Problem with using DKIM

[toml]

I think your problem has to do with how your DKIM string is added to your named file. I remember running into this issue about a year ago and was racking my brain trying to remember what it was that I did to make it appear valid everywhere. The problem was that the string in the named file was too long, I had to break it up so that I actually have 3 strings and no spaces within the quoted strings. For example your entry in the named file should look like this:

x._domainkey    14400   IN      TXT     ( "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7H56aZTAflokt6/GnoDDZ2pFp4qYy35GQV2dAszVcT5cTf1RuT5dy1NhIXi+ZwOvfIsOPn4MynbP7qC5duN62JT"
                                        "hEfo3U/JJ0zC9mqXEL35A29FmqfyPQarE5C/GzrjvX9ONl9LS5atEmlD9C35j/0aOq9HKkcnmOzDv6fB3rGXVrJToytTUgfSbbVIcfDD88E+MtRCipbjWuyJIm1anixopW0Sm+6pLr2JSypOWnYcqY"
                                        "1Pf+tFQNSa4DM79+NULhxoytSsULmfmWD40tr9PDMkK+OtQw8p6MYrKLMa0uxgT+RW/8eAh/bZvCmV5k1PIo4NdRPlgmp44n5SskiSmlQIDAQAB" )

 

[ikkeben]

IF TRANSIP ask their Support.
And post the sollution here.

1 Problem
Category Host Result
http torasko.com The remote server returned an error: (503) Server Unavailable. (http://torasko.com)

TimeStamp:
PWS3v2 4048ms

Depth: 1
ServerName: e.gtld-servers.net
ServerIP: 192.12.94.30
Authoritative: NON-AUTH
ElapsedTime: 125 ms
Result: Received 3 Referrals , rcode=NO_ERROR
Question:
Answers: torasko.com. 172800 IN NS ns1.transip.nl,torasko.com. 172800 IN NS ns0.transip.net,torasko.com. 172800 IN NS ns2.transip.eu,

TimeStamp:
Depth: 2
ServerName: ns1.transip.nl
ServerIP: 80.69.69.69
Authoritative: AUTH
ElapsedTime: 110 ms
Result: Received 3 Answers , rcode=NO_ERROR
Question:
Answers: torasko.com. 86400 IN NS ns1.transip.nl,torasko.com. 86400 IN NS ns0.transip.net,torasko.com. 86400 IN NS ns2.transip.eu,

Also the DNSSEC)

and

de websites op IPv4 en IPv6 lijken te verschillen

and

Inkomende mailserver (MX): mail.torabase.net.

Niet beveiligd met DNSSEC.

Geteste domeinnaam: torasko.com

Beveiligd met DNSSEC. Je registrar (meestal ook je DNS-beheerder) is: Key-Systems GmbH

Server is:

IP: 145.131.7.96
HELO: colonel.torabase.net
rDNS: colonel.torabase.net

Don't know is MX for all your domains on that server as you say the server mailserver then Ok for

(MX): mail.torabase.net.

??

 

[DutchLearner]

I think your problem has to do with how your DKIM string is added to your named file. I remember running into this issue about a year ago and was racking my brain trying to remember what it was that I did to make it appear valid everywhere. The problem was that the string in the named file was too long, I had to break it up so that I actually have 3 strings and no spaces within the quoted strings. For example your entry in the named file should look like this:

x._domainkey    14400   IN      TXT     ( "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7H56aZTAflokt6/GnoDDZ2pFp4qYy35GQV2dAszVcT5cTf1RuT5dy1NhIXi+ZwOvfIsOPn4MynbP7qC5duN62JT"
                                        "hEfo3U/JJ0zC9mqXEL35A29FmqfyPQarE5C/GzrjvX9ONl9LS5atEmlD9C35j/0aOq9HKkcnmOzDv6fB3rGXVrJToytTUgfSbbVIcfDD88E+MtRCipbjWuyJIm1anixopW0Sm+6pLr2JSypOWnYcqY"
                                        "1Pf+tFQNSa4DM79+NULhxoytSsULmfmWD40tr9PDMkK+OtQw8p6MYrKLMa0uxgT+RW/8eAh/bZvCmV5k1PIo4NdRPlgmp44n5SskiSmlQIDAQAB" )

Thanks for your detailed answer! I'll try this out and will report back with the results.

