Question

How can i Install and configure DKIM on CentOS?

Hello guys,

Am trying to install and configure SPF and DKIM but my emails still go to spam. Find below headers from gmail and yahoo response.

I am running on CentOS 6.5 64bit, Zpanel, Roundcube for my emails

Kindly help on how i would solve this error “dkim=neutral (bad version) header.i=@”

I used this tutorial to configure my dkim http://www.prosinger.net/index.php/opendkim-postfix/

I have replaced my domain name with xxxxxxxxxxx.com and my IP address with 000.00.000.000 for the purpose of asking this question.

I have also set my DNS records as follows:

TXT    @   "v=spf1 mx -all"

and

TXT    mail._domainkey  "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC13SVMhSMOFNrAco7J0W6o1FvOVzfkYqRWVB2OrE6voPR68Q+DMPoVs3IPhs971cbGAvZRduQ2cspbblnf2mlhtpCphe8s0ox4CeZPVR0sR2lmXxrWnZmflALmpsHuIvNVQ3dJT/EI3Vy59t9VOxZ0zByMGgRD5SEVb++++++xhBLwIDAQAB" 
//-----GMAIL HEADER RESPONSE------//

Delivered-To: mangurumuiruri@gmail.com
Received: by 10.27.183.8 with SMTP id h8csp1216913wlf;
        Fri, 6 Mar 2015 04:56:48 -0800 (PST)
X-Received: by 10.180.149.205 with SMTP id uc13mr33502783wib.0.1425646607956;
        Fri, 06 Mar 2015 04:56:47 -0800 (PST)
Return-Path: <support@xxxxxxxxxxx.com>
Received: from server.xxxxxxxxxxx.com (server.xxxxxxxxxxx.com. [000.00.000.000])
        by mx.google.com with ESMTP id hx8si14204707wjb.100.2015.03.06.04.56.47
        for <mangurumuiruri@gmail.com>;
        Fri, 06 Mar 2015 04:56:47 -0800 (PST)
Received-SPF: pass (google.com: domain of support@xxxxxxxxxxx.com designates 000.00.000.000 as permitted sender) client-ip=000.00.000.000;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of support@xxxxxxxxxxx.com designates 000.00.000.000 as permitted sender) smtp.mail=support@xxxxxxxxxxx.com;
       dkim=neutral (bad version) header.i=@
Received: from server.xxxxxxxxxxx.com (localhost [127.0.0.1])
	by server.xxxxxxxxxxx.com (Postfix) with ESMTPA id 065F940E9C
	for <mangurumuiruri@gmail.com>; Fri,  6 Mar 2015 07:56:47 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=xxxxxxxxxxx.com;
	s=default; t=1425646607;
	bh=aPk57tH8wVq+/UKJBMegfzUAzrBGFnon/irnHq85+ok=;
	h=Date:From:To:Subject;
	b=SSORHnoN+W/sywGbVvjeHG+CSyEXBgmmJjS/vKtS/Qch3WCxupO2DluVylfdt4gHC
	 TYvDa7kh/UBk+UB10M73btm7XGHsmSDsDeKsFdku3Q2qWEHWR/N7Sz7CFbT7+2uWX5
	 WhHA+bFsW5AKnqntFbl6BcwLB07VFaKQSebnnSTY=
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="=_4acede452a4b7b2f16a986ec3b62713e"
Date: Fri, 06 Mar 2015 07:56:46 -0500

