DKIM only passes for one domain on VPS

Phuturist

Verified User
Joined
Dec 30, 2018
Messages
28
I have a VPS with CentOS7 and DirectAdmin and followed the DKIM install guide here. This generated the public and private key files in all domains under /etc/virtual/<<domainname>> and added the x._domainkey DNS records for all domains. I'm not sure if this should be the case but the keys are equal for all domains. As far as I understand that is how it is supposed to work on the same DirectAdmin install.

But it does not completely work. While testing it turns out DKIM only passes for one domainname but not for all others which have been added under the same DirectAdmin install. All domainnames have been setup equal with the correct DNS records and I can see the public and private keys under /etc/virtual/. I have tried several tools for checking DKIM but they dont really point me in the right direction. I'm hoping someone here can point me in the right direction though. Below are two message send from the server to gmail. One from the passing domain and one from a non-passing domain.

PASSED
Code:
Delivered-To: [email protected]
Received: by 2002:a02:ce91:0:0:0:0:0 with SMTP id y17csp2268787jaq;
        Thu, 20 Jun 2019 11:43:43 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyHWv1IyFDou2UEbJDsI9lCO3ZPlvpivf+SDaxLWu/cMEnb84nA/g1V1peehYrxE8GyMn2W
X-Received: by 2002:adf:df10:: with SMTP id y16mr5120122wrl.302.1561056223289;
        Thu, 20 Jun 2019 11:43:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1561056223; cv=none;
        d=google.com; s=arc-20160816;
        b=YGthbOIVg+Q8cdwD4QfD7hee1lXwGlZArgn6KWWoVadp7hpYSHEycZuQAW6+WqNLCF
         G9h/1i5sSqO/grOs0Bus95lfwrjL4dt+PkcsutD6TcFntRK9mZPSiWWxdYwPys67wUOD
         bUHqp5JACm/9qEteyJZ64NizIugYvXvZtvaEK2jBVkuP2GUIiF8I/shwYVL1Xx2nWTzm
         xzXQ9U1LaBS1vyHD2PehKIDZ6dnB+PErHwH0HK9811yEcZJiHtlGvfomFiNZKBUZix/c
         jUcc0Cr1E6DMs/b6+tftYe6ZjgJZ1ZK4Z7KvxuVXd1gC34TiaQ9vOsYyBD6R1mH0p3ue
         N/ig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:message-id:organization:subject:to:from:date
         :mime-version:dkim-signature;
        bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;
        b=T9/ZKb6Gf4vnAsVi7s9pAxnrwAHu8FiIPnQXoq/3+CYXvfxhqJLC9NUr4H1shrsHci
         Tlzjpa0xomErl9bqHg/jNfkB2MQTD891U50F3UQqyCd4hGSW4t2qoEEphanaLOGCeb8q
         y82B6nFlTlofbCCgyJT/m2NBtZd3mS9B5ePiE1uAAwTzSxmftAHgJy+QIyy/ARB1OU3j
         DZj8L4hZDSy2MGDHtcOXCSPSlKzdcDWGQSVYnQOmLxtZceAb6VlmKunO2SBar6pW317b
         iDsUx4YCzT3aXeBA+hXoFXavnvIbEF7V67oJH5Da5rZqQjq2GMkpiVvK4tHfc672aBGl
         oUGw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass [email protected] header.s=x header.b=FI2O1Fs2;
       spf=pass (google.com: domain of [email protected] designates 212.237.233.121 as permitted sender) [email protected];
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=solidewebservices.com
Return-Path: <[email protected]>
Received: from 14a8e.k.time4vps.cloud (14a8e.k.time4vps.cloud. [212.237.233.121])
        by mx.google.com with ESMTPS id h6si320983wrh.198.2019.06.20.11.43.42
        for <[email protected]>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 20 Jun 2019 11:43:42 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 212.237.233.121 as permitted sender) client-ip=212.237.233.121;
Authentication-Results: mx.google.com;
       dkim=pass [email protected] header.s=x header.b=FI2O1Fs2;
       spf=pass (google.com: domain of [email protected] designates 212.237.233.121 as permitted sender) [email protected];
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=solidewebservices.com
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=solidewebservices.com; s=x; h=Message-ID:Subject:To:From:Date:MIME-Version: Sender:Reply-To:Cc:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=; b=FI2O1Fs2n3AJn8+tZNq98+ij7X AwzN0C9MEbz/+Ie9cF1GjJwlWJBmMIt9hSnGsqOIvY9tDh5+lO+hYQ30azEcUoVltTIKAXKzJLEkQ BlNOxRi5kiqoRQsa2Nz1hAuSuI3B+ON1/brd9hhi6qWEbbAOm71K5OjT1AUU09tlOwSuStwPQTyf/ dHNkFsxS8FdVIZGC5x5AZEgxvbR3I6AB46/e6tykWAagbb3JvhVlZp1d1/rQpiac3OaISc9oz4bSs 6Xmp9QqiuQ0NZ8gOVNmTqzQKkbY6Rp6PhJFpmUhMG6Jfok1+Htt//TNT4/08VCpWaGVnuVs+kxx1j UpYemNIw==;
Received: from localhost ([127.0.0.1] helo=14a8e.k.time4vps.cloud) by 14a8e.k.time4vps.cloud with esmtpa (Exim 4.92) (envelope-from <[email protected]>) id 1he22A-0002dZ-Dl for [email protected]; Thu, 20 Jun 2019 20:43:42 +0200
MIME-Version: 1.0
Date: Thu, 20 Jun 2019 20:43:42 +0200
From: Solide Webservices <[email protected]>
To: [email protected]
Subject: test
Organization: Solide Webservices
Message-ID: <[email protected]>
X-Sender: [email protected]
User-Agent: Roundcube Webmail/1.3.9
X-Authenticated-Id: [email protected]

