DKIM - Webmin/Virtualmin - DNS issues

September 2, 2014 6k views


I have been struggling with getting DKIM working correctly for a few days now and it is driving me absolutely crazy. Yahoo isn't a fan of accepting our emails without DKIM and so i'm desperate to get this resolved as soon as possible.

So, I used webmin to configure DKIM and within the /etc/mail/dkim-milter/keys/ directory is the private key as I had hoped. Webmin then gives me the following:

*DNS records for additional domains *

tcbg._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5+LPQNh/kY/b1IaXtV"
    "RsD8RlsOmmJ+ME9QlPbqp+r0W6PZC6h63DJOiAfHOEno3yFUUreFMY4FTp2hKPJRuZshX625QIDAQAB" )

As you can see, the public seems to be split with quotation marks and spaces - I can't seem to find anything about how I might include this in the Digital Ocean DNS correctly. I've tried to remove spaces & quotation marks and have input the following into the DNS settings:




When I dig this from terminal on my computer, it seems to return the correct answer section.. But when testing the DKIM by emailing: I receive the following:

SPF check details:
Result:         permerror 
ID(s) verified:
DNS record(s): SPF (no records) 1722 IN TXT "v=spf1 ~all" SPF (NXDOMAIN)

DomainKeys check details:
Result:         neutral (message not signed)
ID(s) verified:
DNS record(s):

DKIM check details:
Result:         permerror (key "" doesn't exist)
ID(s) verified: 
Canonicalized Headers:

Canonicalized Body:

DNS record(s): TXT (NXDOMAIN)

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions.  If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

If anyone is able to offer advice, it would be massively appreciated as I'm tearing my hair out with frustration.

Thanks in advance for your time,


2 Answers

Bizarrely, with absolutely no changes made.. This appears to have started working.



Just in case anyone searching comes across this then can I suggest to test DKIM is working.

And secondly I doubt dkim was the problem. Yahoo blacklist IPs. If you contact then then Yahoo come back and suggest you do all sorts of stuff, DKIM etc., non of which makes any difference because the problem is they are blocking your IP. Check the fail message, if it says "[TS03] All messages from x.x.x.x will be permanently deferred; Retrying will NOT succeed." where x.x.x.x is your IP then Yahoo are blocking your IP. Good luck with getting through to Yahoo about that though!

I would suggest raising it via a support ticket to get DO on the case too. Or if you want a quick result try moving (or spinning up a test VPS) to a different country as in my experience if Yahoo blocks one DO IP they block the whole range at a location, as far as I can tell.

Have another answer? Share your knowledge.