DKIM fail for internal email

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Posts: 49
Joined: Sat Oct 10, 2015 5:40 am

DKIM fail for internal email

Postby FredKarno » Mon Jul 08, 2019 1:16 pm

Hi folks,
When checking my DMARC set-up and poking through email headers, I noticed this:

Authentication-Results: (amavisd-new); dkim=neutral
reason="invalid (public key: OpenSSL error: too long)"

It was an email to me from another user on the same server and my server is set to use the default 2048bit key length.

[root@mail ~]# openssl version -v
OpenSSL 1.0.2k-fips 26 Jan 2017

Using Centos7

If I look at the headers of an email I sent to a webmail account (yahoo) I see a DKIM pass. I'm a little concerned as I'm trying very hard to block phishing emails that are pretending to come from our own domain and I was hoping that DKIM/DMARC would help with this.
Any clues for the clueless? :)

Posts: 26388
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: DKIM fail for internal email

Postby phoenix » Mon Jul 08, 2019 1:35 pm

Is this ZCS server on a LAN? I believe this error happens when a private-key is associated with a wrong public-key or you have no public-key in your dns. If it's on a LAN then I'd check your DNS records. Does this happen with mail from all users or just one?


Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
Posts: 49
Joined: Sat Oct 10, 2015 5:40 am

Re: DKIM fail for internal email

Postby FredKarno » Thu Jul 11, 2019 9:40 am

OOps! That is a very good point!
I've now configured the domainkey etc on our internal DNS servers and I'm trying to get it to work (stupid truncating MS web interface) but I'm sure that's the source of the issue.

Return to “Administrators”

Who is online

Users browsing this forum: roger_m and 9 guests