NOT PASSED
Code:
Delivered-To: [email protected]
Received: by 2002:a02:ce91:0:0:0:0:0 with SMTP id y17csp2343515jaq;
        Thu, 20 Jun 2019 13:10:53 -0700 (PDT)
X-Google-Smtp-Source: APXvYqz+fIS4qGLW+hrfdsjyrObjYJbYiY/aeD1AeuV1QVj4UdQmLRuwTy3MrSQ9r5vN3t0qCSLn
X-Received: by 2002:a5d:4703:: with SMTP id y3mr34728943wrq.35.1561061453625;
        Thu, 20 Jun 2019 13:10:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1561061453; cv=none;
        d=google.com; s=arc-20160816;
        b=FFDByHJnnHPgtnFoMi/1dA0/05Hg7kRgcWoHh40n/XgkimjHJwmiebPm5vkBuH+F+j
         nH7DcAvwWJtYtAGkN/oDoHxhef4Nps0NqRHG+ib4l5ewcE+iLjW7U/pPyZQs05iYyyWJ
         LmOtYjUXSBKxyKqTKetuItHTeKZ9HKS39+Wl1EpCoLQ/lT+imwhQGWxO0pvyYXwBXkvM
         ebYl8et1W1BCScdgO0wSbSbIuuRJJtfRV4NY6UfUICTFXHkOJYGJ3ml/EVVhGecxhID4
         gPPgdh0XEj93Qq89ywbSRmEni+HzKIz9+bzLu30Bv6QpH7VxjRZzuhg5KnoAY6NJqev2
         eoEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:message-id:subject:to:from:date:mime-version
         :dkim-signature;
        bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;
        b=hkvw342b7xF58oUmSGPkjH7SgSQ3LwQJCzdRYOMc/UHhUpbR4qfwqXthn91pgoKpCQ
         h6MHNQloNkVWc27BfU5gbqTB19HJMqxtXh4xVFsplY1OItm+zAmIuVgn2yX7mnBs9hvE
         +xverurh7q2K7n4Slg9bszBnU1yFRqn+njfVYcWqiPi4Zp8YItavWQEa2Z9xWwkuA8Zy
         3WylUZK3e1weYNPskawQ0FaqYbYA0/XRa8FBqU8FwyWlL/F9J1npd8+Gg8JnNi+NVjgm
         0OiNRIf3nzXw//VS8eNOK0FpPNRxvt3aTLX1IX3p3EtSVbpc7kBkkRmO/ROrml7uoIL0
         tTBg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail [email protected] header.s=x header.b=P4Jz89OE;
       spf=pass (google.com: domain of [email protected] designates 212.237.233.121 as permitted sender) [email protected];
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=jelger-en-leonie.info
Return-Path: <[email protected]>
Received: from 14a8e.k.time4vps.cloud (14a8e.k.time4vps.cloud. [212.237.233.121])
        by mx.google.com with ESMTPS id w13si547887wrg.9.2019.06.20.13.10.52
        for <[email protected]>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 20 Jun 2019 13:10:52 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 212.237.233.121 as permitted sender) client-ip=212.237.233.121;
Authentication-Results: mx.google.com;
       dkim=fail [email protected] header.s=x header.b=P4Jz89OE;
       spf=pass (google.com: domain of [email protected] designates 212.237.233.121 as permitted sender) [email protected];
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=jelger-en-leonie.info
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=jelger-en-leonie.info; s=x; h=Message-ID:Subject:To:From:Date:MIME-Version: Sender:Reply-To:Cc:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=; b=P4Jz89OEVU9vzqtpvenDGdbQVL ozkcUPR8qTHWFZoPvx0wlIJWUQBw9unqJNwQg9f8/2YAEJcTRGKuEyEdI5Z2WdRfNzO5JSqC8SW1u MmDpCRTqIHpQkpZYCmztswraEhQcebwGxu9Aw+0WXwqbDzmKd3qIpSCa3mAtlz2oiOkp+BMnvpL0y 2+wFgqNN/AuOE8FS5DgpvP1V47E2k96kRcwaWHutTnMh2igPz1JoYiLJNwLX8N142lC9b93DyfeHi +urWgi7eCRVGPaRLli749Q/OEIPaz1uTka9Eb30ldAuUK2U3zl7jis/IELm/W3XrL2d9eUN9/pcT0 wDGOhe3Q==;
Received: from localhost ([127.0.0.1] helo=14a8e.k.time4vps.cloud) by 14a8e.k.time4vps.cloud with esmtpa (Exim 4.92) (envelope-from <[email protected]>) id 1he3OW-0006Ji-2K for [email protected]; Thu, 20 Jun 2019 22:10:52 +0200
MIME-Version: 1.0
Date: Thu, 20 Jun 2019 22:10:52 +0200
From: "Jelger, Leonie, Midas & Isolde" <[email protected]>
To: [email protected]
Subject: test
Message-ID: <[email protected]>
X-Sender: [email protected]
User-Agent: Roundcube Webmail/1.3.9
X-Authenticated-Id: [email protected]
 
