• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved DKIM fails

Jürgen_T

Jürgen_T

Regular Pleskian
Server operating system version
Ubuntu 22.04.2 LTS
Plesk version and microupdate number
Plesk Obsidian v18.0.53_build1800230619.12 os_Ubuntu 22.04
I configured my new server again to use DKIM. When I follow the Plesk manual I have simply to go to the E-Mail menue located in my domain. When I choose DKIM a window pops up showing the key I had to copy/paste in my external DNServer.

(All keys are anonymized)

This is the key I found:
"v=DKIM1;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNLSCBiQKBgQC/WGr1PRmUF9QB2aSYhH6vYH5XcxTsbSjEeV0bLwARL6Ujctt5S8wQVtG6OghLiAOTKZH3f/1R9HCpfEjxIdxma+V1skCckPV6tAaVdRwUvpPJs8NuVgmzK1g8RVO2KlBDOx2Wq032isUHRQF8Kpq7us8a7Cx4eFSUjBslB6bLWwIDAQAB;"

Having done this I found this result in the header of an Test-E-Mail:

dkim=fail (1024-bit key) reason="fail (bad RSA signature)"

So I went back thinking about a copy/paste error and looked again for the key but now the key has changed.
Just opening the DKIM-menue I got a new key:

"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBADEAA4GNADCBiQKBgQDCn2EdyBphNGLsffKunYQYAVe1mJZKwI5buB8Yx9KqBqquwZGCUihYzOdknurTVanj+RwY+PfiMpIKXS46SAYwkJkiJqKb78uRUVGdE+FceDgKnAQxBj+jLR03+XcXnLp1pmw33lRFNOcTWRFyZQWl2omXIOWHCCLt4IpIV/5ZAwIDAQAB;"

and closing saving and opening the next one.

"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7iwiiTgy1OTVVDL78gJbhJk1mrGkswvkX1QwwTgE009Ob7I89VI09M0mdGDa/9RlNTDXwWyL7f+Pu1OQS9UfEkeQsXq7VdS8aD6PgWR2myuZ154tvi9tGi3rvqjaVauCxgvyk25RaDTbMZEsZNLx7XLb2zD4L+vE5e3rtzCuOQQIDAQAB;"

3 Questions:
1. Is it the expected behaviour that any time I open the "DKIM-Menue" in website/domain/E-mail I get a new key?
2. Concerning the syntax, do I have do copy the key with or without brackets in the external DNServer by the host of my server?
3. Do I have to copy the key as received above also in the DNS-Konfiguration of my domain and in the standard dns template, too?

Any idea, what my mistake was?s one, too. Same error. I tried some minor modifications (key with brackets and without,
 
Found the failure now. The resolv.conf was the problem as this file is continously overwritten with the standard entries

nameserver 127.0.0.53
options edns0 trust-ad
search .

If the following modification is available then DKIM works.

nameserver 127.0.0.1
nameserver 127.0.0.53
options edns0 trust-ad
search .

So the next problem is to make the resolv.conf permanent.
 
So, finally I got DKIM work and I would like to share here my lessons learnt. The problem was, that I did not know, that Plesk generates a new KEY-Pair each time you push the DKIM button in /Websites&Domains/(MyDomain)/E-Mail Konfiguration/DKIM.
So, making an entry in an external DNServer and going back to Plesk checking the spelling etc. following the same way leads to a new Keypair and the entry in the external DNServer becomes automatically unvalid.
In addition modifying the resolv.conf in parallel leads to the effect, that somtimes (if this file is permanent for a while), the "old Key-pair" is used as comes from the stub-resolver and it seems, that everything works fine ... until resolv.conf is overwritten again.

To avoid my problems, the following steps are recommended.

1. Enable DKIM in Plesk as mentioned above and copy/paste the shown public key in an editor (nano, vim etc).
2. Check the default._domainkey.tenckhoff.de. entry in Plesk (MyDomain) whether the new public key complies to the copied one.
3. In case you would like to make entirely shure, that you using the right public key, oben an ssh-session and use the following command to see the current valid public key for your domain (root rights are required) root@mail:~# openssl rsa -in /etc/domainkeys/(MyDomain)/default -pubout
4. Do not open again the DKIM Konfiguration of Plesk as a new key-pair would be provided and your p-key by step one would become unvalid.
5. Paste now the p-Key of step or 3 in the appropriate section of the external DNServer in the following form without brackets, semicolon's required:
v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCb1YXXXXXXXXXXXXbwXrV8KNuJlmAnMeGn4ZHm8gykAH644OG/j4M2OLxt8ikfMy9T3rBR9kahRYDJDxiM3aXXXXXXXXXVwwuG4+Y1zj3Qzwvn20dWooplwXXXXXXXXXRMwIDAQAB; (anonymized)
6. Wait and then test the result
internally XXX.MyDomain.com => YYY.MyDomain.com
 
2nd part as I missed the time limit for editing.

6. Wait and then test the result
a) internally with XXX.MyDomain.com => YYY.MyDomain.com
b) externally XXX.MyDomain.com to an E-Mailaddress where your can read the headers of your received E-Mail

7. Test your DKIM Konfiguration with an online-service i.e. DomainKey-Prüfung - DomainKey überprüfen - DomainKey-Validator - DomainKey Test

This worked for me at the end, is independent from resolv.conf-configuration and helps maybe others to succeed with the important DKIM-feature, too.
(Would be good, if the Plesk Gurus could review my recipe and perhaps provide some more information in the Plesk manual or put this text in ressources)
 
You must log in or register to reply here.

Similar threads

E
Issue DKIM email control not valid
Replies
2
Views
865
Erwan
E
ilogus
Resolved Incoming email DKIM issue
Replies
4
Views
490
ilogus
ilogus
TorbHo
Resolved After migrating to a new Plesk server: DKIM records end with ;;
Replies
2
Views
321
TorbHo
TorbHo
P
Question dmarc, spf, dkim setup problem
Replies
2
Views
327
PeterKi
P
E
Issue dkim=neutral reason="invalid (public key: not available)"
Replies
1
Views
743
Raul A.
R
Back
Top