Mails are not signed with DKIM

Mitch

Verified User
Joined
Apr 16, 2013
Messages
62
Hi,

I tried to sign my mails with DKIM but its not working.
I followed the install guide:
https://help.directadmin.com/item.php?id=569
Everything seems right

I checked DNS: http://dkimcore.org/tools/keycheck.html (This is a valid DKIM key record)

I tried mail-tester.com:
Code:
-1.1		DKIM_ADSP_ALL		No valid author signature, domain signs all mail
Code:
 Your message is not signed with DKIM
DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.
And I tried:
http://dkimvalidator.com
Code:
DKIM Information:

DKIM Signature

This message does not contain a DKIM Signature
Email source:
mail-tester:
Code:
Received: by mail-tester.com (Postfix, from userid 500)	id 5834E9FBA1;
	Mon, 24 Apr 2017 11:41:28 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail-tester.com
X-Spam-Level: *
X-Spam-Status: No/1.1/5.0
X-Spam-Test-Scores: DKIM_ADSP_ALL=1.1,HTML_MESSAGE=0.001,SPF_PASS=-0.001,
	T_RP_MATCHES_RCVD=-0.01
X-Spam-Last-External-IP: 000.000.000.00
X-Spam-Last-External-HELO: server.domain.com
X-Spam-Last-External-rDNS: server.domain.com
X-Spam-Date-of-Scan: Mon, 24 Apr 2017 11:41:28 +0200
X-Spam-Report: * -0.0 SPF_PASS SPF: sender matches SPF record	*  1.1
 DKIM_ADSP_ALL No valid author signature, domain signs all mail	* -0.0
 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay	*     
 domain	*  0.0 HTML_MESSAGE BODY: HTML included in message
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=000.000.000.00; helo=server.domain.com;
 envelope-from=mitchel@domain.com; receiver=web-3tgpe@mail-tester.com
DMARC-Filter: OpenDMARC Filter v1.3.1 mail-tester.com DD1079FAF3
Authentication-Results: mail-tester.com; dmarc=pass
 header.from=domain.com
Received: from server.domain.com (server.domain.com [000.000.000.00])	(using TLSv1.2
	with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))	(No client certificate requested)
	by mail-tester.com (Postfix) with ESMTPS id DD1079FAF3
	for <web-3tgpe@mail-tester.com>; Mon, 24 Apr 2017 11:41:23 +0200 (CEST)
Received: from [5.39.190.133] (helo=[192.168.1.100])	by server.domain.com
	with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)	(Exim 4.89)	(envelope-from <mitchel@domain.com>)
	id 1d2aUl-00083N-IP	for web-3tgpe@mail-tester.com;
	Mon, 24 Apr 2017 11:41:23 +0200
From: Mitche <mitchel@domain.com>
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: Test voor dkim
Message-Id: <7860DF1C-9F88-4D93-AC9E-FD0122E752C7@domain.com>
Date: Mon, 24 Apr 2017 11:41:22 +0200
To: web-3tgpe@mail-tester.com
X-Mailer: Apple Mail (2.3273)
X-Authenticated-Id: mitchel@domain.com
Return-Path: mitchel@domain.com
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_1AD8FE85-E187-489C-8B8A-EF976488BB03"



--Apple-Mail=_1AD8FE85-E187-489C-8B8A-EF976488BB03
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii
http://dkimvalidator.com:
Code:
Received: from server.domain.com (server.domain.com [149.210.154.57])
	by relay-2.us-west-2.relay-prod (Postfix) with ESMTPS id EF8FA600ED
	for <eRGksaaHauiSmK@dkimvalidator.com>; Mon, 24 Apr 2017 09:47:09 +0000 (UTC)
Received: from [5.39.190.133] (helo=[192.168.1.100])
	by server.domain.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
	(Exim 4.89)
	(envelope-from <mitchel@domain.com>)
	id 1d2aaK-00088r-7h
	for eRGksaaHauiSmK@dkimvalidator.com; Mon, 24 Apr 2017 11:47:08 +0200
From: Mitchel <mitchel@domain.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: DKIM check
Message-Id: <11EDDEA9-5C61-4138-9C85-5A05D70ECACD@domain.com>
Date: Mon, 24 Apr 2017 11:47:05 +0200
To: eRGksaaHauiSmK@dkimvalidator.com
X-Mailer: Apple Mail (2.3273)
X-Authenticated-Id: mitchel@domain.com
But, I don't understand why my mail server is not signing the mails with dkim..
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,902
Location
GMT +7.00
Hello,

What do you see with:

Code:
ls -la /etc/virtual/[B]domain.com[/B]/dkim.*.key
?

Code:
ls -la [COLOR=#000000][FONT=&quot]/etc/exim.dkim.conf
?

