Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 2710 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DKIM not working

hagman_01

I tried to setup DKIM with no success.

1. I used (on my local Linux box) openssl to generate a 1024bit RSA key pair.

2. I added the public key into DNS and let it propagate (for the moment with testing mode "t=y" )

$ host -t txt testing._domainkey.mydomain.example 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

testing._domainkey.mydomain.example descriptive text "v=DKIM1;k=rsa;t=y;p=MIGfMA0......DwIDAQAB"

3. I configured the UTM as follows

Priate key =

-----BEGIN PRIVATE KEY-----
MIIC...
...
...
...
-----END PRIVATE KEY-----

selector = testing

DKIM-Domains = mydomain.example

4. I used https://www.appmaildev.com/en/dkim to check. Result:  DKIM-Result: none (no signature)

Why is no signature added?
According to the result at the receiving end, the mail is from the specified DKIM domain: 

From: "Real Name" <username@domain.example>


This thread was automatically locked due to age.
Parents
  • 0

    Hello Hagman!

     Thank you for contacting the Sophos Community!

    What is the output of dig nameofthekey._domainkey.domain.com TXT +short

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    "v=DKIM1;k=rsa;t=y;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPSj8NGDf71/tmIKyJ3Ymbdgx4IGGxGVQCvj97AhN50uKw6qBpkMNBA8JCz0f4LfyV/2OM7R+WXSKtt/5cQD5mbYQku/5wbjqTJJDMVvBk10TAp636Z/s+zQC9/piaLAzqv/DSnGnxCXAzxK8rxdK5fetzAkf8Iw9vb2ChbbVjDwIDAQAB"

    (cf. the equivalent host command in my post)

    Does that even matter? I mean, a problem with the DNS record would certainly lead to failure in verification of the DKIM signature at the receiving end - but the DKIM signature is not even applied! at my sending end?

    In other words: Does your question mean that UTM does the DKIM signing if it is able to verify that the corresponding public key DNS record (which i dnot needed for the signing per se) is resolvable from the (internal-ish) resolver of the UTM instead of merely from all receiving ends who resolve the "official" version of DNS?

Reply
  • 0 in reply to emmosophos

    "v=DKIM1;k=rsa;t=y;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPSj8NGDf71/tmIKyJ3Ymbdgx4IGGxGVQCvj97AhN50uKw6qBpkMNBA8JCz0f4LfyV/2OM7R+WXSKtt/5cQD5mbYQku/5wbjqTJJDMVvBk10TAp636Z/s+zQC9/piaLAzqv/DSnGnxCXAzxK8rxdK5fetzAkf8Iw9vb2ChbbVjDwIDAQAB"

    (cf. the equivalent host command in my post)

    Does that even matter? I mean, a problem with the DNS record would certainly lead to failure in verification of the DKIM signature at the receiving end - but the DKIM signature is not even applied! at my sending end?

    In other words: Does your question mean that UTM does the DKIM signing if it is able to verify that the corresponding public key DNS record (which i dnot needed for the signing per se) is resolvable from the (internal-ish) resolver of the UTM instead of merely from all receiving ends who resolve the "official" version of DNS?

Children
Unfiltered HTML