How to use multiple DKIM records on a single domain

psa · February 17, 2023, 4:52pm

Hello,

i followed everything from this guide on getting a 10/10 on mail-tester.com however I am only getting a 9/10.
Recording to the site I am missing a DKIM entry, however when I check the DNS setting on CP and on cloudflares site there the DKIM entry generated by the above mentioned guide visible.

I do have a second DKIM entry used by zoho listed in the DNS entrys, this shouldnt be a problem tho since its using a different name.

Id appreciate any help with this.

Maybe there is a way to delete all DKIM keys and generate new ones?

josephgodwinke · February 17, 2023, 5:39pm

Hello @psa Happy you are here

Is this some sort of DKIM key rotation you are trying to do with two DKIM keys ?

You can delete those records and generate new one using this guide 1 - DKIM Set up and Configurations

psa · February 17, 2023, 11:59pm

I tried to delete the existing DKIM records but still no luck, it doesnt matter if i have one DKIM entry or multiple. Is there a way to delete the existing keys on the server side and generating new ones? It seems that using the dkimManger just reallocates the existingen public keys.

josephgodwinke · February 18, 2023, 4:34am

## run as is if you miss the asterisk you will have to create that keys folder with correct owner
rm -rf /etc/opendkim/keys/*

https://community.cyberpanel.net/t/how-to-manually-set-up-spf-dkim-and-dmarc-inside-cyberpanel/30666#installing-and-setting-up-opendkim-4

psa · February 18, 2023, 12:44pm

Ok so i tried everything at this point but I still cant get 10/10 email score since it is saying that my DKIM record isnt right. I manged to delete all DKIM keys and generating new ones but no luck.
Can someone look over my config and spot the error? Thanks in advance!

josephgodwinke · February 18, 2023, 1:37pm

I spotted here https://community.cyberpanel.net/uploads/default/original/2X/8/8e3d7c6510b0bfc07a0198d90158bd4fea950df5.png you have changed the value of default._domainkey you should not change that value since that value is generated and should not be changed manually on DNS zones page

psa · February 18, 2023, 7:25pm

I had to change it since im also using cloudflare and it would cause problems having the space between the key split
by reformating the key i could get it to pass as a valid dkim key but there seems to be a different problem…

psa · February 18, 2023, 7:53pm

if I leave everything as is Im getting this faulty outcome:

thats why I have to remove the space manually

psa · February 18, 2023, 11:13pm

OK i figured out what caused the problem but im still no happy with the temporary solution.
It seems that something is wrong with the POSTFIX CONFIGURATIONS FOR RSPAMD.

After commenting out the RSPAMD port entries in the postfix/main.cf file the DKIM entries are being sent as usual in the mail header. However as soon as I use the Smtpd Milters from RSPAMD the DKIM keys arent getting added to the mail headers.

Bildschirmfoto 2023-02-19 um 00.04.38

Bildschirmfoto 2023-02-19 um 00.09.07

josephgodwinke · February 19, 2023, 6:53am

https://community.cyberpanel.net/uploads/default/original/2X/4/490e3a0a3cbdded08ef6e4d041348bcd794eca08.png

You only remove the quotes and spaces when you copy to cf but on cyberpanel leave it as it is. It is not designed to be edited on cyberpanel.

josephgodwinke · February 19, 2023, 6:56am

The only changes that will make rspamd work correctly with Postix mta

smtpd_milters = inet:localhost:11332
milter_default_action = accept

This is recommended way to utilize the rspamd proxy worker in milter mode

This boils down back to what i adviced. Change the DKIM key record back to what it was on cyberpanel

psa · February 19, 2023, 12:24pm

Alright so I tried once again with all the advice you gave me.
I generated new DKIM keys and didnt change them on CF but I did change them on Cloudflare to get a valid DKIM check.

I also changed the postfix/main.cf file to the default setting.
Bildschirmfoto 2023-02-19 um 13.14.34

However now when Im sending an test mail to ping@mxtoolbox im getting the following output (no dkim in header).

Here are also my email logs:

Feb 19 13:19:57 psa-media spamd[894]: spamd: clean message (1.0/5.0) for spamd:5002 in 4.0 seconds, 19420 bytes.
Feb 19 13:19:57 psa-media spamd[894]: spamd: result: . 1 - DKIM_INVALID,DKIM_SIGNED,HTML_FONT_LOW_CONTRAST,HTML_FONT_SIZE_LARGE,HTML_MESSAGE,MIME_HTML_MOSTLY,MPART_ALT_DIFF,SPF_HELO_NONE,SPF_NONE,UNPARSEABLE_RELAY,URIBL_BLOCKED,URIBL_DBL_BLOCKED_OPENDNS scantime=4.0,size=19420,user=spamd,uid=5002,required_score=5.0,rhost=::1,raddr=::1,rport=48864,mid=[email protected],autolearn=no autolearn_force=no
Feb 19 13:19:57 psa-media postfix/pickup[50399]: BA22487F70: uid=5002 from=[email protected]
Feb 19 13:19:57 psa-media postfix/pipe[50621]: 1A48D87C24: to=[email protected], relay=spamassassin, delay=5.8, delays=1.7/0.01/0/4, dsn=2.0.0, status=sent (delivered via spamassassin service)
Feb 19 13:19:57 psa-media postfix/qmgr[50400]: 1A48D87C24: removed
Feb 19 13:19:57 psa-media postfix/cleanup[50565]: BA22487F70: message-id=[email protected]
Feb 19 13:19:57 psa-media spamd[810]: prefork: child states: II
Feb 19 13:19:58 psa-media postfix/qmgr[50400]: BA22487F70: from=[email protected], size=20345, nrcpt=1 (queue active)
Feb 19 13:19:58 psa-media postfix/pipe[50567]: BA22487F70: to=[email protected], relay=dovecot, delay=1, delays=1/0/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
Feb 19 13:19:58 psa-media postfix/qmgr[50400]: BA22487F70: removed

Sorry for taking so much of your time and thanks in advance

T21 · March 9, 2023, 2:55pm

I’m also experiencing this problem.

I think it might have something to do with a incomplete Rspamd setup.
If I run the rspamd configuration wizard (# rspamadm configwizard) it prompts me to setup the DKIM signing feature.

As I do not fully understand this, I didn’t try it. Maybe someone can offer more insight?