Docker-mailserver: DKIM invalid signature
Hey, sorry to trouble you with what is almost certainly a trivial error on my part. I am trying to get DKIM working on my domain but various mail test tools are reporting that the DKIM signature is invalid.
Context
I have the docker image up and running, and it sends emails and receives emails to a mailbox I added.
I generated a DKIM for the domain using ./setup.sh config dkim 2048. I used the key from the mail.txt in my DNS record as a txt record using the host mail._domainkey.
Expected Behavior
http://www.appmaildev.com/en/dkim/ should show DKIM as valid.
Actual Behavior
I get a bad signature error.
Your Environment
- Mailserver version used: latest
- Docker version used: 18.06.1-ce, build e68fc7a
- Environment settings relevant to the config:
The result of dig:
dig TXT mail._domainkey.tyers.io
; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> TXT mail._domainkey.tyers.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42144
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;mail._domainkey.tyers.io. IN TXT
;; ANSWER SECTION:
mail._domainkey.tyers.io. 1417 IN TXT "v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSuw6Owc8H4Vpj3SXq9D+R4TYQnBYpr5hlpcQpc72W4MJPbYVu1av9d0zT9XY1io4b/CsjfHpFOlBSN/pQb8xkZ0NkLXehc8Bl3NkKgzVKRu5uu+EAszVsoEqrY3Glp6Bi+899mpY2MIrQCBaF+V+tEj0vVQlWyVvTvn5TyaQ2wTXP+1HN/pCK"
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Sep 17 10:55:02 UTC 2018
;; MSG SIZE rcvd: 320
The contents of mail.txt
mail._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSuw6Owc8H4Vpj3SXq9D+R4TYQnBYpr5hlpcQpc72W4MJPbYVu1av9d0zT9XY1io4b/CsjfHpFOlBSN/pQb8xkZ0NkLXehc8Bl3NkKgzVKRu5uu+EAszVsoEqrY3Glp6Bi+899mpY2MIrQCBaF+V+tEj0vVQlWyVvTvn5TyaQ2wTXP+1HN/pCKVaha0yx/WVboGhnJpo6Vt0nL"
"9bB80QdIKADohoPtIonBT7HCKG9pVx6jFOeAlmjD7851/V0mq4yFlXC9pMyMgqT2GJVvgRUt4ZqYDcCqiPJ+BQ6EUYCHBLVIe3EDugHnDPOQp4oURykg6lU7nPsJcE/PuQl47uRQIDAQAB" ) ; ----- DKIM key mail for tyers.io
The result of sending a message to my gmail:
Delivered-To: [email protected]
Received: by 2002:ac8:22fb:0:0:0:0:0 with SMTP id g56-v6csp1187737qta;
Mon, 17 Sep 2018 03:57:50 -0700 (PDT)
X-Google-Smtp-Source: ANB0Vdb8DYDbfGV+NGlnYpjEeCfIzpAv5SiurOBm20tRE3azQBJBhYkOHKMNDbyyvQSrLOapjxEb
X-Received: by 2002:a50:c101:: with SMTP id l1-v6mr40709617edf.126.1537181870320;
Mon, 17 Sep 2018 03:57:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1537181870; cv=none;
d=google.com; s=arc-20160816;
b=JchUhXkGbaLb+exjiNFcA2DvXBEJEv1f2fArzjXMb137q9ttlUfEyP20y3Slmqx0e2
K0nquJFQ/pe2/QjaYYaBdeIizb7AZMmwYMbYZ3SHrWZ/wZxYvRFrWRHNWPnXYb1Y1UTu
MvQgXbRrNz3P0NkIUDQG/q9dRrbuPbQu6kzM+G3N/xaGCh/DCXY8rSkAOsWXg69W1MaL
C23vIiZOuKDClS+fMZLdBEHM3pk+02BSTBtkv77IbBeZL+GHF1IRb5bX7uYhOK8Lqqv7
LR6/pv+E4mFnwYPkUw1U4PtJicgyx6P8Zk7qDBXIRmIiz2NWBwvu6cFkxLdWyM1vBUYn
j5Nw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=message-id:subject:date:from:dkim-signature;
bh=kLtLHnbJqIFboEbJ18AcrQtf9rueliUl9sZzOhfCAME=;
