Solved DKIM enabled but not active

[Anne]

Hi,

I've installed DKIM like described: https://help.directadmin.com/item.php?id=569

At first I could not find the button to enable DKIM, but after a restart of Exim and Directadmin it was there. Maybe a logout/login would have worked too, I don't know.

So then I hit the button and now it say the DKIM is enabled. I copied the key from the internal DNS to the external DNS. But the DKIM seems not to work. When I use a mail tester, it simply tells me it is not DKIM signed.

What should I check to know what could be the issue?

I've checked etc/exim.dkim.conf, it's there. Also in etc/virtuals/domain there is a dkim.private.key and a dkim.public.key. Seems all fine?

update: ok i found an error in the exim main log:

failed to expand dkim_domain: unknown lookup type "lsearch,ret=key"

But I'm not sure how to fix this. Found this topic about an incompatible config, but it don't tell how to fix it.

Error in exim.dkim.conf?

Hello! After a update with CB email didn't got signed with DKIM anymore. So the search begon.. In SMTP Out from a domain name i was sending a email from, i found the following error: failed to expand dkim_domain: unknown lookup type "lsearch,ret=key" So i went to exim.dkim.conf and found...

forum.directadmin.com

Must be something simple, but I don't know this?

 

[factor]

If you see the txt entry in DNS in da in the zone file. It should be fine. It can take up to 24 hrs for DNS records to propagate. If you dig your zone on you computer does it return?

Also every time you add or change something in the DirectAdmin.conf you have to cycle the DirectAdmin service

 

[Anne]

Thanks Brent,

Indeed it is as you write. Also I did restart DA again. But the error remains:

failed to expand dkim_domain: unknown lookup type "lsearch,ret=key"

 

[factor]

Looks like you might have old or custom version of exim.conf?

You might run this in ssh. If you dont think you have custom config.

cd /usr/local/directadmin/custombuild
./build set_fastest
./build clean
./build update
./build set eximconf yes
./build set eximconf_release 4.5
./build set exim yes
./build exim
./build set dovecot_conf yes
./build dovecot_conf
./build update
./build exim_conf

 

[ikkeben]

Also
Test in External DNS ( look there and in dns testtools online) or it is right there, sometimes keys are to long for those , and need a kind of extra handling sort of "linebreak"

 

[Anne]

Hi Ikkebemn, thanks, DNS seems to be fine, but I understand what you mean.

Brent,
I see, so the configuration needs to be reset. I don't have custom config I believe.

Ok, I've executed the command. When I paste it, all is executed except the last line "./build exim_conf" but when I hit enter again, it is also executed.

Did a couple of Exim restarts. But the error remains the same:

failed to expand dkim_domain: unknown lookup type "lsearch,ret=key"

Update:

So I'm checking out my exim.dkim.conf:

#1.6
dkim_domain = ${if eq{$sender_address_domain}{}{$primary_hostname}{${lookup{$sender_address_domain}lsearch,ret=key{/etc/virtual/domainowners}{$value}}}}
dkim_selector = x
dkim_private_key = ${if exists{/etc/virtual/$dkim_domain/dkim.private.key}{/etc/virtual/$dkim_domain/dkim.private.key}{0}}
dkim_canon = relaxed
dkim_strict = 0

It's going wrong on the second line with "lsearch,ret=key". I'm trying to read it, but not enough experience with exim conf to see what is wrong here.

Update 2: Not sure if it's important, but I'm running Exim 4.92.

 

[factor]

Exim 4.92

yes its old and eol for a while now. You should be on 4.94 or 4.93 at the least. 4.92 has cves I believe.

you wouldn't want with 4.92.

./build set eximconf_release 4.5

Any reason for running old software? What is you OS and version maybe you need more than exim upgrade?

If you run ./build exim
it should have upgrade you to the latest unless you have it blocked in Version.txt

like here https://forum.directadmin.com/threads/error-in-exim-dkim-conf.61766/#post-326417

 

[Anne]

Wait a minute, you are right! This was indeed the case in the custom_versions.txt. I did this because 4.94 gives a lot of troubles, just as described here: https://forum.directadmin.com/threa...entos7-exim-problem-after-some-minutes.61624/
So I reverted back to 4.92 then.

But never checked if they fixed it and forgot about it. This was the reason it never came up again in my Custombuild. Thanks learned something extra too.

Ok, so I did the update again and installed 4.94. Guess what, it works!

Such a relief, very happy with this. Thanks Brent, I owe you one more drink again, it's starting to add up ?

 

[factor]

Wait a minute, you are right!

Sometimes...

the case in the custom_versions.txt

yep as i suspected

Thanks learned something extra too.

Its all day every day we never stop learning..
Feel free to hit the like button and mark the thread as solved

 

[Kal]

Yeah, I ran into the same issues with Exim 4.93.0.4. I think it might be caused by a bug in DA where exim_dkim_conf gets updated to version 1.6 even when you have it set to 1.5 in /usr/local/directadmin/custombuild/custom_versions.txt.

Thankfully, the Exim team have finally updated poor old Exim 4.94 (released on 1 Jun 2020) to 4.94.1 and now 4.94.2 as of April 30. Let's hope that has fixed all the issues.

 

[factor]

/usr/local/directadmin/custombuild/custom_versions.txt.

I think versions_text is for Applications not confs.

 

[Kal]

I think versions_text is for Applications not confs.

No, if you have a look at the DirectAdmin GUI (Custom Build > Customize Versions) you'll find config files among the list of things you can add. Makes sense, because there's not much point staying with an old version of Exim if the config files are still getting updated.

I reported the bug to the devs and they have acknowledged it.