I'm trying to get DKIM working for 3 of the domains on my server. Two of the domains added at the Email Dialog has a "DKIM Private-Key" generated, a DNS-Record created, I can find the DKIM record automatically created in the DNS area. I've also tried the resync tool to make sure the dns and email domain records where up to date. When I looked in the ISPConfig log, I found numerous warnings: ****************************************************** 31.10.2017-11:30 - WARNING - Falsche Anfrage / Wrong QuerySQL-Query = SELECT count(syslog_id) as number FROM sys_log WHERE datalog_id = '356' AND loglevel = 2 -> 2006 (MySQL server has gone away) ****************************************************** With this at the very end of the log: 31.10.2017-12:13 - WARNING - DNSSEC ERROR: We are low on entropy. Not generating new Keys for newsxxxreader.com. Please consider installing package haveged. However, cat /proc/sys/kernel/random/entropy_avail returns 3279 (not sure if that is enough) I checked the mariadb.log and it appears be going down and restarting for some reason: ****************************************************** 71030 13:55:29 [Note] Event Scheduler: Purging the queue. 0 events 171030 13:55:29 InnoDB: Starting shutdown... 171030 13:55:33 InnoDB: Shutdown completed; log sequence number 2616683 171030 13:55:33 [Note] /usr/libexec/mysqld: Shutdown complete 171030 13:55:33 mysqld_safe mysqld from pid file /var/run/mariadb/mariadb.pid ended 171030 13:56:47 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql 171030 13:56:51 [Note] /usr/libexec/mysqld (mysqld 5.5.56-MariaDB) starting as process 1772 ... 171030 13:56:52 InnoDB: The InnoDB memory heap is disabled 171030 13:56:52 InnoDB: Mutexes and rw_locks use GCC atomic builtins 171030 13:56:52 InnoDB: Compressed tables use zlib 1.2.7 171030 13:56:52 InnoDB: Using Linux native AIO 171030 13:56:52 InnoDB: Initializing buffer pool, size = 128.0M 171030 13:56:52 InnoDB: Completed initialization of buffer pool 171030 13:56:52 InnoDB: highest supported file format is Barracuda. 171030 13:56:54 InnoDB: Waiting for the background threads to start ****************************************************** Can I change the server name from one of the domains that do have correct DNS and do a copy and paste? If not, can you give me some insight as to how to approach this problem? My system is a Centos 7, with ISPConfig 3.1.7p1, created from perfect-server-centos-7-x86_64-nginx-dovecot-ispconfig-3" tutorial. Thanks, Ray
Your server ahs net enough entropy to create Dkim keys. Install the 'haveged' softeare daemon and start it.
Neither DKIM uses haveged nor needs "more" enthropy. You problem is dnssec for your dns-zone. Disabel dnssec or install haveged
Sorry for the length of time returning to this. Sometimes seems like I'm fighting one fire to another. I checked all my sites and none are use DNSSEC. But I did install haveged. This did not solve the problem. But thanks.
I do believe my problems may be in that when I try to set my DNS records up in Godaddy for DKIM some of the information for the key is cut off.
You can set the encryption parameters under System > Server config, try to use 'DKIM strength' = weak to get a smaller key.