DKIM Signature invalid

Discussion in 'General' started by eliottha, Mar 26, 2020.

  1. eliottha

    eliottha New Member

    Hi there,

    I've setup DKIM for my mails since some time now.

    Recently I've noticed that the DKIM signature for my mails was invalid.

    0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
     0.1 DKIM_INVALID           DKIM or DK signature exists, but is not valid
    What do I have to do in order to fix this as my public key in my TXT record is valid?

  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Maybe amavis is not using that key?
    But check what key is in name service:
    host -t txt default._domainkey.yourdomain.tld.
    If you set up your DKIM with ISPConfig it should copy the DKIM key to amavis, and all just works provided you copy that key to your name service setup.
  3. eliottha

    eliottha New Member

    Thanks for your reply, Taleman however it is working in amavis the problem is that the signature is invalid

    root@localhost:~# amavisd-new testkeys
    TESTING#2 => pass
    TESTING#3 => pass
    TESTING#4 => pass
    TESTING#5 => pass
    TESTING#6 => pass
    TESTING#7 => pass
    TESTING#8 => pass
    TESTING#9 => pass
    TESTING#10 => pass
    TESTING#11 => pass
    TESTING#12 => pass
    TESTING#13 => pass
    TESTING#14 => pass
    TESTING#15 => pass
    TESTING#16 => pass
    TESTING#17 => pass
    TESTING#18 => pass
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Amavis is doing the dkim signing, so when the key in amavis is correct and the key in dns is correct, then your dkim signing must work correctly. Which system reports that dkim is not correct and is it possible that the affected emails are e.g. forwarded, which cause dkim errors as well.
  5. eliottha

    eliottha New Member indicates the problem.
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, so it might be simply a problem of that dkim test website and not in your dkim signing process. Do you experience problems when you e.g. send a message to someone with a Gmail or account?
  7. eliottha

    eliottha New Member

    Okay, I found the problem. Seems that mails I sent from my service running on the same server don't get signed and other mails do. Any idea why?
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    How do you send these emails? It might be necessary that you send them by SMTP and take care to use the right sender address.
  9. eliottha

    eliottha New Member

    I do use SMTP and authenticate correctly.
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Is the recipient an account on the same server or an external account?
  11. Steini86

    Steini86 Active Member

    Do you have a relayhost configured? Some of them remove dkim signing.

    In some configurations, "mynetworks" is accepted and not sent to amavis before sending out.
    Do you use "submission" port (587) for all applications and does transport "submission" in /etc/postfix/ have option "content_filter="

    See: on different flows, which could lead to some mails being sent to amavis, others not
    Last edited: Mar 26, 2020
  12. eliottha

    eliottha New Member

    Another account

    Yep I use port 587.
    Thanks, I'll check the link and the config.
  13. eliottha

    eliottha New Member

    Yes it does

Share This Page