Same issue :(

For many occurrences you need to docker-compose down first. Did you try that?

But docker-compose down will also delete volumes !? where data is stored
or am i wrong?

233

DKIM keys are now stored in Redis. It migrates the keys when you recreate the phpfpm container after running docker-compose pull && docker-compose up -d.
The keys will be deleted from the volume and the volume remains empty until we remove it in the future.

Everthing sounds fine, except it did not list the keys from Redis. But this _could_ be a caching issue. Or some missing file updates from git.

Do the keys disappear when you reattach the DKIM volume?

I had the exactly same issue. The old DKIM selectors are not listed, but in a fresh Installation all new selectors are listed.

I planned on updating two mailcow instances today but now I'll rather wait :p

This does not help at all.

I need information like .. does it work after removing the DKIM volume?

Damn. I pushed a new image mailcow/phpfpm... For those who already upgraded, do this please:

Check your domains DNS settings and copy your DKIM TXT record, like this:

v=DKIM1;k=rsa;t=s;s=email;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9+zwcWxDTYmZDe5iBEG9cb0z7Jx7bjCTa2OkjPs8BjDmThHrJwJhZYRhEgpMQ2WoJXzOH0O5N8+EhsLPDqL20vkO79jCJiCYDwZqpq+ZY37deJkZ+o6T/CGODqqUJXZDaU27kHSWaW6kjxa3iMJO6k2kJNBSXa7vTU/hfINbUuQIDAQAB

Remove v=DKIM1;k=rsa;t=s;s=email;p= from that string. Result (public key):

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9+zwcWxDTYmZDe5iBEG9cb0z7Jx7bjCTa2OkjPs8BjDmThHrJwJhZYRhEgpMQ2WoJXzOH0O5N8+EhsLPDqL20vkO79jCJiCYDwZqpq+ZY37deJkZ+o6T/CGODqqUJXZDaU27kHSWaW6kjxa3iMJO6k2kJNBSXa7vTU/hfINbUuQIDAQAB

Run source mailcow.conf ; docker-compose exec redis-mailcow redis-cli in the mailcow-dockerized directory and enter:

HSET DKIM_PUB_KEYS my-domain.com MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9+zwcWxDTYmZDe5iBEG9cb0z7Jx7bjCTa2OkjPs8BjDmThHrJwJhZYRhEgpMQ2WoJXzOH0O5N8+EhsLPDqL20vkO79jCJiCYDwZqpq+ZY37deJkZ+o6T/CGODqqUJXZDaU27kHSWaW6kjxa3iMJO6k2kJNBSXa7vTU/hfINbUuQIDAQAB

Just don't forget to replace my-domain.com and the public key with your own values.

Edit: Also set the selector. "dkim" is the old default selector.

HSET DKIM_SELECTORS my-domain.com dkim

@andryyy It does work after manually removing the DKIM volume - yes (as in, any new keys; mine didn't appear to migrate though). I'll try your instructions for the redis-cli - but just wanted to confirm, am I to do this prior to moving to the push you've just made, or after? Thanks :)

Edit: Appears after upgrading to the latest, I can remove keys via the web interface, but cannot add any. I can add keys for the redis-cli though. Just about to try completely removing + recreating the redis volume.

Edit 2: With a completely fresh Redis volume, I cannot add any new keys through the web interface (error is "DKIM domain or selector is invalid"). Using one of my domains, and default selector. I can still manually insert them via the DB though :)

Edit 3: Despite that, it appears that there are no DKIM signatures on the outgoing mail either unfortunately.

@andryyy Do you have running instances of your master branch working with DKIM?

Sure, @Braintelligence

@stevesbrain If it fails to add them, they are found in Redis or as files in /data/dkim/{txt,keys}/.

Make sure you first run docker-compose pull and docker-compose up -d followed by docker-compose restart php-fpm-mailcow. If there were keys, they are now migrated. If you deleted the volume etc., they are gone.

You can delete old files in the DKIM volume by running:

docker-compose exec php-fpm-mailcow /bin/sh -c "rm /data/dkim/txt/*"
docker-compose exec php-fpm-mailcow /bin/sh -c "rm /data/dkim/keys/*"

Or delete all Redis keys:

docker-compose exec redis-mailcow redis-cli DEL DKIM_SELECTORS
docker-compose exec redis-mailcow redis-cli DEL DKIM_PUB_KEYS
docker-compose exec redis-mailcow redis-cli DEL DKIM_PRIV_KEYS

@stevesbrain I pushed a PHP image with missing openssl.......... sorry! The new image is being generated and will be pushed within the next minutes.

Edit: Done.

thx worked for me

@andryyy Thanks - latest push fixes everything :dagger:

Edit: Fixes the interface, but doesn't appear to fix the ability to send SPF outgoing; there is not signature on the email itself :(

Edit 2: Well, deleting all private + public keys + selectors and then creating fresh ones appeared to resolve that component of the issue. We are all good now :)

I am running Mailcow via docker-compose and have found that after each update.sh run, I'm getting "Key missing" messages for each ARC/DKIM key in the admin -> Configuration -> ARC/DKIM. I also find that domains that previously worked with DKIM signatures included have lost them... :( - I will try to recover them from a backup, but this is troubling. Is anyone else having this problem?

@lightweight Please open a new separated issue for your problem, also including logs from at least the redis container. Data like DKIM keys are saved in redis, so it appears that redis is not persisting your data on your setup: check write permissions, as well as your docker-compose file with the one of this GitHub repository. Beside that: New issue please.

Restore your Redis DB. This is not normal, I think your Redis DB is or was broken.

It can also happen is you update from a very, very old mailcow.

Many thanks @patschi and @andryyy - you're quite right - I changed the path for my persistent data and managed to accidentally mess up the redis volume argument... luckily, an older redis volume, prior to me changing the path, was reconnected when I corrected the path, and I appear to have been able to fix the problem (I had to re-assert the DKIM records in my various zone files, but wasn't too big a deal).