DKIM with ISPConfig it should copy the DKIM key to amavis, and all just works provided you copy that key to your name service setup.
Thanks for your reply, Taleman however it is working in amavis the problem is that the signature is invalid Code: root@localhost:~# amavisd-new testkeys TESTING#2 csphero.be: default._domainkey.csphero.be => pass TESTING#3 espressoproject.be: default._domainkey.espressoproject.be => pass TESTING#4 hackingarise.com: default._domainkey.hackingarise.com => pass TESTING#5 hauteclair.net: default._domainkey.hauteclair.net => pass TESTING#6 inc.eliott.be: default._domainkey.inc.eliott.be => pass TESTING#7 jillandjack.be: default._domainkey.jillandjack.be => pass TESTING#8 kis.be: default._domainkey.kis.be => pass TESTING#9 kl6.be: default._domainkey.kl6.be => pass TESTING#10 presscar.link: default._domainkey.presscar.link => pass TESTING#11 sparx-automotive.be: default._domainkey.sparx-automotive.be => pass TESTING#12 sparx-automotive.com: default._domainkey.sparx-automotive.com => pass TESTING#13 sparx-competition.be: default._domainkey.sparx-competition.be => pass TESTING#14 sparxandcoffee.be: default._domainkey.sparxandcoffee.be => pass TESTING#15 sparxandcoffee.com: default._domainkey.sparxandcoffee.com => pass TESTING#16 textwallet.org: default._domainkey.textwallet.org => pass TESTING#17 thebowtieboys.be: default._domainkey.thebowtieboys.be => pass TESTING#18 xpandity.com: default._domainkey.xpandity.com => pass
Amavis is doing the dkim signing, so when the key in amavis is correct and the key in dns is correct, then your dkim signing must work correctly. Which system reports that dkim is not correct and is it possible that the affected emails are e.g. forwarded, which cause dkim errors as well.
Ok, so it might be simply a problem of that dkim test website and not in your dkim signing process. Do you experience problems when you e.g. send a message to someone with a Gmail or outlook.com account?
Okay, I found the problem. Seems that mails I sent from my service running on the same server don't get signed and other mails do. Any idea why?
How do you send these emails? It might be necessary that you send them by SMTP and take care to use the right sender address.
Do you have a relayhost configured? Some of them remove dkim signing. In some configurations, "mynetworks" is accepted and not sent to amavis before sending out. Do you use "submission" port (587) for all applications and does transport "submission" in /etc/postfix/master.cf have option "content_filter=" See: https://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim-mail-flow on different flows, which could lead to some mails being sent to amavis, others not
