Question

DKIM public key not found even though it's been in my DNS for a week

Hi,

I am having problems with my VPS trying to set up Postfix as send-only SMTP server using this tutorial:

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-16-04

Everything has been done the same way as they say in the tutorial and I’ve followed both of these tutorials as well:

My Zone file has the following information:

$ORIGIN my.example.com.
$TTL 1800
my.example.com. IN SOA ns1.digitalocean.com. hostmaster.my.example.com. 1516099513 10800 3600 604800 1800
my.example.com. 1800 IN NS ns1.digitalocean.com.
my.example.com. 1800 IN NS ns2.digitalocean.com.
my.example.com. 1800 IN NS ns3.digitalocean.com.
my.example.com. 3600 IN A 123.456.789.01
my.example.com. 3600 IN AAAA 2b02:c1d0:2:d0::132:3001
my.example.com. 3600 IN TXT "v=spf1 mx a ip4:123.456.789.01 ~all"
mail._domainkey.my.example.com. 3600 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCFqGSIb3DQEBAQUAA4GNADCBiQKBgQCZW8z/5Pvx6xhd2zEPAZNul02xDkb6xEOK1bgmDDypeZ18oOIOZk39WHU4tBoHyJm08e0ddfNtsmWSPyedjnIraOL+cG4lZgr0mAJmK/A1K2i+enoVQFiLitxieEeavtahTrJau5rr5BGqZFwAfwtdbSJOk4DrgexamwBnuaZL0wIGAQAB"

I’ve replaced the real domain and IPs with fake ones due to we’re using a confidential domain at this point. I’m hoping this can be resolved without exposing it.

My mail.txt file inside /etc/opendkim/keys/my.example.com looks like this (which was generated during the tutorial for DKIM):

mail._domainkey	IN	TXT	( "v=DKIM1; k=rsa; "
	  "p=MIGfMA0GCFqGSIb3DQEBAQUAA4GNADCBiQKBgQCZW8z/5Pvx6xhd2zEPAZNul02xDkb6xEOK1bgmDDypeZ18oOIOZk39WHU4tBoHyJm08e0ddfNtsmWSPyedjnIraOL+cG4lZgr0mAJmK/A1K2i+enoVQFiLitxieEeavtahTrJau5rr5BGqZFwAfwtdbSJOk4DrgexamwBnuaZL0wIGAQAB" )  ; ----- DKIM key mail for my.example.com

Using different DKIM checkers, I get information such as:

DNS query failed for 'mail._domainkey.my.example.com':NXDOMAIN
A public-key (p=) is required
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=my.example.com; s=mail; t=1516097701; bh=WBgqksrfs7F0OzQkyE7LiZPHyfFFhl7N4CNav2f5YVw=; h=Date:To:Subject:From:From; b=nlLoX/6Me+yXljyGp2YDsojBYLEq7dgCt1PHcsvD2A5fh76pbWoJsM9kkm6ytn16z
	 M/re5tI5UQzHOVu7oM7cB11zPHkhFl1efvV5mr+FfedglmFHtew/FsvFwjf/P/3Kld
	 /h/rs26aPmOsFduTtlwUja532pmiyXInGiUsFzzM=
Signed-by: admin@my.example.com
Expected-Body-Hash: WBhgpZjQs7F2OzQkyE7LiZPHyflshl7N4CNav2f5VVw=

DKIM-Result: permerror (no key)

Please note (as title says) that I have had these DNS settings up and running for a week now and the error persists.

What am I missing? I’ve read all the comments and no one seems to be getting the same error as me. If they did have a similar issue, it was resolved from typos.

Thank you in advance!


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hello there,

Once created you can use a DKIM checker tool like the one provided from mxtoolbox and check whether the generated key is valid.

https://mxtoolbox.com/dkim.aspx

Also, there are DKIM checker tools that can pinpoint an issue with the configuration which can help you to fix any misconfiguration.

Hope that this helps! Regards, Alex

Hello,

Did you ever figure out what was the problem?

Thank you.