@ikkeben I'm afraid that's not possible. The domain is just registered at TransIP, the server is not.

 

[DutchLearner]

I think your problem has to do with how your DKIM string is added to your named file. I remember running into this issue about a year ago and was racking my brain trying to remember what it was that I did to make it appear valid everywhere. The problem was that the string in the named file was too long, I had to break it up so that I actually have 3 strings and no spaces within the quoted strings. For example your entry in the named file should look like this:

x._domainkey    14400   IN      TXT     ( "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7H56aZTAflokt6/GnoDDZ2pFp4qYy35GQV2dAszVcT5cTf1RuT5dy1NhIXi+ZwOvfIsOPn4MynbP7qC5duN62JT"
                                        "hEfo3U/JJ0zC9mqXEL35A29FmqfyPQarE5C/GzrjvX9ONl9LS5atEmlD9C35j/0aOq9HKkcnmOzDv6fB3rGXVrJToytTUgfSbbVIcfDD88E+MtRCipbjWuyJIm1anixopW0Sm+6pLr2JSypOWnYcqY"
                                        "1Pf+tFQNSa4DM79+NULhxoytSsULmfmWD40tr9PDMkK+OtQw8p6MYrKLMa0uxgT+RW/8eAh/bZvCmV5k1PIo4NdRPlgmp44n5SskiSmlQIDAQAB" )

It already seems to be like this in the file. But I believe this is the file that contains the DNS-records that are configured on the server. The DNS zone in my DirectAdmin panel is there and the DKIM is being generated there, but I just copy-paste it to the DNS zone of my provider since I'm not using my own nameservers.

[shell ~]# dig ns torasko.com +short
ns2.transip.eu.
ns1.transip.nl.
ns0.transip.net.

 

[ikkeben]

Therefore it still (and or also) could be dnssec problem

While if testing here 1 BOGUS and 1 Warning
http://dnsviz.net/d/torasko.com/dnssec/ torasko.com/TXT

RRSIG torasko.com/TXT alg 7, id 40988: The cryptographic signature of the RRSIG RR does not properly validate.

torasko.com/DNSKEY: The server responded with no OPT record, rather than with RCODE FORMERR. (37.97.255.53, 80.69.67.67, 80.69.69.69, 2a01:7c8:a::53, 2a01:7c8:b::53, 2a01:7c8:c::53, UDP_0_EDNS0_32768_512)

If you implement dnssec wrong on server then all domains configured the same way have the same problem, could be i don't know much about DNSSEC on Directadmin DNS if also running on other nameservers the dns

http://dnsviz.net/d/torasko.com/responses/ >>> I

INVALID_SIG at Responses for torasko.com/TXT

Then if only secure allowed the 503 errors also explained i think/hope.
https://www.mail-tester.com/web-3WCEKY

1 gebroken link
Controleren of je nieuwsbrief gebroken links bevat.
[408 - Request Time-out] https://www.mail-tester.com/web-b0qRQr
[503 - Service Unavailable] https://www.torasko.com
[200 - OK] http://www.crazynetwork.it

Something in BIND / Named probably i gues

If your domain is at TRANSIP you have nameserver there, why you couldn't ask them. ( they have a help info, but this is wen directadmin and server also with them for such matter) maybe same thing to do / handle to solve this.


https://www.directadmin.com/features.php?id=1525

The "install" may need you to manually add bits to your named.conf.

 

[toml]

That could be part of your problem, when I did the dig on your DKIM record, I see spaces in the quoted string, they should not be there at all. It is acceptable to have spaces separating the quoted strings. For example, here is what I see when I "dig" your DKIM:

"v=DKIM1\; k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7H56aZTAflokt6/GnoDDZ2pFp4qYy35GQV2dAszVcT5cTf1RuT5dy1NhIXi+ZwOvfIsOPn4MynbP7qC5duN62JT hEfo3U/JJ0zC9mqXEL35A29FmqfyPQarE5C/GzrjvX9ONl9LS5atEmlD9C35j/0aOq9HKkcnmOzDv6fB3rGXVrJToytTUgfSbbVIcfDD8" "8E+MtRCipbjWuyJIm1anixopW0Sm+6pLr2JSypOWnYcqY 1Pf+tFQNSa4DM79+NULhxoytSsULmfmWD40tr9PDMkK+OtQw8p6MYrKLMa0uxgT+RW/8eAh/bZvCmV5k1PIo4NdRPlgmp44n5SskiSmlQIDAQAB"

