Can't seem to solve DKIM fail (bad signature)

@Rvandenbussche: I was just looking at your DKIM record.
Why do you have "d=yourdomain.com\; [email protected]\; in your DKIM line in DNS?

I checked all my domains, also the domain I tested with and which passes all tests at Glockapp and none of them have those 2 in their DKIM key.
This could be what is causing your problems.

I just did a check on dkimcore.org with your domain name and see what it said:
This is not a good DKIM key record. You should fix the errors shown in red.
The red is:
Unrecognized Field d
d= yourdomain.com

'd' is not a DKIM defined field

Unrecognized Field i
i= @yourdomain.com

'i' is not a DKIM defined field

I would suggest to remove that DKIM record and let DA create you a new one again for your domain after that:
Code:
cd /usr/local/directadmin/scripts
./dkim_create.sh domain.com

Edit: I just seen that i and d should be correct fields, but still... it won't hurt to try it. Next to that I read on a Cisco page that the older DomainKeys and newer DKIM are not everywhere intepreted the correct way.
Since my mail is working correctly without both these fields, it wouldn't hurt to try, correct?

@Tazmanian79: Did you check on dkimcore.org too?
 
Last edited:
Oke, I hope there are no spaces in your dkim record, just to be sure you can check in your /var/named but I presume you already check that.
 
Oke. What if you try with the complete line?
Code:
dkim_sign_headers = to:from:subject:message-id:date:user-agent:mime-version:content-transfer-encoding
 
Oke. What if you try with the complete line?
Code:
dkim_sign_headers = to:from:subject:message-id:date:user-agent:mime-version:content-transfer-encoding

Still DKIM fail : signature did not verify.

But I think we have to debug what is different when exim send out an email by SMTP or by webmail/phpmailer.
When I send by webmail or phpmailer with same account I get DKIM PASS.
 
Last edited:
Ok, i have several domains running on a DirectAdmin server.
When i test e-mail from the firstdomain everything is fine, but with the other domain i get a DKIM and a DMARC error
Both domains use external DNS and i have checked all the DNS-record ( a million times)
DKIM gives a signing error: (DKIM-Result: temperror (no key - DNS timeout))
DMARC: _dmarc.charitasoisterwijk.nl: Non-Record
 
Seems you are missing some stuff. You dmarc record only shows:
v=DMARC1;p=none
You might want to add a RUA tag at least.

But that is probably not the cause of the error. The SPF and DKIM records look fine too.

I went looking and it seems you are missing the MX record for your domain:

Code:
dig -t MX charitasoisterwijk.nl            

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> -t MX charitasoisterwijk.nl
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56857
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;charitasoisterwijk.nl.         IN      MX

I'm sure you got one in Directadmin because it's made automatically. It should also be present in the external DNS, but probably isn't.
I also couldn't find an A record for mail.charitasoisterwijk.nl which should also be present.
 
I tried again, and now both the MX record and A record for mail are resolving.
So it seems your issues are caused by DNS timeout issues. I would contact our external DNS provider for that.

Or routing issues. My server from the Netherlands does find the MX and A record.
My server in Finland does not. The server in Germany neither.

So you might have some country blocks for DNS active or something. Anyway, you should contact your DNS host as there are clearly issues with reaching the DNS from abroad.
 
Back
Top