Last edited:
Hello,

Did you wait long enough to let DNS changes to propagate? It might take up to 24 hours. I see the both domains have x._domainkey records in DNS.

and public keys even if they look similar in the beginning and in the end of a string, have different values, you can see the middle part of their strings.
 
Hello,

Did you wait long enough to let DNS changes to propagate? It might take up to 24 hours. I see the both domains have x._domainkey records in DNS.

and public keys even if they look similar in the beginning and in the end of a string, have different values, you can see the middle part of their strings.

Yesterday I changed the DKIM key manually for all domains that did not work and also updated the DKIM DNS records for these domains to match their new keys. That is why the DNS records are now different. Manually adding a new DKIM key resulted in the DKIM also passing for these domains. This issue in itself is resolved with this action but the question remains why DirectAdmin generated a DKIM key that only works for one domain and applies that key to all exisiting and new domains. Looks like I'm stuck updating the DKIM keys and DNS record for every newly created domain. I'm glad it's working though, spent hours digging around to find the cause until I deceided to just create new keys.
 
I've never had or been reported on such an issue before. It should have been investigated when it did not work. It's hard to say what exactly went wrong now.

I've recently updated/rewritten DKIM records on one of my servers with a directadmin native tools, and all is fine here.

Used the guide: https://help.directadmin.com/item.php?id=569
 
Back
Top