We're sending out e-mails with EXIM 4.71 from a PHP application. DKIM is enabled and is working properly, unless when sending a specific type of mails, which.
UPDATE
Now the validator at mail-tester.com says the DKIM signature is fine.On the other hand the isnotspam.com still doesn't seem to like it. I assume it is working fine now. Also gmail accepts the email.
The change I made:
I changed thesmtpd_tls_cert_file=..smtpd_tls_key_file=..
to hold the keys for the primary domain. However my VPS contains several domains, so it still remains to be seen what happens with mails from
END OF UPDATE
I am getting a DKIM validation error. For your reference you can find the report at the end of this post.
I am confused about what to put in the /etc/postfix/main.cf
smtpd_tls_cert_file=???smtpd_tls_key_file=???
should these be the certificate of the domain (e.g. example.com)?
Of which these are the most relevant parts:
DomainKeys check details:
Result: neutral (message not signed)ID(s) verified: [email protected]=domain=DomainKeys DNS Record=
DKIM check details:
Result: failID(s) verified: [email protected]=201608domain=example.comDomainKeys DNS Record=201608._domainkey.example.com
I did double check that the DNS (mxtoolbox) is what I would expect it to be.My message is getting signed, but for some reason the signature does not match.
I really am running out of options that's why I am knocking on your doors.
I followed the steps outlined here to the letter:https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8
(A very good tutorial I think. Nevertheless this would also give me another problem: warning: connect to Milter service local:/opendkim/opendkim.sock: Permission denied, which I worked around by changing UMask 000 to UMask 002).
Thanks a lot.dexter
![List List](/uploads/1/2/3/7/123776442/788763214.png)
From the isNOTspam service:
SPF Check : passSender-ID Check : passDomainKeys Check : neutralDKIM Check : fail
HELO hostname: server.example.comSource IP: 37.97.206.208mail-from: [email protected]
Anonymous To: [email protected]
SPF check details:
Result: passID(s) verified: [email protected] record(s):example.com. 74618 IN TXT 'v=spf1 a mx ip4:37.97.206.208 ip6:2a01:7c8:aac3:aa::1/48 ~all'
Sender-ID check details:
Result: pass
ID(s) verified: [email protected] record(s):example.com. 74618 IN TXT 'v=spf1 a mx ip4:37.97.206.208 ip6:2a01:7c8:aac3:aa::1/48 ~all'
DomainKeys check details:
Result: neutral (message not signed)ID(s) verified: [email protected]=domain=DomainKeys DNS Record=
DKIM check details:
Result: failID(s) verified: [email protected]=201608domain=example.comDomainKeys DNS Record=201608._domainkey.example.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=example.com;s=201608; t=1470311857;bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;h=To:Subject:Date:From:From;b=Xy3uCw55frNys0VUaYiEDRxnCB0uoO9JWuXwtQYM1n6uqyNenv7EL5RTFAxjABeiLjlfOlSN8r4HPpaKvmWff8wYyEpCvU++t67n+uoCwRixYZRG0x62wuLtFXOJc5dI5o4EJkFvKTXuj49v/pDxPk4RYwgXmBSCcFiSY3g5YzxM3TIByBi78/6fuIo0NWHXGrBHKm+FwiB512yyETI4r/qK+VpqNVZtHKoZlYxrWSlPSTZZDKK0j7asR/yBqiA/UDqkqgtuSHiROnxVuhzcOqd5SVzbP0G+VjpkrP/iEdgtYVBV6+t9YhDSncZX0umAn4hPqGfyo4GPz7s/Sf/Qbw
dexter
dexterdexter
1 Answer
Now the validator at mail-tester.com says the DKIM signature is fine. On the other hand the isnotspam.com still doesn't seem to like it. I assume it is working fine now. Also gmail accepts the email.
The change I made:
I changed the smtpd_tls_cert_file=.. smtpd_tls_key_file=..
to hold the keys for the primary domain. However my VPS contains several domains, so it still remains to be seen what happens with mails from
First the postfix SSL certs have absolutely nothing to do with DKIM so that was different issue you had.
![Zimbra dkim-signature body hash not verified Zimbra dkim-signature body hash not verified](/uploads/1/2/3/7/123776442/268072730.png)
Second if you still are getting errors at isnotspam.com then don't assume everything is alright until you get a green light on all tests.
Third create new signatures for each domain and make sure the DNS entry is correct as well as permissions on the signature files.
Also make sure your postfix/main.cf has the proper entries and the .sock actually exists.
Check mail logs for errors, warnings after restart opendkim, should look something like this:
devCU SoftdevCU Soft