dkim (bad signature)

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
biff
Posts: 5
Joined: Sun May 20, 2018 6:15 am

dkim (bad signature)

Post by biff »

Hello everyone!!! I install in my test-lab Zimbra open source 8.8 on centOS7: config spf, dkim, dmarc . When I check my records dkimvalidator.com. I have a error (bad signature) in DKIM, how I can troubleshoot a problem?
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: dkim (bad signature)

Post by phoenix »

As you've given no details that can be verified other than it doesn't work it's impossible top tell what is the exact problem I'll hazard a guess that you don't have a valid DKIM record on a public DNS server.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
biff
Posts: 5
Joined: Sun May 20, 2018 6:15 am

Re: dkim (bad signature)

Post by biff »

Bill, thanks for answer! Tell me what detail you need. I have a split-dns. On CentOS install dnsmasq and config for transfer mail from inside to outside.
When I check a resolv my mail from outside (dig my domain mx)
Answer
mydomain 0 in mx 10 mail.mydomain
mail.mydomain. 0 in a 10.20.20.30
. I config from domain provider a txt record dmarc(worked), dkim(failed)
Your think my problem is split-dns config?
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: dkim (bad signature)

Post by phoenix »

No, it's not the Split DNS configuration as I sue that myself and have no problems with DKIM, DMARC & spf - although I now use rspamd for my anti-spam I also use it for DKIM signing I used to have it done by ZCS and didn't have any problems then.

I mentioned an external DNS server, do you have the required DNS records created correctly for DKIM & SPF?
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
biff
Posts: 5
Joined: Sun May 20, 2018 6:15 am

Re: dkim (bad signature)

Post by biff »

Hello!!! My external dns config
Spf (v=spf1 +a +mx -all)
(Dkim)selector._domainkey txt v=DKIM1; k=rsa;p=key!!
._domainkey txt t=s; o=~
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: dkim (bad signature)

Post by phoenix »

What does the output of the following commands show (obviously put your settings & domain name in there)?

Code: Select all

dig +short TXT yourdomain.com @9.9.9.9


dig +short TXT _dmarc.yourdomain.com @9.9.9.9


dig +short TXT dkim._domainkey.yourdomain.com @9.9.9.9
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
biff
Posts: 5
Joined: Sun May 20, 2018 6:15 am

Re: dkim (bad signature)

Post by biff »

Hello, give all output, but dkim empty.
But if I write command dig +short TXT selector._domainkey.mydomain.com @9.9.9.9
output my public key.
Last edited by biff on Mon May 21, 2018 6:08 am, edited 1 time in total.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: dkim (bad signature)

Post by phoenix »

biff wrote:Hello, give all output, but dkim empty
That would be the problem, as I mentioned earlier , you need to have the DKIM information set-up correctly in an external DNS server. Who hosts the external DNS records for your domain name?
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
biff
Posts: 5
Joined: Sun May 20, 2018 6:15 am

Re: dkim (bad signature)

Post by biff »

Hello, if I write command dig +short TXT selector._domainkey.mydomain.com outputting my public key.
Post Reply