b=tUzrASHWfK1xEsMEX1tYImnqCiFWcTl8X5Okp+d31GzQ1WMKhrbDj6i/dsdq/6YrPN
R5GR/VcRgWgc3bCkvVWLkTHvx3EFZIbYTyGLq08waPDXIdTT3oFd23Vj3ITROLmKr3m/
VrS0Zl4cphZtTHjRTvO7J69+AW/S+VFlQl2718KIBticI/Vmi9DW636iKzcJTLkZgHxE
w36LRwMlVHs7kvxM6/8LBfPAzuiZ+NerB06VCLBHXSZG1UyOPk41jhZWBCRnhvs5+Fwc
FukkfWu/6KdFvz0u9T95NsjtMz9joty8UJB/cel8JhHeyMrZl68RHqR9j5hSfHwVtj3C
J1Jg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=neutral (invalid public key) [email protected] header.s=mail header.b=jcnp8bMb;
spf=pass (google.com: domain of [email protected] designates 163.172.168.234 as permitted sender) [email protected]
Return-Path: <[email protected]>
Received: from mail.tyers.io (mail.tyers.io. [163.172.168.234])
by mx.google.com with ESMTPS id o1-v6si983955edq.447.2018.09.17.03.57.49
for <[email protected]>
(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
Mon, 17 Sep 2018 03:57:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 163.172.168.234 as permitted sender) client-ip=163.172.168.234;
Authentication-Results: mx.google.com;
dkim=neutral (invalid public key) [email protected] header.s=mail header.b=jcnp8bMb;
spf=pass (google.com: domain of [email protected] designates 163.172.168.234 as permitted sender) [email protected]
X-Virus-Scanned: Yes
Received: from tyers.io (server [172.25.0.1]) by mail.tyers.io (Postfix) with SMTP id E7D27C8909 for <[email protected]>; Mon, 17 Sep 2018 10:57:48 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tyers.io; s=mail; t=1537181868; bh=kLtLHnbJqIFboEbJ18AcrQtf9rueliUl9sZzOhfCAME=; h=From:Subject; b=jcnp8bMb/MYF+AblGYe8lHshvEi3Qtm5Hdh0nko9GcV5p9hREyiwuEnHlnywEE8E8
x7n1+PeG5E/EA9LoRRyVYKn8k/SFTSG+D2QINzbvnoT+vFuQG9V7d7/7ZVcuFvbfCe
NcuWjd3BO4g3Y12XlIb9ffYunnzaSCjkjGC6wOKLAkC01J0feq6WrP3AiPkV2uzfVx
QU0EjK/ff8KOBVQQy6sfvv+1j+DmHg+hvpqAz9AyoLXLcUIosSobuJdFG1lW6RVX2O
ogtCi4GHcieuqwuA+NRAZV0zX3XTMNWNHPxrEW2cY7+Sm+iBwTwhwIA7Odg33la/qR
a+iGlpRWRE67g==
Received: by tyers.io (sSMTP sendmail emulation); Mon, 17 Sep 2018 10:57:38 +0000
From: Rhys Tyers <[email protected]>
Date: Mon, 17 Sep 2018 10:57:38 +0000
Subject: Hello
Message-Id: <[email protected]>
Hello me
I saw from a different issue that I had to concatenate the string in mail.txt so I think I did that correctly. I also restarted the container after generating the DKIM key.
rhyst
>All comments
DNS Provider did not support 2048 keys and was silently truncating the txt record. Ran./setup.sh config dkim 1024, replacedthe DNS records, and restarted the container and now it all works.
rhyst
on 17 Sep 2018
👍3
Was this page helpful?
0 / 5 - 0 ratings
Related issues
xiao1201
路
4Comments
dragonito
路
5Comments
Hamsterman
路
3Comments
rwarren
路
4Comments
jholster
路
4Comments
Most helpful comment
DNS Provider did not support 2048 keys and was silently truncating the txt record. Ran
./setup.sh config dkim 1024, replacedthe DNS records, and restarted the container and now it all works.