Code:
grep dkim /etc/exim.conf
?[/FONT][/COLOR]
 

Mitch

Verified User
Joined
Apr 16, 2013
Messages
62
Hi Alex,

Code:
ls -la /etc/virtual/[B]domain.com[/B]/dkim.*.key
?
Code:
ls -la /etc/virtual/domain.com/dkim.*.key
-rw------- 1 mail mail 1679 Jan 17  2015 /etc/virtual/domain.com/dkim.private.key
-rw------- 1 mail mail  451 Jan 17  2015 /etc/virtual/domain.com/dkim.public.key
Code:
ls -la [COLOR=#000000][FONT="]/etc/exim.dkim.conf
?
Code:
ls -la /etc/exim.dkim.conf
ls: cannot access /etc/exim.dkim.conf: No such file or directory
Code:
grep dkim /etc/exim.conf
?[/FONT][/COLOR]
Code:
grep dkim /etc/exim.conf
acl_smtp_dkim = ${if ={$interface_port}{587} {accept}{acl_check_dkim}}
acl_check_dkim:
  .include_if_exists /etc/exim.easy_spam_fighter/check_dkim.conf
.include_if_exists /etc/exim.dkim.conf
****, so I miss the `/etc/exim.dkim.conf`. (weird because DKIM did work a while ago.. does the file goes away after an update?)
I downloaded it again like the manual says and it works!


Thanks Alex! :D
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,902
Location
GMT +7.00
Mitch,

You're welcome. Actually no, neither directadmin nor custombuild deletes the file. I checked custombuild script:

Code:
[root@server ~]# grep /etc/exim.dkim.conf /usr/local/directadmin/custombuild/build[root@server ~]# grep exim.dkim.conf /usr/local/directadmin/custombuild/build
[root@server ~]# grep dkim.conf /usr/local/directadmin/custombuild/build
[root@server ~]# grep dkim /usr/local/directadmin/custombuild/build
and nothing found. Custombuild does not do anything to the file.

So it might be a command that you ran in a past. You might need to check console history for more clues.
 

Tom-

Verified User
Joined
Nov 14, 2014
Messages
21
I've had the same issue occur today. DKIM was working fine, and it stopped working after updating spamblocker, exim etc using the following commands listed on this guide:

cd /usr/local/directadmin/custombuild
./build update
./build set eximconf yes
./build set eximconf_release 4.5
./build set blockcracking yes
./build set easy_spam_fighter yes
./build set spamassassin yes
./build set exim yes
./build exim
./build set dovecot_conf yes
./build dovecot_conf
./build spamassassin
./build update
./build exim_conf

After this, my mail was no longer signed with DKIM. I had to run: the following commands (as the OP did) to get it back:
cd /etc
wget -O exim.dkim.conf http://files.directadmin.com/services/exim.dkim.conf
 

Awd

Verified User
Joined
Aug 9, 2015
Messages
316
Hi,

You need to edit exim.conf.
At comment 62 (driver = smtp) add this:

Code:
dkim_domain = $sender_address_domain
   dkim_selector = x
   dkim_private_key = ${if exists{/etc/virtual/$sender_address_domain/dkim.private.key}{/etc/virtual/$sender_address_domain/dkim.private.key}{0}}
   dkim_canon = relaxed
   dkim_strict = 0
And be aware that when you update Exim you need to re-edit it again. But the above comment from user Tom is better, as it is permanent.

Kind regards, Fred
 
Last edited:

Awd

Verified User
Joined
Aug 9, 2015
Messages
316
Hi Alex,

I am still learning every day. I did not have the exim.dkim.conf and that is why I always manually edited the Exim file.
Thank you for pointing to this solution.

Kind regards,
red
 

develop

Verified User
Joined
Jun 9, 2016
Messages
147
Location
Istanbul, TR
I have same issue after
cd /usr/local/directadmin/custombuild
./build update
./build set eximconf yes
./build set eximconf_release 4.5
./build set blockcracking yes
./build set easy_spam_fighter yes
./build set spamassassin yes
./build set exim yes
./build exim
./build set dovecot_conf yes
./build dovecot_conf
./build spamassassin
./build update
./build exim_conf

no longer signed with DKIM.


# ls -la /etc/virtual/domain.com/dkim.*.key
-rw-------. 1 mail mail 1675 Mar 10 12:33 /etc/virtual/domain.com/dkim.private.key
-rw-------. 1 mail mail 451 Mar 10 12:33 /etc/virtual/domain.com/dkim.public.key

# ls -la /etc/exim.dkim.conf
-rw-r--r-- 1 root root 565 Mar 13 21:41 /etc/exim.dkim.conf

# ls -la /etc/exim.dkim.conf
-rw-r--r-- 1 root root 565 Mar 13 21:41 /etc/exim.dkim.conf
[root@server custombuild]# grep dkim /etc/exim.conf

acl_smtp_dkim = ${if ={$interface_port}{587} {accept}{acl_check_dkim}}
acl_check_dkim:
.include_if_exists /etc/exim.easy_spam_fighter/check_dkim.conf
.include_if_exists /etc/exim.dkim.conf


Regards.
 
Last edited:
Top