Whatever I try, DKIM fails with a new install with almost default options. What I did: Installed Ubuntu 20.04 hostname set to s1.domain.com disabled ipv6 in sysctl setup DNS on Cloudflare + reverse DNS for srv1.domain.com at vps provider did apt-get update and upgrade + reboot After that I installed ISPConfig using https://www.howtoforge.com/tutorial...l-pureftpd-bind-postfix-doveot-and-ispconfig/ I followed the instructions step by step, with exception of rkhunt, Mailman, quota quotatool, Vlogger, Webalizer, AWStats and GoAccess, Roundcube Webmail After that I used the Ispconfig script with default options In the webinterface I -made a client -added email domain: domain.com, + enable DKIM, selector s1, generated key. Looking at the length of the key it is a 2048 bits key, while in System -> Server Config -> Mail -> DKIM strength 1024 is specified. Later I tested, and it seems that ISPConfig makes a 2048 bit key for the first time, even when a 1024 key is specified in the config. I made mailbox In the logfile I found the error: amavis[1237]: (!)Net::Server: 2021/01/23-12:31:08 Can't connect to TCP port 10024 on ::1 [Cannot assign requested address]\n at line 64 in file /usr/share/perl5/Net/Server/Proto/TCP.pm For some reason Amavis is installed with IPv6 on a system with only IPv4, and also does not work without IPv6. Adding $inet_socket_bind = '127.0.0.1'; to amavis 50-user solved he problem. When I send emails gmail and mail-tester.com say that the DKIM key is invalid. gmail.com: DKIM: 'FAIL' with domain domain.com Authentication-Results: mx.google.com; dkim=fail [email protected] header.s=s1 header.b=e1CVKKcJ; spf=pass (google.com: domain of [email protected] designates 51.xx.xxx.xxx as permitted sender) [email protected]; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=domain.com Received: from localhost (localhost [127.0.0.1]) by s1.domain.com (Postfix) with ESMTP id 1214440275 for <[email protected]>; Sat, 23 Jan 2021 13:23:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= domain.com; h=content-language:x-mailer:content-type :content-type:mime-version:message-id:date:date:subject:subject :from:from; s=s1; t=1611408183; x=1613222584; bh=It/YR3VIfVp9mqq DufJ8AjuQpL7jN2iF620LT0VEDdY=; b=e1CVKKcJLyFroAvGdPPZ6u2pzHpH7V+ 1vuDHOzakgmQ2ifSW0Tyq48BGsgPem+T0D0Jf4q/Hx/bVJxTc1j1Afga0N3BVTCk TLey/Y5YI6ztSepgvvVCKeDogpg/1bgzjqaSA2MZzsK4XPSxdVr9gaJjMsteKUkc t2iFs8KCWEM0yTne9Gete6rmZEZr02ygTVNjPCtLNFif3bZOzaZBHXb9MzrOpwDa aayzt24uX0uItOILc2qJEZglG30UM+PYZjMKn6rCgYIT91FAnE9OBibsDsLaM8YS LL4e5OlrRxDFdyWnl6VbrfiDjGx4+Cn3cJAQJDrdVAFrGktSNRuubyw== X-Virus-Scanned: Debian amavisd-new at s1.domain.com mail-tester.com says: Your DKIM signature is not valid The DKIM signature of your message is: v=1; a=rsa-sha256; c=relaxed/simple; d=domain.com; h=content-type:content-type:mime-version:reply-to:from:from:subject:subject:date:date:message-id; s=s1; t=1611406700; x=1613221101; bh=l0WD79CR6ilvWsK/h7nxBZbxArH1g6nQ13AML1kcveU=; b=iXRC3uNhpfNTrASRtDgrAhvF0t9qLWhBkeMHxLjZ7+AxulYP8YrA96eP02GMmUcr7ntweTntVzjg7usXAOFJpY2AEyZigcXxZh5KQT4xNO2ZB0D4XDmtlp9lflGOQ+7VYfXrL8M/QTSqCpBmJ0LSLI0i+khlo7H8AQTyAVjdU1V5sxSbxN153ZfbrlXXwDrvfZ6ZOAFqYtfeBEEbDXOliKBfNcHWcVqi13OsVJMRHxHXYXJBTo37FCwSc9mMX6fA88Ot7T86t5gU7vVnSOSABmLxBtStLI8h65ilFRaHCve7a5wuDUzB4MXU21mkCtrnxwbJV6FPylZWL15Ai/OXFw== Your public key is: "v=DKIM1; t=s; p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqtHCiVUy28aZti7rm+9RoXEYcpr0PcghoDuxqU+CpAPNszS7NgXtw4zh+LQKy9oO2CRbrXPMvoYaUkJqy8yRdYX4LuVvv+yUip6uU11ijK/OqFxhhnGJG9RUxU8Nxmrh5xX8mbj7IET5\"\"NGt8i562/xQOj2GQSlAvwcnILoQ87sVmzTGw/XaH8iwzVzo9OUfVdsJxVeMZpPou6VYSnQBAwdgH0CEmQeerHcmhli+6lDAhYSyDtB/xIE58hITchA7IhT7UyuwxEfUjna6ookTe0AiLBzo0xe5ChnByFQv13q/HZypn0jdbxPQQp1N/e5Bam8eREmjrwKx6OdBjJfpE\"\"cSzZyvDSv1ptdfzUMNcBuyYisCP64Eo+kxlNB8ebDk/bBVkUwDRbY+q9CouGmxHCu/ulg8A+wSu+ZlUrBP21E2Nzc7Yh2TyCb/csjb10jBRoLgg5yXQC/2L6QYaXtX6u8DPF6xls87tOKkDEgTrMC1EJoZpwfDuEXVkpArz7e7UCSRYPfTzO/vO9EJ21Ymm7g9lP4J4E\"\"fWfX4Jg/nhx8B631M9YdnhDoALyZSx/ZV9w+IZ6uYCzMb8cEDEd4/iFK6bPT6jchqB8E0YOePyqPcrrbl8oXbV7Xe6V9i+NuPR1oiTM3ljoy7yaGUXZJlqzdae4mdrzsnGw6xeKQujOFYy0CAwEAAQ==" https://protodave.com/tools/dkim-key-checker/ : DNS QUERY: s1._domainkey.domain.com QUERY STATUS: Success TXT RECORD: "v=DKIM1; t=s; p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqtHCiVUy28aZti7rm+9RoXEYcpr0PcghoDuxqU+CpAPNszS7NgXtw4zh+LQKy9oO2CRbrXPMvoYaUkJqy8yRdYX4LuVvv+yUip6uU11ijK/OqFxhhnGJG9RUxU8Nxmrh5xX8mbj7IET5\"\"NGt8i562/xQOj2GQSlAvwcnILoQ87sVmzTGw/XaH8iwzVzo9OUfVd" "sJxVeMZpPou6VYSnQBAwdgH0CEmQeerHcmhli+6lDAhYSyDtB/xIE58hITchA7IhT7UyuwxEfUjna6ookTe0AiLBzo0xe5ChnByFQv13q/HZypn0jdbxPQQp1N/e5Bam8eREmjrwKx6OdBjJfpE\"\"cSzZyvDSv1ptdfzUMNcBuyYisCP64Eo+kxlNB8ebDk/bBVkUwDRbY+q9CouGmxHCu/ulg8A+wSu+ZlUrBP21E2Nzc7Yh2TyCb/csjb10jB" "RoLgg5yXQC/2L6QYaXtX6u8DPF6xls87tOKkDEgTrMC1EJoZpwfDuEXVkpArz7e7UCSRYPfTzO/vO9EJ21Ymm7g9lP4J4E\"\"fWfX4Jg/nhx8B631M9YdnhDoALyZSx/ZV9w+IZ6uYCzMb8cEDEd4/iFK6bPT6jchqB8E0YOePyqPcrrbl8oXbV7Xe6V9i+NuPR1oiTM3ljoy7yaGUXZJlqzdae4mdrzsnGw6xeKQujOFYy0CAwEAAQ==" KEY LENGTH (BITS): 4096 VERSION: DKIM1 KEY TYPE: GRANULARITY: HASHES: SERVICE TYPE: FLAGS: s NOTES: PUBLIC KEY: -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqtHCiVUy28aZti7rm+9R oXEYcpr0PcghoDuxqU+CpAPNszS7NgXtw4zh+LQKy9oO2CRbrXPMvoYaUkJqy8yR dYX4LuVvv+yUip6uU11ijK/OqFxhhnGJG9RUxU8Nxmrh5xX8mbj7IET5NGt8i562 /xQOj2GQSlAvwcnILoQ87sVmzTGw/XaH8iwzVzo9OUfVdsJxVeMZpPou6VYSnQBA wdgH0CEmQeerHcmhli+6lDAhYSyDtB/xIE58hITchA7IhT7UyuwxEfUjna6ookTe 0AiLBzo0xe5ChnByFQv13q/HZypn0jdbxPQQp1N/e5Bam8eREmjrwKx6OdBjJfpE cSzZyvDSv1ptdfzUMNcBuyYisCP64Eo+kxlNB8ebDk/bBVkUwDRbY+q9CouGmxHC u/ulg8A+wSu+ZlUrBP21E2Nzc7Yh2TyCb/csjb10jBRoLgg5yXQC/2L6QYaXtX6u 8DPF6xls87tOKkDEgTrMC1EJoZpwfDuEXVkpArz7e7UCSRYPfTzO/vO9EJ21Ymm7 g9lP4J4EfWfX4Jg/nhx8B631M9YdnhDoALyZSx/ZV9w+IZ6uYCzMb8cEDEd4/iFK 6bPT6jchqB8E0YOePyqPcrrbl8oXbV7Xe6V9i+NuPR1oiTM3ljoy7yaGUXZJlqzd ae4mdrzsnGw6xeKQujOFYy0CAwEAAQ== -----END PUBLIC KEY----- I spend hours googling, trying to find a solution for the DKIM Fail problem. I tried many things. Tried to generate new keys in the webinterface (above example is with a 4096 bits key), but nothing helped. The above is from a OVH VPS, but I tried the same on Hetzner and Vultr, and every time I get exactly the same problems. I am surprised, because this problem is reproducible easily on mainstream VPS'es, so others should get the same problem. Does anyone have any idea how to fix this?
So you generate the DKIM key in ISPConfig panel? I guess copying it to your name service caused error here: Code: fpE\"\"cSz Those " should be real quotation marks and have a space separating them. My signature has link to e-mail setup Tutorial that also tells how to set up DKIM and how to troubleshoot.
Thank you very much! I did not realize that I could make a mistake copying the DKIM code. The solution was deleting all "", not only the ones in the beginning and end of the string, but also in the middle and replace them with a space. So s9Uhey""o8otZOY Must be copied as s9Uhey o8otZOY Now I feel stupid. This took me half a day
