How to use multiple DKIM records on a single domain

Pe

Peter Feb 17, 2023 #1

Hello,

i followed everything from this guide on getting a 10/10 on mail-tester.com however I am only getting a 9/10.
Recording to the site I am missing a DKIM entry, however when I check the DNS setting on CP and on cloudflares site there the DKIM entry generated by the above mentioned guide visible.

I do have a second DKIM entry used by zoho listed in the DNS entrys, this shouldnt be a problem tho since its using a different name.

Id appreciate any help with this.

Maybe there is a way to delete all DKIM keys and generate new ones?

jo

josephgodwinke Feb 17, 2023 #2

Hello @psa Happy you are here

Is this some sort of DKIM key rotation you are trying to do with two DKIM keys ?

You can delete those records and generate new one using this guide 1 - DKIM Set up and Configurations

Pe

Peter Feb 17, 2023 #3

I tried to delete the existing DKIM records but still no luck, it doesnt matter if i have one DKIM entry or multiple. Is there a way to delete the existing keys on the server side and generating new ones? It seems that using the dkimManger just reallocates the existingen public keys.

jo

josephgodwinke Feb 18, 2023 #4

## run as is if you miss the asterisk you will have to create that keys folder with correct owner
rm -rf /etc/opendkim/keys/*

https://community.cyberpanel.net/t/how-to-manually-set-up-spf-dkim-and-dmarc-inside-cyberpanel/30666#installing-and-setting-up-opendkim-4

Pe

Peter Feb 18, 2023 #5

Ok so i tried everything at this point but I still cant get 10/10 email score since it is saying that my DKIM record isnt right. I manged to delete all DKIM keys and generating new ones but no luck.
Can someone look over my config and spot the error? Thanks in advance!

jo

josephgodwinke Feb 18, 2023 #6

I spotted here https://community.cyberpanel.net/uploads/default/original/2X/8/8e3d7c6510b0bfc07a0198d90158bd4fea950df5.png you have changed the value of default._domainkey you should not change that value since that value is generated and should not be changed manually on DNS zones page

Pe

Peter Feb 18, 2023 #7

I had to change it since im also using cloudflare and it would cause problems having the space between the key split
by reformating the key i could get it to pass as a valid dkim key but there seems to be a different problem…

Pe

Peter Feb 18, 2023 #8

if I leave everything as is Im getting this faulty outcome:

thats why I have to remove the space manually

Pe

Peter Feb 18, 2023 #9

OK i figured out what caused the problem but im still no happy with the temporary solution.
It seems that something is wrong with the POSTFIX CONFIGURATIONS FOR RSPAMD.

After commenting out the RSPAMD port entries in the postfix/main.cf file the DKIM entries are being sent as usual in the mail header. However as soon as I use the Smtpd Milters from RSPAMD the DKIM keys arent getting added to the mail headers.

Bildschirmfoto 2023-02-19 um 00.04.38

Bildschirmfoto 2023-02-19 um 00.09.07

jo

josephgodwinke Feb 19, 2023 #10

https://community.cyberpanel.net/uploads/default/original/2X/4/490e3a0a3cbdded08ef6e4d041348bcd794eca08.png

You only remove the quotes and spaces when you copy to cf but on cyberpanel leave it as it is. It is not designed to be edited on cyberpanel.

jo

josephgodwinke Feb 19, 2023 #11

The only changes that will make rspamd work correctly with Postix mta

smtpd_milters = inet:localhost:11332
milter_default_action = accept

This is recommended way to utilize the rspamd proxy worker in milter mode

This boils down back to what i adviced. Change the DKIM key record back to what it was on cyberpanel

Pe

Peter Feb 19, 2023 #12

Alright so I tried once again with all the advice you gave me.
I generated new DKIM keys and didnt change them on CF but I did change them on Cloudflare to get a valid DKIM check.

I also changed the postfix/main.cf file to the default setting.
Bildschirmfoto 2023-02-19 um 13.14.34

However now when Im sending an test mail to ping@mxtoolbox im getting the following output (no dkim in header).

Here are also my email logs:

Feb 19 13:19:57 psa-media spamd[894]: spamd: clean message (1.0/5.0) for spamd:5002 in 4.0 seconds, 19420 bytes.
Feb 19 13:19:57 psa-media spamd[894]: spamd: result: . 1 - DKIM_INVALID,DKIM_SIGNED,HTML_FONT_LOW_CONTRAST,HTML_FONT_SIZE_LARGE,HTML_MESSAGE,MIME_HTML_MOSTLY,MPART_ALT_DIFF,SPF_HELO_NONE,SPF_NONE,UNPARSEABLE_RELAY,URIBL_BLOCKED,URIBL_DBL_BLOCKED_OPENDNS scantime=4.0,size=19420,user=spamd,uid=5002,required_score=5.0,rhost=::1,raddr=::1,rport=48864,mid=20230219121950.370ab9b88db76d13@mxtoolbox.com,autolearn=no autolearn_force=no
Feb 19 13:19:57 psa-media postfix/pickup[50399]: BA22487F70: uid=5002 from=bounce+402172.9c403-mail=peteravis.de@mxtoolbox.com
Feb 19 13:19:57 psa-media postfix/pipe[50621]: 1A48D87C24: to=mail@peteravis.de, relay=spamassassin, delay=5.8, delays=1.7/0.01/0/4, dsn=2.0.0, status=sent (delivered via spamassassin service)
Feb 19 13:19:57 psa-media postfix/qmgr[50400]: 1A48D87C24: removed
Feb 19 13:19:57 psa-media postfix/cleanup[50565]: BA22487F70: message-id=20230219121950.370ab9b88db76d13@mxtoolbox.com
Feb 19 13:19:57 psa-media spamd[810]: prefork: child states: II
Feb 19 13:19:58 psa-media postfix/qmgr[50400]: BA22487F70: from=bounce+402172.9c403-mail=peteravis.de@mxtoolbox.com, size=20345, nrcpt=1 (queue active)
Feb 19 13:19:58 psa-media postfix/pipe[50567]: BA22487F70: to=mail@peteravis.de, relay=dovecot, delay=1, delays=1/0/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
Feb 19 13:19:58 psa-media postfix/qmgr[50400]: BA22487F70: removed

Sorry for taking so much of your time and thanks in advance

T2

T21 Mar 09, 2023 #13

I’m also experiencing this problem.

I think it might have something to do with a incomplete Rspamd setup.
If I run the rspamd configuration wizard (# rspamadm configwizard) it prompts me to setup the DKIM signing feature.

As I do not fully understand this, I didn’t try it. Maybe someone can offer more insight?