DKIM key (1024 char long) not valid

Discussion in 'Installation/Configuration' started by Keoz, Apr 24, 2021.

  1. Keoz

    Keoz Member


    I benefit from e-mail addresses related to domain registration and MX plan subscription at OVH (my hosting provider).
    I initially relied on this tutorial to create a DKIM key in ISPConfig, but DNS record failed being validated as TXT entry in my OVH client space :

    sub-domain : default._domainkey
    TTL : 3600
    Value : v=DKIM1; t=s; p=MIGfMA0GCSqGSIb3DQEB….
    Key gets highlighted in red, and button “next“ remains deactivated !!!

    I spent last hours searching on forums (ISPConfig) the reason why this issue occures :
    I had a false hope when I understood how to get a 1024 char long DKIM key (rather than 2048), but this did not solve the issue.
    I have been reading posts upon “amavis“ file, but it is confusing to me how it relates or solve my DKIM key issue.

    If these above don’t need to be investigated further (let me know), please consider my questions below :

    /// Qs ///
    Should I report my DNS server settings in iSPConfig (addi new DNS zone) ?
    Should I create DKIM key from an external key generator ?

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    So you have an issue at OVH and not on your ISPConfig server. The fastest way to get help would have probably been if you connected OVH support and ask them why their system rejects valid DKIM keys and how to add them at their system.

    No. If you manage the zone at OVH and not in ISPConfig, then do not add this zone in ISPConfig.

    No, as there is nothing wrong with the DKIM key, it's probably an issue at OVH and not on your ISPConfig system. Try to enclose the whole v=DKIM1; t=s; p=MIGfMA0GCSqGSIb3DQEB…. in double quotes at OVH like:

    "v=DKIM1; t=s; p=MIGfMA0GCSqGSIb3DQEB…."
  3. Keoz

    Keoz Member

    Done already, but the issue has remained !
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Then contact OVH support and ask them how to add this DKIM key to their system so that it accepts the input.
  5. Keoz

    Keoz Member

    /// SOLVED ///
    I was going wrong because of copying the DKIM DNS-Record instead of the DKIM Private-key in the “value“ field for TXT entry (DNS Zone at OVH).

    /// Q1 ///
    However, what is common usage, best practice, or recommendation in regard of the DKIM-selector, let it set to “default“ or rename it ?

    /// PRIVATE KEY ///
    In some example found over the web
    , I noticed that when generated the DKIM Private-key string is preceded with "k=rsa; p“, but this is not the case when generated from ISPConfig. And with or without such this string completion The the DKIM Private-key is accepted in “value“ field for TXT entry.

    /// Q2 ///
    Would you or not recommend to put "k=rsa; p“ in front of DKIM Private-key string to entered in the “value“ field ?

  6. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    You publish the public key in dns, the private key is what your mail server signs the mail with. I have no idea what format OVH requires, contact them regarding that.

    As for a selector, it doesn't really matter, unless you have multiple places (servers or services) signing your mail, then each would need to use a different selector (or share the same private key, I suppose).
  7. Keoz

    Keoz Member

    Understood, thanks

Share This Page