educa
By:
educa

Exim mail not signing DKIM. Don't find whats wrong. (detailed description of steps taken)

December 13, 2014 3.1k views

Hi,

I'd like to setup my fresh server for hosting my www.bolleboos.be website and enable
sending of email from my php scripts.
So... I installed apache, php, mysql, ... and for the mail exim4

Sending mail allready works fine and I also managed to get SPF working .

If I send a mail to check-auth@verifier.port25.com then it returns me

SPF check:          pass
DomainKeys check:   neutral
DKIM check:         neutral
Sender-ID check:    pass
SpamAssassin check: ham

So logical next step would be to enable DKIM

I created a 1024 bits private key with

#openssl genrsa -out dkim.private.key 1024

and then the public key with

#openssl rsa -in dkim.private.key -out dkim.public.key -pubout -outform PEM

These files are now in /etc/exim4/

Then I edited the file /etc/exim4/conf.d/transport/00exim4-configheader and added the following content

######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################

# A transport is used only when referenced from a router that successfully
# handles an address.

begin transports

DKIM_CANON = relaxed
DKIM_DOMAIN = bolleboos.be
DKIM_SELECTOR = dkim
DKIM_PRIVATE_KEY = /etc/exim4/dkim.private.key

After that I execute the following commands (as root user)

/etc/init.d/exim4 stop
update-exim4.conf
/etc/init.d/exim4 stop

All executes fine

I also added a few things to my DNS

My zone file looks like this now

$ORIGIN bolleboos.be.
$TTL 1800
bolleboos.be. IN SOA ns1.digitalocean.com. hostmaster.bolleboos.be. 1418477398 10800 3600 604800 1800
bolleboos.be. 1800 IN NS ns1.digitalocean.com.
bolleboos.be. 1800 IN NS ns2.digitalocean.com.
bolleboos.be. 1800 IN NS ns3.digitalocean.com.
bolleboos.be. 1800 IN A 128.199.43.113
*.bolleboos.be. 1800 IN CNAME bolleboos.be.
bolleboos.be. 1800 IN MX 10 mx.mailprotect.be.
bolleboos.be. 1800 IN MX 50 mx.backup.mailprotect.be.
bolleboos.be. 1800 IN TXT "v=spf1 a:bolleboos.be -all"
dkim._domainkey.bolleboos.be. 1800 IN TXT "TXT v=DKIM1; t=y; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWdCBmsPYub6KXNdiuntRwQJ8y LLh1viv3YLeoNW7ayPDHXFpR3O1pcU3fHQimhSBH67KXpH7oWAfka09GRUCh7UBm iEbjldlrTXdX7QBr4Ff70vRIhBogkwN8rRPlF+c69lRkrALJp6psOD4D1Gwx58kZ LDQrM19qwVH+SKIaBQIDAQAB"

When I now send mail to the port25 checker, I still get message back with DKIM as neutral and it also says my mail was not signed. So it looks like exim doesn't sign my mail ?

Is there something I might have done wrong or can I check certain logfiles to see if something is not right ?

Kind regards,
Bart

1 comment
1 Answer

You have wrong TXT-record:
Use value TXT-record:

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWdCBmsPYub6KXNdiuntRwQJ8y LLh1viv3YLeoNW7ayPDHXFpR3O1pcU3fHQimhSBH67KXpH7oWAfka09GRUCh7UBm iEbjldlrTXdX7QBr4Ff70vRIhBogkwN8rRPlF+c69lRkrALJp6psOD4D1Gwx58kZ LDQrM19qwVH+SKIaBQIDAQAB
Have another answer? Share your knowledge.