DKIM signature is not valid

i think u r right … i cant connect to port 25 with telnet …i got Connection refused

so here is the problem but i checked the port its opend

[root@server ~]# sudo netstat -plntu Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:11000 0.0.0.0:* LISTEN 1975/lookup-domain- tcp 0 0 0.0.0.0:8088 0.0.0.0:* LISTEN 1878/openlitespeed tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 963/named tcp 0 0 127.0.0.1:8891 0.0.0.0:* LISTEN 1723/dkim-filter tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN 1982/perl tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 1683/dovecot tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 1683/dovecot tcp 0 0 0.0.0.0:870 0.0.0.0:* LISTEN 1174/sshd tcp 0 0 0.0.0.0:7080 0.0.0.0:* LISTEN 1878/openlitespeed tcp 0 0 0.0.0.0:10025 0.0.0.0:* LISTEN 1215/clamsmtpd tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1615/mysqld tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 1683/dovecot tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 1205/clamd tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 29431/spamd.pid tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1683/dovecot tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 1989/perl tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1195/vsftpd tcp 0 0 ip:53 0.0.0.0:* LISTEN 963/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 963/named tcp 0 0 :::443 :::* LISTEN 1554/httpd tcp 0 0 :::993 :::* LISTEN 1683/dovecot tcp 0 0 :::995 :::* LISTEN 1683/dovecot tcp 0 0 :::870 :::* LISTEN 1174/sshd tcp 0 0 :::110 :::* LISTEN 1683/dovecot tcp 0 0 :::143 :::* LISTEN 1683/dovecot tcp 0 0 :::80 :::* LISTEN 1554/httpd tcp 0 0 :::53 :::* LISTEN 963/named udp 0 0 ip:123 0.0.0.0:* 1183/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 1183/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 1183/ntpd udp 0 0 0.0.0.0:10000 0.0.0.0:* 1989/perl udp 0 0 0.0.0.0:20000 0.0.0.0:* 1982/perl udp 0 0 ip:53 0.0.0.0:* 963/named udp 0 0 127.0.0.1:53 0.0.0.0:* 963/named udp 0 0 2a02:c200:0:10:3:0:6420::123 :::* 1183/ntpd udp 0 0 fe80::250:56ff:fe3c:4f04:123 :::* 1183/ntpd udp 0 0 ::1:123 :::* 1183/ntpd udp 0 0 :::123 :::* 1183/ntpd udp 0 0 :::53 :::* 963/named

i cant see the port 25 here !! i used this commands to open it
iptables -I INPUT -p tcp --dport 25 -j ACCEPT

/sbin/service iptables save

/sbin/service iptables restart

Before you change any file please make a local copy!!!

  1. Check your firewall nano /etc/sysconfig/iptablesand you should have a line like this -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports 25,587 or run iptables -L -n and copy that here.

  2. In your main.cf check for: “inet_interfaces = all”, “inet_protocols = ipv4”, “mydestination = $myhostname, localhost.$mydomain, localhost, your.hostname.tld”. In case some of this lines are commented out uncomment then and set how i posted here.

  3. In your master.cf look for for:
    # ==========================================================================

service type private unpriv chroot wakeup maxproc command + args

(yes) (yes) (yes) (never) (100)

==========================================================================

smtp inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes
This line can end only with “smtpd” or something similar what depends how did you set your mail server, what is important are those letters “n, -, y”. Another thing, look in your master.cf if you have any line with “127.0.0.1” and change that to “0.0.0.0”.

  1. Run netstat -plnt |grep :25 and you should get tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN if you get something else post it here.

Well this is all what i could think right now. Ofc it could be tons of others things but this is most frequent mistakes what could block your port 25.

Last but not least, it doesnt have anything to do with your problem but more about not be used to spam other people server so in your main.cf change “unknown_local_recipient_reject_code = 450” to “unknown_local_recipient_reject_code = 550”.

