DKIM fail for internal email

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
FredKarno
Posts: 49
Joined: Sat Oct 10, 2015 5:40 am

DKIM fail for internal email

Post by FredKarno »

Hi folks,
When checking my DMARC set-up and poking through email headers, I noticed this:

Authentication-Results: mail.blahblah.co.uk (amavisd-new); dkim=neutral
reason="invalid (public key: OpenSSL error: too long)"
header.d=blahblah.co.uk

It was an email to me from another user on the same server and my server is set to use the default 2048bit key length.

[root@mail ~]# openssl version -v
OpenSSL 1.0.2k-fips 26 Jan 2017

Using Centos7

If I look at the headers of an email I sent to a webmail account (yahoo) I see a DKIM pass. I'm a little concerned as I'm trying very hard to block phishing emails that are pretending to come from our own domain and I was hoping that DKIM/DMARC would help with this.
Any clues for the clueless? :)
phoenix
Ambassador
Ambassador
Posts: 27262
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: DKIM fail for internal email

Post by phoenix »

Is this ZCS server on a LAN? I believe this error happens when a private-key is associated with a wrong public-key or you have no public-key in your dns. If it's on a LAN then I'd check your DNS records. Does this happen with mail from all users or just one?
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
FredKarno
Posts: 49
Joined: Sat Oct 10, 2015 5:40 am

Re: DKIM fail for internal email

Post by FredKarno »

OOps! That is a very good point!
I've now configured the domainkey etc on our internal DNS servers and I'm trying to get it to work (stupid truncating MS web interface) but I'm sure that's the source of the issue.
Thanks!
Post Reply