This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DKIM not working

I tried to setup DKIM with no success.

1. I used (on my local Linux box) openssl to generate a 1024bit RSA key pair.

2. I added the public key into DNS and let it propagate (for the moment with testing mode "t=y" )

$ host -t txt testing._domainkey.mydomain.example 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

testing._domainkey.mydomain.example descriptive text "v=DKIM1;k=rsa;t=y;p=MIGfMA0......DwIDAQAB"

3. I configured the UTM as follows

Priate key =

-----BEGIN PRIVATE KEY-----
MIIC...
...
...
...
-----END PRIVATE KEY-----

selector = testing

DKIM-Domains = mydomain.example

4. I used https://www.appmaildev.com/en/dkim to check. Result:  DKIM-Result: none (no signature)

Why is no signature added?
According to the result at the receiving end, the mail is from the specified DKIM domain:

From: "Real Name" <username@domain.example>


This thread was automatically locked due to age.
Parents
  • Hallo,

    You might be interested in a guide I made in 2012 for setting up DKIM.  If you'd like a copy, please PM me an email address to send it to.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hallo,

    You might be interested in a guide I made in 2012 for setting up DKIM.  If you'd like a copy, please PM me an email address to send it to.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Apparently, my mistake was with step 1 (though I for sure do know how to generate key pairs). I don't recall which guide I followed (I am sure is was not by you), but that guide made me generate the keys per

            openssl genpkey -algorithm RSA  ...

    Meanwhile I managed to findi a matching thread  - no idea why seraching for "RC -101" previously gave me no better results. According to that, I regenerated keys per

           openssl renrsa ...

    and that key pair worked instantly. I am still scratching my head about the reasons (perhaps genpkey generated a key protected by no keyword instead not protected by a keyword?), but who cares when it works fine now ...