Mails are not signed with DKIM

Mitch

Verified User
Joined
Apr 16, 2013
Messages
75
Hi,

I tried to sign my mails with DKIM but its not working.
I followed the install guide:
https://help.directadmin.com/item.php?id=569
Everything seems right

I checked DNS: http://dkimcore.org/tools/keycheck.html (This is a valid DKIM key record)

I tried mail-tester.com:
Code:
-1.1		DKIM_ADSP_ALL		No valid author signature, domain signs all mail
Code:
 Your message is not signed with DKIM
DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.

And I tried:
http://dkimvalidator.com
Code:
DKIM Information:

DKIM Signature

This message does not contain a DKIM Signature

Email source:
mail-tester:
Code:
Received: by mail-tester.com (Postfix, from userid 500)	id 5834E9FBA1;
	Mon, 24 Apr 2017 11:41:28 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail-tester.com
X-Spam-Level: *
X-Spam-Status: No/1.1/5.0
X-Spam-Test-Scores: DKIM_ADSP_ALL=1.1,HTML_MESSAGE=0.001,SPF_PASS=-0.001,
	T_RP_MATCHES_RCVD=-0.01
X-Spam-Last-External-IP: 000.000.000.00
X-Spam-Last-External-HELO: server.domain.com
X-Spam-Last-External-rDNS: server.domain.com
X-Spam-Date-of-Scan: Mon, 24 Apr 2017 11:41:28 +0200
X-Spam-Report: * -0.0 SPF_PASS SPF: sender matches SPF record	*  1.1
 DKIM_ADSP_ALL No valid author signature, domain signs all mail	* -0.0
 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay	*     
 domain	*  0.0 HTML_MESSAGE BODY: HTML included in message
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=000.000.000.00; helo=server.domain.com;
 [email protected]; [email protected]
DMARC-Filter: OpenDMARC Filter v1.3.1 mail-tester.com DD1079FAF3
Authentication-Results: mail-tester.com; dmarc=pass
 header.from=domain.com
Received: from server.domain.com (server.domain.com [000.000.000.00])	(using TLSv1.2
	with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))	(No client certificate requested)
	by mail-tester.com (Postfix) with ESMTPS id DD1079FAF3
	for <[email protected]>; Mon, 24 Apr 2017 11:41:23 +0200 (CEST)
Received: from [5.39.190.133] (helo=[192.168.1.100])	by server.domain.com
	with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)	(Exim 4.89)	(envelope-from <[email protected]>)
	id 1d2aUl-00083N-IP	for [email protected];
	Mon, 24 Apr 2017 11:41:23 +0200
From: Mitche <[email protected]>
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: Test voor dkim
Message-Id: <[email protected]>
Date: Mon, 24 Apr 2017 11:41:22 +0200
To: [email protected]
X-Mailer: Apple Mail (2.3273)
X-Authenticated-Id: [email protected]
Return-Path: [email protected]
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_1AD8FE85-E187-489C-8B8A-EF976488BB03"



--Apple-Mail=_1AD8FE85-E187-489C-8B8A-EF976488BB03
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

http://dkimvalidator.com:
Code:
Received: from server.domain.com (server.domain.com [149.210.154.57])
	by relay-2.us-west-2.relay-prod (Postfix) with ESMTPS id EF8FA600ED
	for <[email protected]>; Mon, 24 Apr 2017 09:47:09 +0000 (UTC)
Received: from [5.39.190.133] (helo=[192.168.1.100])
	by server.domain.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
	(Exim 4.89)
	(envelope-from <[email protected]>)
	id 1d2aaK-00088r-7h
	for [email protected]; Mon, 24 Apr 2017 11:47:08 +0200
From: Mitchel <[email protected]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: DKIM check
Message-Id: <[email protected]>
Date: Mon, 24 Apr 2017 11:47:05 +0200
To: [email protected]
X-Mailer: Apple Mail (2.3273)
X-Authenticated-Id: [email protected]

But, I don't understand why my mail server is not signing the mails with dkim..
 
Hello,

What do you see with:

Code:
ls -la /etc/virtual/[B]domain.com[/B]/dkim.*.key
?

Code:
ls -la [COLOR=#000000][FONT=&quot]/etc/exim.dkim.conf
?