I didnt mention but for changes to take effect you must restart each service you were changing.

thanks a lot no w can recive emails :slight_smile: but i now i cant send emails hahaha !!! omg

i can send emails from ssh … but i cant from smtp from website or so … i dont know whats happend when i opend the port 25 … i can now recive emails but i cant send any !

anyway i have SSL on my website so i think i musst open port 465

this is my master.cf

submission inet n - n - - smtpd
0.0.0.0:smtp inet n - n - - smtpd
465 inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING

i geht this error in the maillog when i try to send a email from smtp>
May 12 16:23:19 server postfix/smtpd[2137]: initializing the server-side TLS engine
May 12 16:23:19 server postfix/smtpd[2137]: connect from localhost[127.0.0.1]
May 12 16:23:19 server postfix/smtpd[2137]: disconnect from localhost[127.0.0.1]

whats happend now ?

Logs you posted doesnt show any error. Revert back how it was before my last post, follow my instructions and check after each change if sending/receiving emails works. So you will be able to see what will happen at each change and much easier to look around for a solution. At this point if everything fails again i think best would be to hire someone to take a look at your server and sort everything. Somehow i suspect that your server have more problems then we can see now.

i want to thank u very much … now all is fine and works good !! sending and reciving emails :slight_smile:

many thanks to ur help :=)

but i want to ask u the last quetion i tried again to test the dkim it still the signature not valied but i see that it has been changen from that i poested it above

v=1; a=rsa-sha256; c=simple/simple; d=palstudenten.com; s=dkimpal; t=1431456369; bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=; h=Message-ID:Date:Subject:From:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=GAYL32DGwkG50Mq9ynFPph6PcJQNBqO9uCT3WqRARVMG4st2Ewfys4Ld7TIeydDEShMzlVoHlpgBi50SgM3JMS6hGSakBn+8rpALVmyqVmJXICABU3yjARJpg9M8yiaIz0jjz+a1ZHAgdcJgLqEv5+HgQ4Ka/96fU8lrQYGvHNj4p3Q6i+9sPQEff7zWvIbHfr8GjyGDh5GvZsmJLUuavdl11scCnmZnvVP0mC5ewrDMbmDajnjTTh2oboqLvsR5t1S5UhvufHMuopnlTKK89eLkPqF4PdHFHlN1jcLfCyd+AgfWtmPz7SyCO7YgehEB8IoHsHYuTZgvFHf8gL0VMg==

Your DKIM signature is not valid

could we also fix this problem ?

Forgot to say, in case you didnt change your TTL as i told you at the beginning of this topic i think you will need to wait for the change to propagate. How long? Depending what did you put for TTL.

First go to Vmin - Email - DomainKeys Identified Mail and check to recreate new DKIM. Then login to Umin and send empty email to gmail or hotmail. Copy the log here (it should have a line with “DKIM-Signature field added”).

sorry for the late replay but i still have the same problem … with dkim !! i sent an empty emait to gmail and this is the log mail