What I really should be seeing is this, note the differences of the spaces and quotes:

"v=DKIM1\; k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7H56aZTAflokt6/GnoDDZ2pFp4qYy35GQV2dAszVcT5cTf1RuT5dy1NhIXi+ZwOvfIsOPn4MynbP7qC5duN62JT" "hEfo3U/JJ0zC9mqXEL35A29FmqfyPQarE5C/GzrjvX9ONl9LS5atEmlD9C35j/0aOq9HKkcnmOzDv6fB3rGXVrJToytTUgfSbbVIcfDD88E+MtRCipbjWuyJIm1anixopW0Sm+6pLr2JSypOWnYcqY" "1Pf+tFQNSa4DM79+NULhxoytSsULmfmWD40tr9PDMkK+OtQw8p6MYrKLMa0uxgT+RW/8eAh/bZvCmV5k1PIo4NdRPlgmp44n5SskiSmlQIDAQAB"

Basically DKIM will concatenate the quoted strings and use that for openssl, since your quoted strings have spaces that throws off the whole key.

 

[DutchLearner]

That could be part of your problem, when I did the dig on your DKIM record, I see spaces in the quoted string, they should not be there at all. It is acceptable to have spaces separating the quoted strings. For example, here is what I see when I "dig" your DKIM:

"v=DKIM1\; k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7H56aZTAflokt6/GnoDDZ2pFp4qYy35GQV2dAszVcT5cTf1RuT5dy1NhIXi+ZwOvfIsOPn4MynbP7qC5duN62JT hEfo3U/JJ0zC9mqXEL35A29FmqfyPQarE5C/GzrjvX9ONl9LS5atEmlD9C35j/0aOq9HKkcnmOzDv6fB3rGXVrJToytTUgfSbbVIcfDD8" "8E+MtRCipbjWuyJIm1anixopW0Sm+6pLr2JSypOWnYcqY 1Pf+tFQNSa4DM79+NULhxoytSsULmfmWD40tr9PDMkK+OtQw8p6MYrKLMa0uxgT+RW/8eAh/bZvCmV5k1PIo4NdRPlgmp44n5SskiSmlQIDAQAB"

What I really should be seeing is this, note the differences of the spaces and quotes:

"v=DKIM1\; k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7H56aZTAflokt6/GnoDDZ2pFp4qYy35GQV2dAszVcT5cTf1RuT5dy1NhIXi+ZwOvfIsOPn4MynbP7qC5duN62JT" "hEfo3U/JJ0zC9mqXEL35A29FmqfyPQarE5C/GzrjvX9ONl9LS5atEmlD9C35j/0aOq9HKkcnmOzDv6fB3rGXVrJToytTUgfSbbVIcfDD88E+MtRCipbjWuyJIm1anixopW0Sm+6pLr2JSypOWnYcqY" "1Pf+tFQNSa4DM79+NULhxoytSsULmfmWD40tr9PDMkK+OtQw8p6MYrKLMa0uxgT+RW/8eAh/bZvCmV5k1PIo4NdRPlgmp44n5SskiSmlQIDAQAB"

Basically DKIM will concatenate the quoted strings and use that for openssl, since your quoted strings have spaces that throws off the whole key.

