Issue DKIM setup & DNS Settings?

[justanil]

I know this is a very popular topic and very often discussed. I checked almost every forum and thread to get it right, but somehow it's not working.

First off I own a Domain on namecheap and a linux server at hetzner with Plesk 12.5.30 installed on it.

I enabled following settings in Plesk:

Server-Wide Mail Settings

DomainKeys spam protection:
Allow signing outgoing mail    - enabled
Verify incoming mail - enabled

Mail settings for Domain:
Use DomainKeys spam protection system to sign outgoing email messages - enabled

After that I had following DNS entries in Plesk DNS:

mydomain.studio.    A    88.xxx.xxx.xx
mydomain.studio.    NS    robotns2.second-ns.de.
default._domainkey.mydomain.studio.    TXT    p=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
_domainkey.mydomain.studio.    TXT    o=-

I read online, that I have to place those DNS entries in my Domain DNS settings on namecheap. That's what I did.

Now I have following entries on namecheap DNS:

A Record    *   88.xxx.xxx.xx  Automatic
A Record    @  88.xxx.xxx.xx  Automatic
A Record    www 88.xxx.xxx.xx Automatic
TXT Record   @  p=xxxxxxxxxxxxxxxxxxxxxx; Automatic
TXT Record @ v=spf1 +a +mx -all +a:serverdomain.de Automatic
TXT Record @ o=- Automatic
TXT Record @ v=DKIM1; k=rsa; p=xxxxxxxxxxxxxxxxxx; Automatic

After those settings, I tested if my emails were signed. DKIMvalidator gave me following result:

DKIM Information:

DKIM Signature


Message contains this DKIM Signature:


Signature Information:
v= Version:    
a= Algorithm:       rsa-sha1
c= Method:          nofws
d= Domain:          mydomain.studio
s= Selector:        default
q= Protocol:        dns
bh=            
h= Signed Headers:  To:From:Subject:Message-ID:Date:User-Agent:MIME-Version:Content-Type:Content-Transfer-Encoding
b= Data:            xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
Public Key DNS Lookup


Building DNS Query for default._domainkey.mydomain.studio
Retrieved this publickey from DNS:
Validating Signature


result = invalid
Details: public key: not available

I think I did some things wrong, but I just don't know what it is. I am not an expert, more a beginner.
I hope someone could help me.

Do I have to add something to my Emails on Thunderbird, so they are signed or are the DNS settings usually enough?

Regards,
Anil

 

[Lloyd_mcse]

Looks like you have added the txt records wrong at namecheap...

TXT Record @ p=xxxxxxxxxxxxxxxxxxxxxx; Automatic

If it's anything like 123-Reg, the "@" should actually be...

TXT Record   default._domainkey  p=xxxxxxxxxxxxxxxxxxxxxx; Automatic

And...

TXT Record  _domainkey   o=-  Automatic

I hope that helps
Kind regards

Lloyd

 

[justanil]

Thank you for your help. You are right, the "@" was wrong, but even now it's not working.

Here are my settings. Maybe you can find the mistake.

These are the DNS Settings for my Domain in Plesk (my Domain name is http://example.studio/)

And these are my DNS settings at my domain provider namecheap:

I tested those options and some others... but somehow it's not working.

Is this a general Plesk problem or a problem with my Domain Provider?

 

[Lloyd_mcse]

Hi mate,
I see at namecheap you have...

TXT Record   default._domainkey  V=DKIM1; p=xxxxxxxxxxxxxxxxxxxxxx; Automatic

It should be...

TXT Record   default._domainkey  p=xxxxxxxxxxxxxxxxxxxxxx; Automatic

Notice I have removed the "DKIM1;"
Plesk 12.5 ships with DomainKeys which is different to DKIM (Domain Keys Identified Mail).
You can install OpenDKIM separately from Plesk, so mail is signed by both DomainKeys and DKIM signatures.
I hope that helps

Kind regards
Lloyd

EDIT: Plesk 17 (Onyx) will have has DKIM support.

 

[da_serpico]

i should had seen this thread before 2 weeks ....

I had nearly the same problem. But at my plesk was no DNS installed. So i had the problem to find the file where plesk save the key. This i found. But iam a little bit unsure about the base64 encoding this key.
However i think i have the right key now (entry for p=). But now i check at dkimvalidator.com and i get an error.
I need help about this error.
result = invalid
Details: public key: unsupported version

Can someone help me about it ?

 

[Lloyd_mcse]

Where did you find the key?

 

[da_serpico]

as i remember was that : etc/domainkeys/mydomain/default
in this file was the key in the format :
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDERMpqn7Y+xxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
...
...
...
-----END RSA PRIVATE KEY-----

In the Backend of my DNS Provider i could not simply copy. I open the file in notepad++ and base encode 64 the content of the file. Now i have one long entry. This i take in my dns backend.
But iam little bit unsure about that and get his error and dkimvalidator.

 

[Lloyd_mcse]

As you can see this is the Private Key and should not be put in the DNS text entry as it will compromise the purpose of having DomainKeys.
You would need to run something like suggested here...

https://matoski.com/article/generate-domainkeys/

# cd /etc/domainkeys/domain.tld/
# openssl rsa -in default -out default.txt -pubout -outform PEM

Then you can add the contents of default.txt (without the ---BEGIN and ---END lines) to your DNS.
I hope that helps
Kind regards

Lloyd

 

[da_serpico]

This really helps me on !!! this one line .... openssl rsa ...... this i missed so long =)

Ok now i have the default.txt. In it is the public key.
If i open this one in editor default from windows - i have one long row. But i see there in this one long row are 3 wordwraps. This means in the long row are 3 blank.
If i open this in notepad++ - i see again the public key but again in this format
Begin Public KEy
XXXXXXXXXX
XXXXXXXXXX
XXXXXXXXX
XXXXXXXXX
END ......
There are the 3 wordwraps.

In my DNS Provider i can simply copy one long row. Iam unsure about the blank content in the row. Must it be a part of the key or must i dismiss the blank for my DNS Entry.

 

[UFHH01]

Hi da_serpico,

If i open this in notepad++ - i see again the public key but again in this format
Begin Public KEy
XXXXXXXXXX
XXXXXXXXXX
XXXXXXXXX
XXXXXXXXX
END ......
There are the 3 wordwraps.

Tip/Hint: => #9 ( AND already answered for YOU at : => #2 )