What is the best practice for spf, dkim and dmarc to succeed ? I have a mailserver setup in ispconfig hostexample.com and have a few client that use mail.hostexample.com to send mails i have setup spf dmarc and dkim as follow : v=spf1 mx a ip4:xxx.xxx.xxx.2 ip4:xxx.xxx.xxx.1 a:mail.hostexample.com include:hostexample.com ~all v=DKIM1; t=s; p=[key] v=DMARC1; p=quarantine; rua=mailto:[email protected]; [email protected]; fo=0:1:d:s; aspf=s When i send emails DKIM fail for certain destinations: Yahoo : Google: Emails being rejected : Mimecast : za-smtp-inbound-1.mimecast.co.za[41.74.197.201] said: 550 DKIM Senderm Invalid - envelope rejected - amavisd-new testkey client.com: default._domainkey.client.com => pass
Send an email with the affected account to another account from you and check mail headers to see if the email is signed with DKIM. If thats's ok, check if DKIM key is correct, if the dkim key you inserted in DNS contains quotes or double-quotes, try to remove them.
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=XXXXXXX; h= subject:subject:from:from:content-language:user-agent :mime-version:date:date:message-id:content-type:content-type; s= default; t=1695897450; x=1697711851; bh=yjEPHuY7Bv0JHkjkBJvmtyVO qLnD68SZ4z07RlrvPmk=; b=NxAGvlxaTvJaN9WigiHVoGaoNdbyrTFpGLFNMJ8e 33PkYxbYrSIeqhhvuIEKsisNAP3iqCUydvK+npPczv+XBYtw2jy9miG8nEG+x3vv HkBrU74BqI/MgaesaF4fHYFiJE6aMQaPb2RnGkK0YvVhZazQT5UZJjFd6Gs/9uyC ONc= No double quotes on DKIM using ispconfig3.2.7p1 How do i test DKIM key using amavisd-new testkey if so it passes
There is double quotes in Mail Domain but not in the dns record , if i read on forum the old ispconfig use to put the double qoute in the dns dkim txt record.
Yes, there were double quotes in the dkim key itself in the past, but this affected only some external DNS systems, not ISPConfig itself. So if you use DNS from ISPConfig, then its fine anyway or if you use external DNS and you have no double quotes or quotes in the key itself (the string after p=, then that should be fine too.
If you like to manually validate the dkim signature of an email, you can e.g. try this: https://github.com/kmille/dkim-verify
I am getting the following error when running the script om my thunderbird email Code: Traceback (most recent call last): File "/home/donno/Downloads/dkim-verify-master/verify-dkim.py", line 142, in <module> body_hash = hash_body(body) File "/home/donno/Downloads/dkim-verify-master/verify-dkim.py", line 22, in hash_body canonicalized_body = body.strip().encode() + b"\r\n" AttributeError: 'list' object has no attribute 'strip' I have done a https://mxtoolbox.com/deliverability/ test everything seems fine