Aug 3 01:50:49 server postfix/postfix-script[5149]: refreshing the Postfix mail system
Aug 3 01:50:49 server postfix/master[5145]: reload – version 2.6.6, configuration /etc/postfix
Aug 3 01:52:27 server postfix/smtpd[5579]: initializing the server-side TLS engine
Aug 3 01:52:27 server postfix/smtpd[5579]: connect from localhost[127.0.0.1]
Aug 3 01:52:55 server postfix/smtpd[5579]: warning: 1.0.0.127.dnsbl.njabl.org: RBL lookup error: Host or domain name not found. Name service error for name=1.0.0.127.dnsbl.njabl.org type=A: Host not found, try again
Aug 3 01:52:55 server postfix/smtpd[5579]: 5E16811A0224: client=localhost[127.0.0.1]
Aug 3 01:52:55 server postfix/cleanup[5586]: 5E16811A0224: message-id=1438559547.5576@xxx.com
Aug 3 01:52:55 server postfix/qmgr[5157]: 5E16811A0224: from=alaa@xxx.com, size=458, nrcpt=1 (queue active)
Aug 3 01:52:55 server postfix/smtpd[5579]: disconnect from localhost[127.0.0.1]
Aug 3 01:52:56 server postfix/smtp[5587]: 5E16811A0224: host gmail-smtp-in.l.google.com[2a00:1450:4013:c00::1b] said: 421-4.7.0 [2a02:c200:0:10:3:0:6420:1 15] Our system has detected an unusual 421-4.7.0 rate of unsolicited mail originating from your IP address. To protect 421-4.7.0 our users from spam, mail sent from your IP address has been 421-4.7.0 temporarily rate limited. Please visit 421-4.7.0 https://support.google.com/mail/answer/81126 to review our Bulk Email 421 4.7.0 Senders Guidelines. l7si10857430wif.65 - gsmtp (in reply to end of DATA command)
Aug 3 01:52:56 server postfix/smtp[5587]: 5E16811A0224: to=gschd.com@gmail.com, relay=gmail-smtp-in.l.google.com[74.125.136.27]:25, delay=29, delays=28/0.04/1.2/0.18, dsn=2.0.0, status=sent (250 2.0.0 OK 1438559576 fi5si10811701wib.110 - gsmtp)
Aug 3 01:52:56 server postfix/qmgr[5157]: 5E16811A0224: removed
Aug 3 01:54:01 server postfix/smtpd[5579]: connect from localhost[127.0.0.1]
Aug 3 01:54:01 server postfix/smtpd[5579]: 42A5711A0224: client=localhost[127.0.0.1]
Aug 3 01:54:01 server postfix/cleanup[5586]: 42A5711A0224: message-id=1438559641.5685@ar-frauen.com
Aug 3 01:54:01 server postfix/qmgr[5157]: 42A5711A0224: from=ar-frauen@ar-frauen.com, size=466, nrcpt=1 (queue active)
Aug 3 01:54:01 server postfix/smtpd[5579]: disconnect from localhost[127.0.0.1]
Aug 3 01:54:01 server postfix/smtp[5587]: 42A5711A0224: to=gschd.com@gmail.com, relay=gmail-smtp-in.l.google.com[2a00:1450:4013:c00::1b]:25, delay=0.58, delays=0.09/0/0.18/0.31, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2a00:1450:4013:c00::1b] said: 550-5.7.1 [2a02:c200:0:10:3:0:6420:1 12] Our system has detected that this 550-5.7.1 message is likely unsolicited mail. To reduce the amount of spam sent 550-5.7.1 to Gmail, this message has been blocked. Please visit 550 5.7.1 https://support.google.com/mail/answer/188131 for more information. ei9si10853934wid.78 - gsmtp (in reply to end of DATA command))
Aug 3 01:54:01 server postfix/cleanup[5586]: D3B6011A0E9F: message-id=20150802235401.D3B6011A0E9F@server.xx.com
Aug 3 01:54:01 server postfix/bounce[5709]: 42A5711A0224: sender non-delivery notification: D3B6011A0E9F
Aug 3 01:54:01 server postfix/qmgr[5157]: D3B6011A0E9F: from=<>, size=3705, nrcpt=1 (queue active)
Aug 3 01:54:01 server postfix/qmgr[5157]: 42A5711A0224: removed
Aug 3 01:54:01 server postfix/local[5710]: D3B6011A0E9F: to=ar-frauen@xxxx.com, orig_to=ar-frauen@ar-frauen.com, relay=local, delay=0.03, delays=0/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail)
Aug 3 01:54:01 server postfix/qmgr[5157]: D3B6011A0E9F: removed

v=1; a=rsa-sha256; c=simple/simple; d=mail.oktick.com; s=2017; t=1499658064; bh=rnDDjVIPBw5bhpnVGPNja8qdKhQPkkOa4WJR/w9xjv0=; h=To:Subject:Message-ID:Date:From:MIME-Version:Content-Type:Content-Transfer-Encoding; b=QBJ9iG2g6rvzQNN/XSbhs5X5fXq+BkeEo9BMeucrL2K7qPZvfLwkhUXYaC7OYe7H9SOjNQncXkuB6xOnxzjQDTobH5C5adCvrD/AfAQTZnUhDioCEVP6B7fCc3Rer+zuH3p4FHW8vpeJq/ZX2dV55g5/ufTFlFBSD98v+ybBbXo=
Your public key is:

“v=DKIM1; t=s; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/fV51ZgTQ7kv4+9W7094N14vFwV5UZzbS+GboB4VaVTjWKhcBj+DpNTkU7D3ovaHRgWLMuX3lZFZiL6zkPrNbpbig8mgAfhmg8JLC12fO4VBUCwJcrERGwhbi0gMpQFnVHXwVpC7tfTXQDpN+uWLLo5ZCi73rGrDwLc4hlOt+xwIDAQAB” Key length: 1024bits

Your DKIM signature is not valid
which changes needs to require for this issue fix?
please help me for this issue.