By leftylabsllc
I’m trying to sign my emails with DKIM but no luck. I tested with mail-tester.com and it says it has a signature but is invalid. I am using the MEANjs setup and using nodemailer with the sendmail transport.
Here is the mail-tester.com output
The DKIM signature of your message is:
v=1;
a=rsa-sha256;
c=relaxed/relaxed;
d=gshnccommunitypartners.org;
q=dns/txt;
s=gshncemail;
bh=H81zvFmSpW4Qe+7H48LFl6mJKpJYNV58BLLNPYIwH8c=;
h=from:subject:to:mime-version:content-type:content-transfer-encoding;
b=W5cMRBfELjie8fYb1dPfztnzosxBvdwicQ+e2z0j8b7Uoi8Lk+qwzYyAawy1XUOKK6Jbjx7deb4BNtgu0nQf8lYgU0JDkOKJ3BkogpTO+kS0j7/5ScLWAthyoQVIi4CJWyqwxEoqLPnCxqZ4BIK6jGHKYkaW+ukt6j4PagAFcZXgBw1QQEFBraDEAdeI+To96AURn++AKklenq0Joly5K/seaxtBzyupVn+kiZpuu8Uo7dLRpmU2jkHLDlmohWSo2b0ZcJaNMa1iIrVUvnYtSl1M8rFtJmE3vLdUNTyMekYSrWzR1CskeXqR/6qZ3X3jsW89fXGtv790Zi+Jg06B1w==
Your public key is:
"v=DKIM1;
k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPNXvkYZa/uzxabnVSuIYmS17cB7mnZOcEbRq2ojca621B6wApVXNjClbHHbt+ClKlkmcQEGI58eLC5BzftrZw8aLQTvoXUU3hmt3eTpM0ix7hADa39ORkHsSmwi38brY+T5S14cZUxJjKsRD6/HcM6SAhN+mSoQVmRjuNdWmIt5CzSdYaCvvbpKeRGWtVeL+5/ccKrYtHJYlRrNVnbNRc7Dzj2iygFekIqx9o/BBL/35IK0wzTvbnRty1sRJbDJLBxxMampm/Gh8Zo+mpN+xLWlgG9bMzTkeEDJFGgy+PNQx0/znHl4vFLwS8JnxBnG1Jtn1eDzILZ7OPOQmDuIlQIDAQAB"
Key length: 2048bits
Your DKIM signature is not valid
My DO DNS records are:
MX 5 gshnccommunitypartners.org. TXT @ “v=spf1 mx a ip4:162.243.74.111 include:gshnccommunitypartners.org -all” TXT gshncemail._domainkey “v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPNXvkYZa/uzxabnVSuIYmS17cB7mnZOcEbRq2ojca621B6wApVXNjClbHHbt+ClKlkmcQEGI58eLC5BzftrZw8aLQTvoXUU3hmt3eTpM0ix7hADa39ORkHsSmwi38brY+T5S14cZUxJjKsRD6/HcM6SAhN+mSoQVmRjuNdWmIt5CzSdYaCvvbpKeRGWtVeL+5/ccKrYtHJYlRrNVnbNRc7Dzj2iygFekIqx9o/BBL/35IK0wzTvbnRty1sRJbDJLBxxMampm/Gh8Zo+mpN+xLWlgG9bMzTkeEDJFGgy+PNQx0/znHl4vFLwS8JnxBnG1Jtn1eDzILZ7OPOQmDuIlQIDAQAB”
My server side code the setup the mailer is:
var mailTransporter = nodemailer.createTransport(config.mailer.options);
mailTransporter.use('stream', nodemailerDkimSigner({
domainName: 'gshnccommunitypartners.org',
keySelector: 'gshncemail',
privateKey: fs.readFileSync('./config/dkimcerts/private.pem')
}));
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
The most common reason for this issue is if there is a problem with your private key or your DNS record. From a visual inspection the record itself looks ok. The first thing to check for is if in your key file there is an empty line after -----END CERTIFICATE----- at the end of the file and remove it if there is one:
1.-----BEGIN CERTIFICATE-----
2.
3. /snipped code/
4. ... 20+ lines (its really not important how many if your cert is valid)
......
25. -----END CERTIFICATE-----
26.
Hello there,
What you can try is to split the record into two parts using quotes and then run another test via mail-tester.com or mxtoolbox.
An example will be:
“v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPNXvkYZa/uzxabnVSuIYmS17cB7mnZOcEbRq2ojca621B6wApVXNjClbHHbt+ClKlkmcQEGI58eLC5BzftrZw8aLQTvoXUU3hmt3eTpM0ix7hADa39ORkHsSmwi38brY+T5S14cZUxJjKsRD6/” “HcM6SAhN+mSoQVmRjuNdWmIt5CzSdYaCvvbpKeRGWtVeL+5/ccKrYtHJYlRrNVnbNRc7Dzj2iygFekIqx9o/BBL/35IK0wzTvbnRty1sRJbDJLBxxMampm/Gh8Zo+mpN+xLWlgG9bMzTkeEDJFGgy+PNQx0/znHl4vFLwS8JnxBnG1Jtn1eDzILZ7OPOQmDuIlQIDAQAB”
Hope that this helps! Regards, Alex
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.