I noticed today Code: Authentication-Results: posti.mydomain.fi; dkim=none; dmarc=none; spf=none (posti.mydomain.fi: domain of [email protected] has no SPF policy when checking 95.217.149.111) [email protected] I tested with mail-checker.com, it said DKIM signature is there but it is invalid. Sending host uses RSPAMD. As far as I can see, SPF is there and is correct. mail-tester.com does not complain about SPF. But it does say DKIM is invalid. I noticed the sending server, which is ISPConfig 3.2.2 multiserver setup where e-mail server is separate, does not have the files Code: /var/lib/amavis//dkim/senderdomain.fi.private /var/lib/amavis//dkim/senderdomain.fi.public It may be some other domains also are missing those files, did not check properly yet. This ISPConfig setup was migrated on last Saturday to this new setup. In ISPConfig Panel I checked the senderdomain.fi did have DKIM enabled and the key and record there. I pressed Save, then the missing .private and .public files appeared in /var/lib/amavis/dkim on the e-mail server host. But mail-checker still claims the DKIM signature is invalid. Code: X-Spam-Report: * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid How can I check further? Should I have done something after migration tool to set up the DKIM again?
Note that spf records do not carry from the parent domain to subdomains; you said there is an spf record, but is that a record for 'posti.senderdomain.fi' or just for 'senderdomain.fi'? You can simply add an SPF record for 'posti' to fix that (it's good practice to add one for every hostname). DKIM is probably a related issue - ISPConfig will setup dkim signing for the domain 'senderdomain.fi' but when your message goes out from '[email protected]' the domain doesn't match, so it doesn't get signed.