Code:
grep dkim /etc/exim.conf
?[/FONT][/COLOR]
 
Hi Alex,

Code:
ls -la /etc/virtual/[B]domain.com[/B]/dkim.*.key
?

Code:
ls -la /etc/virtual/domain.com/dkim.*.key
-rw------- 1 mail mail 1679 Jan 17  2015 /etc/virtual/domain.com/dkim.private.key
-rw------- 1 mail mail  451 Jan 17  2015 /etc/virtual/domain.com/dkim.public.key

Code:
ls -la [COLOR=#000000][FONT="]/etc/exim.dkim.conf
?

Code:
ls -la /etc/exim.dkim.conf
ls: cannot access /etc/exim.dkim.conf: No such file or directory

Code:
grep dkim /etc/exim.conf
?[/FONT][/COLOR]

Code:
grep dkim /etc/exim.conf
acl_smtp_dkim = ${if ={$interface_port}{587} {accept}{acl_check_dkim}}
acl_check_dkim:
  .include_if_exists /etc/exim.easy_spam_fighter/check_dkim.conf
.include_if_exists /etc/exim.dkim.conf

****, so I miss the `/etc/exim.dkim.conf`. (weird because DKIM did work a while ago.. does the file goes away after an update?)
I downloaded it again like the manual says and it works!


Thanks Alex! :D
 
Mitch,

You're welcome. Actually no, neither directadmin nor custombuild deletes the file. I checked custombuild script:

Code:
[root@server ~]# grep /etc/exim.dkim.conf /usr/local/directadmin/custombuild/build[root@server ~]# grep exim.dkim.conf /usr/local/directadmin/custombuild/build
[root@server ~]# grep dkim.conf /usr/local/directadmin/custombuild/build
[root@server ~]# grep dkim /usr/local/directadmin/custombuild/build

and nothing found. Custombuild does not do anything to the file.

So it might be a command that you ran in a past. You might need to check console history for more clues.
 
I've had the same issue occur today. DKIM was working fine, and it stopped working after updating spamblocker, exim etc using the following commands listed on this guide:

cd /usr/local/directadmin/custombuild
./build update
./build set eximconf yes
./build set eximconf_release 4.5
./build set blockcracking yes
./build set easy_spam_fighter yes
./build set spamassassin yes
./build set exim yes
./build exim
./build set dovecot_conf yes
./build dovecot_conf
./build spamassassin
./build update
./build exim_conf

After this, my mail was no longer signed with DKIM. I had to run: the following commands (as the OP did) to get it back:
cd /etc
wget -O exim.dkim.conf http://files.directadmin.com/services/exim.dkim.conf
 
Hi,

You need to edit exim.conf.
At comment 62 (driver = smtp) add this:

Code:
dkim_domain = $sender_address_domain
   dkim_selector = x
   dkim_private_key = ${if exists{/etc/virtual/$sender_address_domain/dkim.private.key}{/etc/virtual/$sender_address_domain/dkim.private.key}{0}}
   dkim_canon = relaxed
   dkim_strict = 0

And be aware that when you update Exim you need to re-edit it again. But the above comment from user Tom is better, as it is permanent.

Kind regards, Fred
 
Last edited:
Hi Alex,

I am still learning every day. I did not have the exim.dkim.conf and that is why I always manually edited the Exim file.
Thank you for pointing to this solution.

Kind regards,
red
 
I have same issue after
cd /usr/local/directadmin/custombuild
./build update
./build set eximconf yes
./build set eximconf_release 4.5
./build set blockcracking yes
./build set easy_spam_fighter yes
./build set spamassassin yes
./build set exim yes
./build exim
./build set dovecot_conf yes
./build dovecot_conf
./build spamassassin
./build update
./build exim_conf

no longer signed with DKIM.


# ls -la /etc/virtual/domain.com/dkim.*.key
-rw-------. 1 mail mail 1675 Mar 10 12:33 /etc/virtual/domain.com/dkim.private.key
-rw-------. 1 mail mail 451 Mar 10 12:33 /etc/virtual/domain.com/dkim.public.key

# ls -la /etc/exim.dkim.conf
-rw-r--r-- 1 root root 565 Mar 13 21:41 /etc/exim.dkim.conf

# ls -la /etc/exim.dkim.conf
-rw-r--r-- 1 root root 565 Mar 13 21:41 /etc/exim.dkim.conf
[root@server custombuild]# grep dkim /etc/exim.conf

acl_smtp_dkim = ${if ={$interface_port}{587} {accept}{acl_check_dkim}}
acl_check_dkim:
.include_if_exists /etc/exim.easy_spam_fighter/check_dkim.conf
.include_if_exists /etc/exim.dkim.conf


Regards.
 
