dkim not working for Server's Hostname

[zwerfkat]

Hi,

On my server dkim is enabled for all DirectAdmin domains and this is working fine. However, when sending an email directly from my Server's Hostname like:

echo "This is a test." | mail -s Testing [email protected]

the message is being sent from my servers hostname server.domain.com but dkim is not applied. I checked /etc/virtual/server.domain.com/ and here DirectAdmin has generated file dkim.private.key which is, by the way, the same as the private key for domain.com

But why are the emails sent from my Server's Hostname not dkim signed? Any hints?

 

[Richard G]

Like you say, your domain name has DKIM, your hostname has not.
You probably have a seperate DNS entry for your hostname. If you generate a DKIM key there, then also your hostname's mails should signed of all is well.
You have checked in /etc/virtual but also check in the DNS manager in DA itself if the key is present with the hostname.

 

[Richard G]

If that does not work, run these two commands exactly as shown, do not change anything (so do not put in your real hostname). Found this in another post from Zeiter:

cd /usr/local/directadmin/scripts
./dkim_create.sh $(hostname -f)

 

[zwerfkat]

Richard G Thanks for your reply. I used the two commands, now a new private key AND a public key has been generated at /etc/virtual/server.domain.com/. But emails sent from [email protected] are still not signed with dkim.

Looking at exim.dkim.conf, it is looking into file /etc/virtual/domainowners. Here, server.domain.com is NOT listed. Because I cannot create a new user in DirectAdmin for server.domain.com because it is already used as Server's Hostname. So perhaps I should give it a try to just add server.domain.com with a dummy user name to the domainowners file?

 

[zwerfkat]

or perhaps I should add a new user by using:

cd /usr/local/directadmin/scripts
./fix_da_user.sh server user server.domain.com

 

[zwerfkat]

Just gave it a try by adding server.domain.com to file /etc/virtual/domainowners and now the email IS finally signed with dkim! But most likely this file domainowners will be overwritten when making dkim changes or adding a new domain in DirectAdmin. So guess I will need to add a user by running ./fix_da_user.sh server user server.domain.com .

 

[zwerfkat]

Well, finally added a new user by running fix_da_user.sh server user server.domain.com. Then I added a new test user in DirectAdmin, its domain has been added to file domainowners and luckily domain server.domain.com is NOT being removed from this file so everything is working okay now!

 

[Richard G]

I'm just back at home and reading what you have tested. I don't know of you should have done the last part.
Normally I know the hostname should be in /etc/virtual but not in the domainowners file.

So it might not be really working as designed. Because normally one should not have to create a user for the hostname. I wonder what's going on.

 

[Richard G]

Yep, I'm correct I think, check this:

https://help.directadmin.com/item.php?id=16

it says:

3) The hostname must *not* be in the /etc/virtual/domainowners file.

I tested myself and indeed those mails to not get dkim signed, in spite of the fact that the hostname has a DKIM record.
Let's call in some more eyes.
@bdacus01 What are we missing here? I have for example dkim=1 in directadmin.conf and also had run the DKIM commands for the hostname (long time ago but today again just to be sure).

DKIM keys are generated in /etc/virtual/server.domain.com/ and also in /var/named/server.domain.com.db so why isn't Exim using them?

 

[factor]

This?
From the feature

Version 1.38.0 | Directadmin Docs

DirectAdmin Knowledge Base

www.directadmin.com

Note, emails generated on the hostname (like apache/php scripts) will probably need you to run: ./dkim_create.sh server.hostname.com and add the dkim TXT records gets added to the dns manually based on /etc/virtual/server.hostname.com/dkim.public.key. It takes out the ---- lines and all newline characters when adding it to dns.

Also this as well maybe relates.

https://help.directadmin.com/item.php?id=257

 

[Richard G]

From the feature

No because the first line there says:

For current installs, use this more modern guide here: http://help.directadmin.com/item.php?id=569

which already was done. I've got dkim=1 as stated.

What you said to run, I already stated that we run that command, stated in post #3 which is in fact the same. But also tried with hostname, the dkim keys are present in /etc/virtual/hostname as stated, so it should be fine.

The last relating link is not current anymore. The line "no_local_from_check" is now replaced by:
"local_from_check = false" and just like the "untrusted_set_sender - *" setting already correctly present in the newer spamblocker exim.conf files. So that is also no cause of the issue.

Now I'm really getting curious. Maybe @zEitEr has a clue why Dkim is not working this way on hostname? Or is it just the way we are testing it which is causing the issue?

 

[Amplificator]

I've set everything according to the guide, but I'm having an issue where the message is not actually signed.
The TXT record is set up and everything appears to be alright, but the message is just not signed.

Even if I disable and re-enable DKIM in DA it doesn't seem to work.

Are more steps required?

 

[factor]

I've set everything according to the guide, but I'm having an issue where the message is not actually signed.
The TXT record is set up and everything appears to be alright, but the message is just not signed.

Even if I disable and re-enable DKIM in DA it doesn't seem to work.

Are more steps required?

so you did all of this?

https://help.directadmin.com/item.php?id=569

I assume your email is local delivery not through an external provider?

 

[Amplificator]

I use mailchannels for outbound filtering but they should still validate without any issue, to my knowledge?

 

[factor]

I use mailchannels for outbound filtering but they should still validate without any issue, to my knowledge?

Are they actually sending the mail or is DA

example
mail da > user
^^^^
this should work with da dkim

mail da > some other server > user

If this ^^^^ you need to copy the dkim record into their software or use their dkim process

You might ask them if you need to do this with their service. when you add a 3rd party in the middle DA isn't really in control.

 

[Amplificator]

I've used their guide to set it up: https://mailchannels.zendesk.com/hc/en-us/articles/214952906-Setting-up-for-DirectAdmin

I'll ask them if I need to add their keys or something.

 

[Amplificator]

Mailchannels support say that they passthrough DKIM headers so it should be untouched.

 

[Active8]

Hmm we never generate DKIM for the host name of the servers we install , customers who are using host name to send have all passed DKIM test
Is this problem only valid for emails send from the hostname itself ?

 

[Amplificator]

It's a problem with all the domains hosted on our DA server.

 

[Active8]

I've used their guide to set it up: https://mailchannels.zendesk.com/hc/en-us/articles/214952906-Setting-up-for-DirectAdmin

I see lot of manual work there, we have never edit a single file to add DKIM

Did you try to setup DKIM as described here? : https://help.directadmin.com/item.php?id=569