1

I've got sednamil, dkim-milter both running on RHEL4.

DNS and config files look like:

TXT record: mail._domainkey.MYDOMAIN.com IN TXT "v=DKIM1; g=*; k=rsa; t=y; p=....snip...TRM3w7CuYnQIDAQAB"

TXT record:

_adsp._domainkey.MYDOMAIN.com. IN TXT "dkim=unknown"

/etc/dkim.conf

Canonicalization simple
Domain MYDOMAIN.com,MY2ndDOMAIN.com
KeyFile /var/db/dkim/mail.key.pem
MTA MSA
Selector mail
Socket inet:8891@localhost
SignatureAlgorithm rsa-sha256
Syslog Yes
Userid dkim
X-Header Yes
Mode sv
InternalHosts /etc/dkim-internal-hosts

/etc/dkim-internal-hosts

MYDOMAIN.com
MY2ndDOMAIN.com
127.0.0.1

Now, when I send an email as a test, I don't see anything in the headers about DKIM being authenticated, although the key does appear: 

X-DKIM: Sendmail DKIM Filter v2.8.3 MYDOMAIN.com o7FLH1Wa032083
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=MYDOMAIN.com; s=mail;
t=/XKdLCPjaYaY=;
h=Message-ID:Date:Subject:From:To:MIME-Version:Content-Type:
 Content-Transfer-Encoding;
b=qetPkilXBdjnuqiKIyvAwsvTvJfAnq5urdgp/i7p/uLJ8DB+svy9A8C6CPmcfELsJ
 hDid5k2AN5JD+wM2INmUIgjeAa/IwpGTbuMloj0Wioh4njqIfbATJqOhuqxTjic

If I type in:

# host -t txt mail._domainkey.MYDOMAIN.com

I get:

Host mail._domainkey.MYDOMAIN.com not found: 3(NXDOMAIN)

What could I be missing?

NinjaCat
  • 576
  • 1
  • 9
  • 21
  • typing in: dkim-testkey -d MYDOMAIN.com -k /var/db/dkim/mail.key.pem -s mail gives me: dkim-testkey: res_query(): `mail._domainkey.MYDOMAIN.com' Unknown host – NinjaCat Aug 15 '10 at 23:54

1 Answers1

2

It looks like your DNS is setup incorrectly. You need to put in your public key that you generated when initially setting up DKIM. A sample DKIM record is as follows:

$ dig +short TXT dkim._domainkey.twitter.com
"v=DKIM1\;" "g=*\;" "k=rsa\;" "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrZ6zwKHLkoNpHNyPGwGd8wZoNZOk5buOf8wJwfkSZsNllZs4jTNFQLy" "6v4Ok9qd46NdeRZWnTAY+lmAAV1nfH6ulBjiRHsdymijqKy/VMZ9Njjdy/+FPnJSm3+tG9Id7zgLxacA1Yis/18V3TCfvJrHAR/a77Dxd65c96UvqP3QIDAQAB"

Everything after the p= is the public key. Just paste it all on one line. The value that comes before the _domainkey is called your selector. In the twitter example above, their selector is dkim. From your /etc/dkim.conf file, it looks like your selector is called simply mail. So your DNS record should be:

mail._domainkey.MYDOMAIN.com. IN TXT "v=DKIM1; k=rsa; t=s; p=<yourpublickey>"

Once that's setup and after the record has propagated, you should get the full record when you run the following:

$ dig +short TXT mail._domainkey.MYDOMAIN.com

Hope this helps.

vmfarms
  • 3,117
  • 20
  • 17
  • interesting... you are using t=s, rather than t=y and you don't have a g=*. I'll update my DNS now and see what happens. – NinjaCat Aug 16 '10 at 00:15
  • t=y means testing mode. You can use t=y for now while you get everything working, then switch it to t=s when everything is in place. g=* is assumed by default. – vmfarms Aug 16 '10 at 00:27
  • Weird thing is that the dig command still returns nothing... – NinjaCat Aug 16 '10 at 07:02
  • dig (without +sort) returns: ;mail._domainkey.MYDOMAIN.com. IN TXT. Note that there is nothing returned after the "TXT". – NinjaCat Aug 16 '10 at 07:36
  • do the semicolons need to be escaped as it is in the twitter example? – NinjaCat Aug 16 '10 at 08:50
  • No, no need to be escaped. Your DNS server will handle that. You also don't need to provide any quotes around it, as your DNS server should place those as well. What is you domain name? I can attempt to make a few lookups on your behalf. – vmfarms Aug 16 '10 at 12:28
  • It's actually fixed, thanks to your help. My problem was that I was putting in the entire line into the value for TXT, rather than just the part that should have been the value. I really appreciate your help... – NinjaCat Aug 16 '10 at 12:37