Last edited:
Same problem here. Have all dkim files present, still do not sign sending email. No idea what to do.
 
Same problem here. Have all dkim files present, still do not sign sending email. No idea what to do.

Search the sending domain in /var/log/exim/mainlog. What do you see? If DKIM is enabled and the files are present, you might see an error in the logs when exim tries to load the private key.

Another problem I've run into recently is that exim won't sign an email when the From domain uses capitalization. For example, @mxroute.com would be signed but @MXroute.com would not.
 
I'm having trouble making EXIM sign with DKIM.
The files exist, but I always get an error that it can't open the file.

2020-12-29 20:01:54 1kuPsA-0005WT-56 Tainted filename '/etc/virtual/DOMAIN/dkim.private.key'
2020-12-29 20:01:54 1kuPsA-0005WT-56 unable to open file for reading: /etc/virtual/DOMAIN/dkim.private.key

I've checked and files do exist and are owned by mail. I even tried setting files to 777...

Any ideas ?
 
I'm having trouble making EXIM sign with DKIM.
The files exist, but I always get an error that it can't open the file.

2020-12-29 20:01:54 1kuPsA-0005WT-56 Tainted filename '/etc/virtual/DOMAIN/dkim.private.key'
2020-12-29 20:01:54 1kuPsA-0005WT-56 unable to open file for reading: /etc/virtual/DOMAIN/dkim.private.key

I've checked and files do exist and are owned by mail. I even tried setting files to 777...

Any ideas ?
In a routine check of the mail logs, I discovered that on several servers we have had this same problem for a long time.

Code:
2021-01-04 08:43:01 1kwKVR-004CFn-5A Tainted filename '/etc/virtual/domain.tld/dkim.private.key'
2021-01-04 08:43:01 1kwKVR-004CFn-5A unable to open file for reading: /etc/virtual/domain.tld/dkim.private.key
Code:
[root@HOST ~]# ls -al /etc/virtual/domain.tld/dkim*
-rw------- 1 mail mail 1675 Jan 21  2016 /etc/virtual/domain.tld/dkim.private.key
-rw------- 1 mail mail  451 Jan 21  2016 /etc/virtual/domain.tld/dkim.public.key

Directadmin has nothing to say?
 
@fneves @Yoshua @redeye

Make sure this matches yours if your systems are up to date: https://paste.mxrouteapps.com/?0fbb56960b9e1ffc#6ruc9NdY5SgvrYgjULwiws9CnaSSBaMdV9qdsJB2UU7j

That's /etc/exim.dkim.conf if unclear, I included an extra line at the top showing what I'm doing to output that. The errors you experience are identical to the ones I experienced when my dkim_domain line did not match that after an exim update. Personally I have a custom transport that I needed to move that to (exim.transports.pre.conf) but I'm assuming you don't. If you do, that's where you need to update it.
 
@fneves @Yoshua @redeye

Make sure this matches yours if your systems are up to date: https://paste.mxrouteapps.com/?0fbb56960b9e1ffc#6ruc9NdY5SgvrYgjULwiws9CnaSSBaMdV9qdsJB2UU7j

That's /etc/exim.dkim.conf if unclear, I included an extra line at the top showing what I'm doing to output that. The errors you experience are identical to the ones I experienced when my dkim_domain line did not match that after an exim update. Personally I have a custom transport that I needed to move that to (exim.transports.pre.conf) but I'm assuming you don't. If you do, that's where you need to update it.
Thank you sir for the quick reply. That is working. a bit confused why the default config is not working, but I'm Happy now. :)
 
That one is not up to date.
It is by content exactly the same as version 1.6, the version 1.4 is an older version. You should have version 1.6 stated if you are up to date. This should work perfectly.

Also check if you're using the latest exim.variables.conf which should contain these 2 lines as last lines:
Code:
tls_dhparam = /etc/exim_dh.pem
tls_dh_max_bits = 4096
 
Back
Top