1

I configured my server (Debian Jessie) and domain with DKIM. I installed OpenDKIM on my server, and followed this tutorial. I went to my domain provider, and set a new DNS TXT record for mail._domainkey.example.com:

"v=DKIM1; k=rsa; p=ThePublicKey"`

Where I got the key from mail.txt, which was generated by the command:

opendkim-genkey -s mail -d example.com

I made sure that the OpenDKIM server is working, and that Postfix is signing the messages. However, I'm unable to find an unbiased way to check whether the emails sent from my server are signed properly.

By googling, I found this service, which gets me to send an email to it, and gives me a report on whether the signing is correct. However, it keeps saying that the signature is invalid in the end report:

SpamAssassin Score: 1.179
Message is NOT marked as spam
Points breakdown: 
 0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                            See
                            http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                             for more information.
                            [URIs: example.com]
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.3 HTML_IMAGE_ONLY_04     BODY: HTML: images with 0-400 bytes of words
 0.7 MPART_ALT_DIFF         BODY: HTML and text parts are different
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
 0.0 TVD_SPACE_RATIO        No description available.
 0.0 T_DKIM_INVALID         DKIM-Signature header exists but is not valid

Although it says in another part (at the DKIM Information, above that report) that it's valid. It says exacly:

Validating Signature

result = pass

While in mxtoolbox, it doesn't show that I have any syntax problem in my DNS entry. It's able to parse the public key without problems.

What can I do to find the problem with my DKIM setup?

The Quantum Physicist
  • 658
  • 2
  • 11
  • 26

2 Answers2

3

Apparently the test at the site I linked has a problem, so, I found two ways to test my config (SSL, SPF, DKIM and DMARC):

  1. Using gmail. Simply send an email to some account of yours in gmail, and check the header of the message. Gmail has a section where it says if tests are passed.

  2. You can use port25. There's an email address there. Send it an email, and it'll reply with a report indicating whether your config is OK .

The Quantum Physicist
  • 658
  • 2
  • 11
  • 26
1

Try this DKIM key checker. It will query the DNS zone and validate the key correspondence between the server and zone file.

Also, I would recommend not to run an email server in digital ocean as it would be pointless. I recommend running your mail server on an EC2 instance if you plan on running it In the cloud.

Michael
  • 375
  • 1
  • 9
  • 1
    This tool just checks whether the information in the domain settings is correctly placed. I need something to check that against my email signatures. Btw, I don't have a server at digital ocean. I just used their tutorial. Thanks for trying to help. – The Quantum Physicist May 14 '17 at 06:16
  • no problem, friend! sorry I couldn't help. – Michael May 14 '17 at 12:42
  • Just send an email to gmail and select "Show original" in their user interface. The DKIM verification result should be readable in the headers. You can do the same thing with Hotmail et al to verify your configuration is compatible with real world. As in many cases with SMTP, there's collection of specs and then there's the real world. – Mikko Rantalainen Jun 22 '22 at 06:38