//-----YAHOO HEADER RESPONSE------//
From support@xxxxxxxxxxx.com Fri Mar  6 13:20:46 2015
X-Apparently-To: stanleywachira64@yahoo.com; Fri, 06 Mar 2015 13:20:47 +0000
Return-Path: <support@xxxxxxxxxxx.com>
Received-SPF: pass (domain of xxxxxxxxxxx.com designates 000.00.000.000 as permitted sender)
 aHRtbAMDMQ--
X-YMailISG: 6TxQJ4UWLDu3bzjVUyqDY8BtidmycXvzNH44zhoqsHWclFdZ
 E89BxWk9mUq9VgJns_dZunSJrEvNtCsVZHw3xa2R4KjlJvWZiN69VD.ZCcWI
 gg4j1mAIkBbtGqSYjMllzw8bk3uuB8Z.dS8F7H8YYYSE6Z7_INxWpud.d4KV
 XEyUEdBicyv2AiRLA621F._GEnMFoOH_pOiIQo9iJZWGnvgzjmFf.gz9MEg3
 8YXiYUVK_pIzyYnQsoiPmAoWf.5gBVJeSEyxTfj3nlyYAOnlNzq3ujZOzcvs
 _6MKyDOMhvJfJPH34IVL_fCWGEvr4L7fmL5iKn.S2i4AxjaTcs76Q9OfV_H5
 byOdNdKGLgCeMwJ1sPNhzlKHkQevzdMOiodJMmJks3DnjUrmJrd0mpTSMO5P
 J9GyVRHNTus1Er6k1TvNJuCWWgupSBqoVm0kiqoG.T5lefFHCX6dr4gNfQcT
 KAAjsLYT2PD5jQQtpD3kpgj5JDux3yCmE7Ms9ybqgHNsrUzub.2RPJ9bo6ec
 pB4MzER59LAyPigB6aMg6zOTZiD1Pf2amiqa.vxaHPuAqRmkDxURsYj2vywq
 tAYfjNYHifMdaqmHcanXDW1Dt5mfNMZVwsHqLW0ugr_MM3lnA9aB8S5wZbSN
 aYfqvUwci4iL_eXTL00aSMDtIZHfCwhKvl5EB8Z61t_5JDRWgIOZMZqheeiT
 Ptl5IiqrBetA_qB_eFQsGyc2tREgHj_iGjitbpWhfMqTsaGBrAlaL_pjV2.6
 o0zYNituSJ95P7grPCQTkdpqoYjYSUUGoy5fyvzbLsGX5t7Dq32vwzfSOxva
 DPKdOPKs.HE5BzPdIdly0P1weQ91cHr8kZ4Vh7dJgwqaxDvBT1jOCwcplEhI
 .wC5upK9H7gLPHtgJiIhR.qFZmyfWHd16_V91WRCvWv5DllDegGIRpXH4q3e
 Sx.AZHwNQYTN6vC2Zj6Wfim8rCrHx8RgACfoBO9z05U2n6gslpqKqzY_wkH2
 UGK8bbMNtIVHnQ_pnKELvgio4ZmIM75hHFKUKwkpA64jN9MKOhGlWk919zWe
 m9B6_D.O0GKaRcyHc10yttiMxpIUQ4rOOtaCuJa2nB7Y3FHBLOWt8M0bMGnm
 TcjxJAolSd30lAbPTLVPDOyIaGga4iykzq7javFE6MCda0odG8jWcr8I8wAk
 isAENiQz3s_.Ug2YTiSQd4Np8nMWkOPLfSC5eIdjv6zjMpMdIncEOqYj84U1
 4Zhh8TzPmUaCUc3LjuHwJYRGiKZyC8Sgz72yL6F1yuPtT6NB7naP2OcxWABp
 CF7qb5nFwP3669lTvMlOQN5.hJv2o8gg61_RlsrSIWsUjANiWzPxynft5BVa
 OxpPVD85UzxSxRPu7cKLcNQFcidIOMY4
X-Originating-IP: [000.00.000.000]
Authentication-Results: mta1011.mail.bf1.yahoo.com  from=xxxxxxxxxxx.com; domainkeys=neutral (no sig);  from=xxxxxxxxxxx.com; dkim=fail (unknown key version)
Received: from 127.0.0.1  (EHLO server.xxxxxxxxxxx.com) (000.00.000.000)
  by mta1011.mail.bf1.yahoo.com with SMTP; Fri, 06 Mar 2015 13:20:46 +0000
Received: from server.xxxxxxxxxxx.com (localhost [127.0.0.1])
	by server.xxxxxxxxxxx.com (Postfix) with ESMTPA id 73B8E4091D
	for <stanleywachira64@yahoo.com>; Fri,  6 Mar 2015 08:20:46 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=xxxxxxxxxxx.com;
	s=default; t=1425648046;
	bh=pJ8Zn92/H8dQkufKDdWy3D7H+zEP2rL0cFkFDMQPdo4=;
	h=Date:From:To:Subject;
	b=fVHSF5eWKrYgTFISgzKCx8HFN/+Px64WEMT6Fu2q/MNI6aiiZVdUi3TFwTVi8OENw
	 cAQUH1E9vkgsrrZHv5Mk4EGKYePjOqvVesq5mD9JJy0nMmr+g0GKCeyz+PwbfR6Md0
	 StQILw1hFRxw8exb8ihf+Is/HlUNtMq6WHD01INc=
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="=_e954350ae21adc68b88f7e212d73801d"
Date: Fri, 06 Mar 2015 08:20:46 -0500

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hello there,

A DKIM record is another measure that can prevent spoofing and improve mail reliability. You can use any online tool to generate the key for you.

In order to have a proper DKIM record, you’ll need to have one public and one private DKIM key. Usually, how it goes is, you have the private DKIM on your Droplet and the public DKIM record added to your DNS.

When you send an e-mail to a another domain, the server the domain is on, checks both the public and the private DKIMs to see if they match.

Basically, in order for your DKIM to work, you’ll need to have the private part on your Droplet. Having said that, Plesk does come as far as I’m aware with a tool that does this.

Also if you use any control panel for your server, like cPanel it will have the built-in functionality to create the DKIM record on your behalf.

Once created you can use a DKIM checker tool like the one provided from mxtoolbox and check whether the generated key is valid.

https://mxtoolbox.com/dkim.aspx

Another DKIM tester you can use is

https://www.mail-tester.com/spf-dkim-check

Hope that this helps!

Hello there!

The information here all looks correct and that indicates that the DNS may not be setup correctly. As a result, when the mail server checks to verify your DKIM it fails. Have you tried running your domain through a DKIM tester such as https://www.mail-tester.com/spf-dkim-check?

It can help to verify that your DNS is returning the records correctly and in the proper format. Feel free to post what problems pop up, if any, when you try that!