DKIM not working - Emails are not signed

Hi,

I have set up my email from newearth.foundation to go out with DKIM - see screenshot of Virtualmin settings.

img

Then I have configured the corrresponding DNS entry that checks correct (I use cloudflare) Here is the result of https://www.dmarcanalyzer.com/dkim/dkim-check/

img

But still my emails are aparently not being signed: https://www.mail-tester.com/test-tu5zoxdav

What am I missing?

Thank you

Status: 
Closed (fixed)

Comments

Ilia's picture
Submitted by Ilia on Mon, 02/24/2020 - 14:03

Hi,

Have a close look at this detailed Troubleshot Delivery tutorial. Additionally, check your MX records and make sure that the DKIM record on your local DNS for this domain is valid, by going to Webmin > Servers > BIND DNS Server > newearth.foundation > Edit Zone Records File.

Setting up and configuring Cloudflare is not something Virtualmin support should do.

Ilia's picture
Submitted by Ilia on Mon, 02/24/2020 - 14:08

It's expected that locally DKIM service is running and configured properly with Postfix.

I remembered that there was a bug in Ubuntu 18.04. You can find a fix and explanations here.

Hi Illia,

Your first comment related to zones and cloudflare is not very relevant, as my screenshots were intending to proof: DNS is not the problem. The problem is more toward what you point on your second idea.

Unfortunately the fix and explanations did not work, I found more and similar details here, and I even tried the reverse approach pointed to here

In all occasions the problem remained:

warning: connect to Milter service inet:localhost:8891: Connection refused

I will add that inasmuch as I like learning, this issue is getting to be all a bit above my head, so I will frankly appreciate if you can keep pointing me in the right direction to finish solving this issue

TL;DR The previous fix for dkim issues on 18.04 is not working here, can you help me further investigate and fix the issue?

Ilia's picture
Submitted by Ilia on Tue, 02/25/2020 - 02:45

What is the output of

netstat -lnptu |grep dk

If there is no OpenDKMI on the output, it means that it listens on the domain socket, rather than specific interface. Go ahead and fix that by editing /etc/opendkim.conf and commenting out currently enabled line containing Socket and replacing it with:

Socket                  inet:8891@localhost

This is what smtpd_milters on Postfix currently expecting.

Thanks for that Ilia!

This is what I got,

n# netstat -lnptu |grep dk
tcp        0      0 127.0.0.1:8892          0.0.0.0:*               LISTEN      1586/opendkim

and soon enough realized 8892 <> 8891!

Just changed to the correct port at /etc/opendkim.conf, restarted the dkim service and we are nowhappily signing emails now!

I wonder how that mistake got introduced...

In any case, the issue is now fixed (and I learned a bunch in the process)!

Status: Active » Fixed
Ilia's picture
Submitted by Ilia on Tue, 02/25/2020 - 12:53

I am very glad you have it working and that you have learnt something new.

Have a great day!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.