DKIM signing not working with nodemailer using sendmail transport

September 15, 2016 462 views
Node.js MEAN Ubuntu

I'm trying to sign my emails with DKIM but no luck. I tested with mail-tester.com and it says it has a signature but is invalid. I am using the MEANjs setup and using nodemailer with the sendmail transport.

Here is the mail-tester.com output

The DKIM signature of your message is:

    v=1;
    a=rsa-sha256;
    c=relaxed/relaxed;
    d=gshnccommunitypartners.org;
    q=dns/txt;
    s=gshncemail;
    bh=H81zvFmSpW4Qe+7H48LFl6mJKpJYNV58BLLNPYIwH8c=;
    h=from:subject:to:mime-version:content-type:content-transfer-encoding;
    b=W5cMRBfELjie8fYb1dPfztnzosxBvdwicQ+e2z0j8b7Uoi8Lk+qwzYyAawy1XUOKK6Jbjx7deb4BNtgu0nQf8lYgU0JDkOKJ3BkogpTO+kS0j7/5ScLWAthyoQVIi4CJWyqwxEoqLPnCxqZ4BIK6jGHKYkaW+ukt6j4PagAFcZXgBw1QQEFBraDEAdeI+To96AURn++AKklenq0Joly5K/seaxtBzyupVn+kiZpuu8Uo7dLRpmU2jkHLDlmohWSo2b0ZcJaNMa1iIrVUvnYtSl1M8rFtJmE3vLdUNTyMekYSrWzR1CskeXqR/6qZ3X3jsW89fXGtv790Zi+Jg06B1w==

Your public key is:

"v=DKIM1;
k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPNXvkYZa/uzxabnVSuIYmS17cB7mnZOcEbRq2ojca621B6wApVXNjClbHHbt+ClKlkmcQEGI58eLC5BzftrZw8aLQTvoXUU3hmt3eTpM0ix7hADa39ORkHsSmwi38brY+T5S14cZUxJjKsRD6/HcM6SAhN+mSoQVmRjuNdWmIt5CzSdYaCvvbpKeRGWtVeL+5/ccKrYtHJYlRrNVnbNRc7Dzj2iygFekIqx9o/BBL/35IK0wzTvbnRty1sRJbDJLBxxMampm/Gh8Zo+mpN+xLWlgG9bMzTkeEDJFGgy+PNQx0/znHl4vFLwS8JnxBnG1Jtn1eDzILZ7OPOQmDuIlQIDAQAB"
Key length: 2048bits

Your DKIM signature is not valid

My DO DNS records are:

MX 5 gshnccommunitypartners.org.
TXT @ "v=spf1 mx a ip4:162.243.74.111 include:gshnccommunitypartners.org -all"
TXT gshncemail._domainkey "v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPNXvkYZa/uzxabnVSuIYmS17cB7mnZOcEbRq2ojca621B6wApVXNjClbHHbt+ClKlkmcQEGI58eLC5BzftrZw8aLQTvoXUU3hmt3eTpM0ix7hADa39ORkHsSmwi38brY+T5S14cZUxJjKsRD6/HcM6SAhN+mSoQVmRjuNdWmIt5CzSdYaCvvbpKeRGWtVeL+5/ccKrYtHJYlRrNVnbNRc7Dzj2iygFekIqx9o/BBL/35IK0wzTvbnRty1sRJbDJLBxxMampm/Gh8Zo+mpN+xLWlgG9bMzTkeEDJFGgy+PNQx0/znHl4vFLwS8JnxBnG1Jtn1eDzILZ7OPOQmDuIlQIDAQAB"

My server side code the setup the mailer is:

var mailTransporter = nodemailer.createTransport(config.mailer.options);

mailTransporter.use('stream', nodemailerDkimSigner({
    domainName: 'gshnccommunitypartners.org',
    keySelector: 'gshncemail',
    privateKey: fs.readFileSync('./config/dkimcerts/private.pem')
}));
1 Answer

The most common reason for this issue is if there is a problem with your private key or your DNS record. From a visual inspection the record itself looks ok. The first thing to check for is if in your key file there is an empty line after -----END CERTIFICATE----- at the end of the file and remove it if there is one:

1.-----BEGIN CERTIFICATE-----
2.
3. /snipped code/
4. ... 20+ lines (its really not important how many if your cert is valid)
......
25. -----END CERTIFICATE-----
26.
Have another answer? Share your knowledge.