DKIM no signature

Hi I am using (Debian Jessie) ISPConfig 3.1.15p3. I am having trouble sending emails to Microsoft accounts like outlook.com without the emails going into junk. The server is on no blacklists and I have set up SPF TXT records, so I though I would try DKIM
I enabled it for a specific domain and put the public key into a TXT record. Interrogating the DNS works fine and returns the key under DIG as
default._domainkey.xxxxx.co.uk. 3599 IN TXT "v=DKIM1\; t=s\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmYZ/IqH0+oDjzfpZjk5WjMfmLFHoDiJQXasz3
I notice the semi-colon is escaped, perhaps this is the issue
When I run amavisd-new testkeys I get a pass, but if I send a test email to https://www.appmaildev.com/en/dkim I get DKIM no signature.
What could be wrong? TIA

 

I have the same issue. I've enabled DKIM, generated the key and added the record to my dns, but my outgoing emails are not being signed.
I'm running ispconfig 3.1.11. Ubuntu 16.04.3 LTS.


/etc/amavis/conf.d/50-user:
# DKIM
$enable_dkim_verification = 1;
$enable_dkim_signing = 1; # load DKIM signing code
$signed_header_fields{'received'} = 0; # turn off signing of Received
@dkim_signature_options_bysender_maps = (
{ '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );

Brian

 

I found a solution. I edited main.cf for postfix with this
content_filter = amavis:[127.0.0.1]:10026
#content_filter = amavis:[127.0.0.1]:10024
#receive_override_options = no_address_mappings

 

This works for me! I don't know what the implications might be, but everything seems to be working fine after making this change.
Thank you for sharing this!
Brian

 

Depends on the other configuration. See documentation: https://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim-mail-flow
It can(!) be configured like:
10024 is used for incoming mail, checking for spam/viruses, etc (no signing)
10026 is used for outgoing mail, no checks but signing

If you have no custom configuration I would do a reconfigure services from ispconfig to get a working configuration. If you have custom config, you should know what you are doing.

 

Thank you for your reply. I'm afraid I'm in between, I inherited a customized main.cf and do not know what I'm doing!

I have a similar server running ispconfig that has not been customized. I set up DKIM with a test domain and the messaages were signed. Comparing the main.cf from test server to prod, I added: check_sender_access regexp:/etc/postfix/tag_as_originating.re and check_sender_access regexp:/etc/postfix/tag_as_foreign.re to my smtpd_sender_restrictions. These were commented out of the smtp_sender_restrictions at some point!

This allowed me to set: content_filter = amavis:[127.0.0.1]:10024, and my emails are being signed with DKIM!
Looking at the content of tag_as_originating.re, it contains the line: /^/ FILTER amavis:[127.0.0.1]:10026, which makes sense.

Since I have such a customized main.cf, I better get busy on knowing what I'm doing!
Brian

 

Start with comparing to the standard ISPC file and look up in the documentation what these changes are doing. If you have only cosmetic/minor changes, revert back to the standard file as this will be overwritten with an update (when reconfiguring services). Or create your own master file to prevent overwriting from ispc. Otherwise a wrong click during an update can lead to a non-working configuration