virtualmin dkim not working - solved

— that’s the input i needed to solve —

http://www.virtualmin.com/node/16752#comment-77877

after that, dkim was correctly available and i could enter the corresponding TXT records in my DNS Server, everything works fine now…

hi there

i am currently setting up a virtualmin server. i do not have yet a deep insight into mailserver configuration. That’s why i basically followed the documentation on this topic:

http://www.virtualmin.com/documentation/email/dkim

i followed all the steps precisely. I am running the latest virtualmin on debian squeeze.

the public key is shown in the textfield in virtualmin. i used it in my dns server TXT as follows:
k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpJ36KdDu2AT6+nTZ/72O//CgdHwZzgw1MUlNDYZU/AMDtmd/L5NaQo2iU4JC6768WIngJAmZDalV9reFPTidQHpCP5symhOSQk95R81EXE5GyXbIiN1NTKw1WhjYbKFvCGcvzZbhNcLKLzId+FbmAUOphdH1sZUPsl2PLgfn52wIDAQAB

emails are sent properly, but headers are showing errors in gmail and one of my servers refuse to accept the mail because of wrong dkim. here is the header in detail:

Received-SPF: neutral (google.com: 47.105.121.47 is neither permitted nor denied by best guess record for domain of admin@mydomain.ch) client-ip=47.105.121.47;
Authentication-Results: mx.google.com; spf=neutral (google.com: 47.105.121.47 is neither permitted nor denied by best guess record for domain of admin@mydomain.ch) smtp.mail=admin@mydomain.ch; dkim=neutral (bad format)

what do i have to change additionaly? i am new to mailservers, so any help would be apreciated.

best
marc

BTW: ip/domain are not the original ones…

here are check results by port25.com

==========================================================
Summary of Results

SPF check: neutral
DomainKeys check: neutral
DKIM check: permerror
Sender-ID check: neutral
SpamAssassin check: ham

==========================================================
Details:

HELO hostname: ns394031.ovh.net
Source IP: 47.105.121.47
mail-from: admin@mydomain.ch


SPF check details:

Result: neutral (SPF-Result: None)
ID(s) verified: smtp.mailfrom=admin@mydomain.ch
DNS record(s):
mydomain.ch. SPF (no records)
mydomain.ch. TXT (no records)


DomainKeys check details:

Result: neutral (message not signed)
ID(s) verified: header.From=admin@mydomain.ch
DNS record(s):


DKIM check details:

Result: permerror (no usable key records)
ID(s) verified:
Canonicalized Headers:
Message-ID:‘20’4E69D295.6000505@mydomain.ch’0D’‘0A’
Date:‘20’Fri,‘20’09’20’Sep’20’2011’20’10:47:17’20’+0200’0D’‘0A’
From:‘20’Marx’20’Widx’20’admin@mydomain.ch’0D’‘0A’
MIME-Version:‘20’1.0’0D’‘0A’
To:‘20’check-auth@verifier.port25.com’0D’‘0A’
Subject:‘20’test’0D’‘0A’
Content-Type:'20’text/plain;'20’charset=ISO-8859-1;‘20’format=flowed’0D’‘0A’
Content-Transfer-Encoding:‘20’7bit’0D’‘0A’
DKIM-Signature:'20’v=1;'20’a=rsa-sha256;'20’c=simple/simple;'20’d=mydomain.ch;‘0D’‘0A’
'09’s=2011;'20’t=1315558067;‘0D’‘0A’
'09’bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;‘0D’‘0A’
'09’h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:‘0D’‘0A’
‘09’'20’Content-Transfer-Encoding;‘0D’‘0A’
'09’b=

Canonicalized Body:
test’0D’‘0A’

DNS record(s):
2011._domainkey.mydomain.ch. TXT (no records)

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25’s PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.


Sender-ID check details:

Result: neutral (SPF-Result: None)
ID(s) verified: header.From=admin@mydomain.ch
DNS record(s):
ewzselection.ch. SPF (no records)
ewzselection.ch. TXT (no records)

The problem is dkim have error key 2048, you have use the key 1024. camong, step by step for fix totaly the problem:

  1. access your virtualmin root;

  2. go for system settings (menu left);

  3. find Virtualmin Configuration;

  4. Edit the path in menu list - SSL settings (change in text box for 1024) and save.

Ready! First step resolved, ok?

Continue

Installing Dkim again in your server

  1. Run the line command in your SSH for this server:
    [root@server ~]# openssl genrsa -out /etc/dkim.key 1024 && openssl rsa -in
    this will install dkim.key in the server.

  2. Now, go for /etc/mail/dkim-milter/keys
    run command for this: cd /etc/mail/dkim-milter/keys

  3. edit the file erasing the lines containing the names domains in question and save and exit from file.

  4. Done this, then go for Email Messages (menu left in virtualmin) and click in DomainKeys Identified Mail

  5. find this DNS records for additional domains and copy all information from text box

note that we dkim manually configure DNS zones, ok? So we know that it is a TXT entry in the DNS zones, we must know what information to put in the name of the entry and the value that goes in the text box for this information correct? So here we go.

  1. Open your notepad;

  2. copy and paste the key your dkim, this information is in DNS records for additional domains.

  3. now open the zone dns of domain in question and edit the DNS zone, so:
    rollback and find the button Create Record of type: Select in menu list the option: TXT - Text

  4. In Record name type this: my-selector-name._domainkey

  5. In Text record past your dkim key
    Note: The syntaxe for this have to be so:
    v=DKIM1; k=rsa; t=s; p=YOUR_DKIM_KEY_COPIED_FROM_DomainKeys_Identified_Mail

replace this: YOUR_DKIM_KEY_COPIED_FROM_DomainKeys_Identified_Mail by its key dkim.

  1. Now save and exit;

  2. back in Email messages >> DomainKeys Identfield Mail and click and save.

  3. Done, please restart your server BIND.

You can test configuration in http://dkimcore.org/c/keycheck

and can check too in: http://www.brandonchecketts.com/emailtest.php

Is this!

I hope to have helped those who are experiencing this problem with dkim and virtualmin.

My OS used here is CentOS 6.3. Ok?

Thank you very much everyone.

Julio Cesar
Web Ômega do Brasil
http://www.webomega.com.br