DKIM Key invalid

SYSTEM INFORMATION
OS type and version NAME=“CentOS Stream”
VERSION=“9”
ID=“centos”
ID_LIKE=“rhel fedora”
VERSION_ID=“9”
 |

| Virtualmin version | Version 7.8.2|

I am attempting to set up my DKIM key within Linode(Akami). I’ve generated the DKIM within the interface and this is the value it gives me.

default._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6b4mMRwHryYqj"
	"3W+9HW0rkvrsY8K0G3q9gbui1MaEzLk+IUS/Xzj5LX4MrxAuiqvLgyruYv0sBaYBHnfQlRPKdlCpXV4H"
	"oLagj+J6+cogqd73CKPUx0rlF6o9gfMF08UJxidTowd+cchpIaAulcBSlXkEwxcgY91CHceuiYesBnNw"
	"mMp+Ce31X/2Kxt9Yhybx68SqaGPYRYc2rLrLjcEJlJ9CCcbCR/CpKHeje20rGoLZQe/9khQa6N2u4W1q"
	"5bj0leqo+rYRqIsiEbYSGbzvbKsMe5IQHy5tugsAZYVhb/gM1e63KSbU/DP0mjaup3BUuLnZCxdVmRWR"
	"ZaOAnsHqwIDAQAB" )

No combination of pasting this into my DNS appears to work. I remove the quotes, I change to PEM format, nothing. Every iteration throws an error. I can get the Version flag to work, the k and t flags but the public key simply is not recognized no matter how I paste it.
mxtoolbox.com, the tool I’m using to check my DKIM record tells me that with the quotes it cannot understand the v value, removing the quotes doesn’t work, changing to the PEM key and changing k to pem doesn’t appear to function.

At this point I’m at a loss as to what exactly I’m supposed to be pasting into my DKIM TXT record.

Did you use this format
“v=DKIM1; k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6b4mMRwHryYqj3W+9HW0rkvrsY8K0G3q9gbui1MaEzLk+IUS/Xzj5LX4MrxAuiqvLgyruYv0sBaYBHnfQlRPKdlCpXV4HoLagj+J6+cogqd73CKPUx0rlF6o9gfMF08UJxidTowd+cchpIaAulcBSlXkEwxcgY91CHceuiYesBnNwmMp+Ce31X/2Kxt9Yhybx68SqaGPYRYc2rLrLjcEJlJ9CCcbCR/CpKHeje20rGoLZQe/9khQa6N2u4W1q5bj0leqo+rYRqIsiEbYSGbzvbKsMe5IQHy5tugsAZYVhb/gM1e63KSbU/DP0mjaup3BUuLnZCxdVmRWRZaOAnsHqwIDAQAB”

beginning and end quotes stay.

Yes, this produces an error the v tag is malformed and therefore not understood. Being seen as "v instead of simply DKIM1

I did eventually get it working via sheer brute force. Whatever Virtualmin is telling me to copy in the DKIM DNS records for domains section is not accurate. At least not so far as Linode is concerned.

The p value is not a valid rsa string, but the k tag indicates so, which fails.

I went to Report URI: PEM Decoder, entered the public key there, and extracted the rsa value, put that in…

v=DKIM1; k=rsa; t=s; p=e9be26311c07af262a8f75bef475b4ae4bebb18f0ad06deaf606ee8b531a1332e4f88512fd7ce3e4b5f832bc40ba2aaf2e0cabb98bf4b016980479df42544f29d942a575781e82da823f89ebe72882a77bdc228f531d2b945ea8f607cc174f1427189d4e8c1df9c721a48680ba57014a55e4130c5c818f7508771eba261eb019cdc26329f827b7d57ff62b1b7d621c9bc7af12a9a18f61161cdab2eb2e370426527d08271b091fc2a4a1de8dedb4ac6a0b6507bff648506ba376bb85b5ab96e3d257aaa3ead846a22c8846d84866f3bdb2ac31ee48407cb9b6e82c01961585bfe03357badca49b53f0cfd268daba9dc152e2e7642c5d56645645968e027b07ab

And it passes.

I’ve had no issue using it at vultr, inmotionhosting and cloudflare.
I think only difference maybe using the quotes at beginning and end.

The docs at Linode show quotes are not used. At least you got it working. Has it been validated at mxtools. also send to a gmail address and view the original from tools menu. (see below screenshot)

A DKIM record or DomainKeys Identified Mail record displays the public key for authenticating messages that have been signed with the DKIM protocol. This practice increases the capability to check mail authenticity. A typical DKIM record looks like the following:

selector1._domainkey.example.com        TXT     k=rsa;p=J8eTBu224i086iK

Docs
DKIM records are implemented as text records. The record must be created for a subdomain, which has a unique selector for that key, then a period (.), and then _domainkey.example.com. The type is TXT, and the value includes the type of key, followed by the actual key.

Yup, I followed Linodes docs, they’re usually spot on but in their case the strings are a single string, where as the one I’m getting from Virtuammin are several strings in quotations.

Here’s what I get if I just paste in the string verbatim

Here is with my ‘decoded’ PEM string

After which, Google now graces me with the ability to receive email from my domain.

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.