The record that I've copied to the DNS zone at my provider is:

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7H56aZTAflokt6/GnoDDZ2pFp4qYy35GQV2dAszVcT5cTf1RuT5dy1NhIXi+ZwOvfIsOPn4MynbP7qC5duN62JT
hEfo3U/JJ0zC9mqXEL35A29FmqfyPQarE5C/GzrjvX9ONl9LS5atEmlD9C35j/0aOq9HKkcnmOzDv6fB3rGXVrJToytTUgfSbbVIcfDD88E+MtRCipbjWuyJIm1anixopW0Sm+6pLr2JSypOWnYcqY
1Pf+tFQNSa4DM79+NULhxoytSsULmfmWD40tr9PDMkK+OtQw8p6MYrKLMa0uxgT+RW/8eAh/bZvCmV5k1PIo4NdRPlgmp44n5SskiSmlQIDAQAB"

Then when you dig it, it shows:

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7H56aZTAflokt6/GnoDDZ2pFp4qYy35GQV2dAszVcT5cTf1RuT5dy1NhIXi+ZwOvfIsOPn4MynbP7qC5duN62JT hEfo3U/JJ0zC9mqXEL35A29FmqfyPQarE5C/GzrjvX9ONl9LS5atEmlD9C35j/0aOq9HKkcnmOzDv6fB3rGXVrJToytTUgfSbbVIcfDD8" "8E+MtRCipbjWuyJIm1anixopW0Sm+6pLr2JSypOWnYcqY 1Pf+tFQNSa4DM79+NULhxoytSsULmfmWD40tr9PDMkK+OtQw8p6MYrKLMa0uxgT+RW/8eAh/bZvCmV5k1PIo4NdRPlgmp44n5SskiSmlQIDAQAB"

However, when I copy your corrected version, so with the quotes, it gives me an error that a TXt-record can only contain spaces, digits, letters en the following characters: < > : ; ' - ? ! ~ . , _ /. Am I missing something here?

 

[SeLLeRoNe]

Maybe you shouldn't put the starting and ending quote (") on your DNS provider, have you tryed that?

Regards

 

[DutchLearner]

Maybe you shouldn't put the starting and ending quote (") on your DNS provider, have you tryed that?

Regards

I've actually just tried that an hour ago. The starting and ending quotes have been removed. The result is the same, however.

 

[SeLLeRoNe]

Are you sure your DNS are propaged? Keep in mind that propagation can take up to 48hrs.

Regards

 

[toml]

Since you are using a non-bind DNS server hosted somewhere other than your DA box, you have to figure out what works for your DNS provider. Try removing all spaces and quotes, so it should look more like:

v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7H56aZTAflokt6/GnoDDZ2pFp4qYy35GQV2dAszVcT5cTf1RuT5dy1NhIXi+ZwOvfIsOPn4MynbP7qC5duN62JThEfo3U/JJ0zC9mqXEL35A29FmqfyPQarE5C/GzrjvX9ONl9LS5atEmlD9C35j/0aOq9HKkcnmOzDv6fB3rGXVrJToytTUgfSbbVIcfDD88E+MtRCipbjWuyJIm1anixopW0Sm+6pLr2JSypOWnYcqY1Pf+tFQNSa4DM79+NULhxoytSsULmfmWD40tr9PDMkK+OtQw8p6MYrKLMa0uxgT+RW/8eAh/bZvCmV5k1PIo4NdRPlgmp44n5SskiSmlQIDAQAB

Since this isn't a DNS provider that we have access to, you really need to try different combinations until you can do a dig on that server and the string returned doesn't have spaces within domain key, unless it is outside of the quotes.

 

[DutchLearner]

I've just tested it and it seems to work perfectly now. I've followed @SeLLeRoNe's advise to remove the DNS-records and adding them again an hour later. I've removed the quotes at the beginning and end of the record in my providers' DNS zone. Now it's set up as:

x._domainkey TXT 300 v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7H56aZTAflokt6/GnoDDZ2pFp4qYy35GQV2dAszVcT5cTf1RuT5dy1NhIXi+ZwOvfIsOPn4MynbP7qC5duN62JT hEfo3U/JJ0zC9mqXEL35A29FmqfyPQarE5C/GzrjvX9ONl9LS5atEmlD9C35j/0aOq9HKkcnmOzDv6fB3rGXVrJToytTUgfSbbVIcfDD88E+MtRCipbjWuyJIm1anixopW0Sm+6pLr2JSypOWnYcqY 1Pf+tFQNSa4DM79+NULhxoytSsULmfmWD40tr9PDMkK+OtQw8p6MYrKLMa0uxgT+RW/8eAh/bZvCmV5k1PIo4NdRPlgmp44n5SskiSmlQIDAQAB

I'm getting a perfect 10/10 now on Mail-Tester now.