DomainKeys Error

[ilijamt]

When I send mail I get the following in the /var/log/mail.err

Oct 9 16:17:52 myserverplace dk_sign[24573]: DK_STAT_SYNTAX: Message is not valid syntax. Signature could not be created/checked
Oct 9 16:17:52 myserverplace /usr/lib/plesk-9.0/psa-pc-remote[3037]: Error during 'dd51-domainkeys' handler

After a reply I get the following in the error log

Oct 9 16:18:00 myserverplace dk_check[24355]: DK_STAT_NOSIG: No signature available in message

I checked the zone files for the domain and they have a domainkey defined

In "/etc/domainkeys" there is a folder and a file called default inside the folder belongs to rootopuser

I have the following entries in the zone file for this:
_domainkey.myserverplace.de. IN TXT "o=-"
default._domainkey.myserverplace.de. IN TXT <DOMAIN KEY>

OS: Debian 3.2.46-1+deb7u1
Plesk: 11.5
Mail: Postfix

 

[ilijamt]

This is the result of a mail check

SPF check: pass
DomainKeys check: neutral
DKIM check: pass
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham

Also for some reason it adds two DKIM headers to the headers

 

[Peter Savolt]

I have similar error. Outgoing mails are not signed:

Oct 10 07:46:00 netscan dk_sign[23538]: DK_STAT_SYNTAX: Message is not valid syntax. Signature could not be created/checked
Oct 10 07:46:00 netscan /usr/lib/plesk-9.0/psa-pc-remote[7657]: Error during 'dd51-domainkeys' handler

 

[ilijamt]

I solved this by re-installing the whole server, and I wrote the instructions on how to set up everything

http://blog.matoski.com/articles/dk-dkim-plesk

 

[Peter Savolt]

Re-installing is not an option in my case.
I've discovered, that the problem is with the too short bit length key. I've upgraded from plesk 10 where 768 bit keys were used.
Switching off then on the signing of outgoing mail on each domain solved the problem (it generated a new, 1024 bit key).

You can check the key length with this page:
http://www.protodave.com/tools/dkim-key-checker/

I wrote this script to switch off/on the service for all domains:

#!/usr/bin/env bash

pw=`/usr/local/psa/bin/admin --show-password`

for name in `mysql --skip-column-names -u root -p --password=$pw -D psa -e 'SELECT name FROM dns_zone ORDER BY name;'`; do
    /usr/local/psa/bin/domain_pref -u $name -sign_outgoing_mail false
    echo $name;
done

 

[Peter Savolt]

resolution

Re-installing is not an option in my case.
I've discovered, that the problem is with the too short bit length key. I've upgraded from plesk 10 where 768 bit keys were used.
Switching off then on the signing of outgoing mail on each domain solved the problem (it generated a new, 1024 bit key).

You can check the key length with this page:
http://www.protodave.com/tools/dkim-key-checker/

I wrote this script to switch off/on the service for all domains:

#!/usr/bin/env bash

pw=`/usr/local/psa/bin/admin --show-password`

for name in `mysql --skip-column-names -u root -p --password=$pw -D psa -e 'SELECT name FROM dns_zone ORDER BY name;'`; do
    /usr/local/psa/bin/domain_pref -u $name -sign_outgoing_mail false
    echo $name;
done

 

[Peter Savolt]

Re-installing is not an option in my case.
I've discovered, that the problem is with the too short bit length key. I've upgraded from plesk 10 where 768 bit keys were used.
Switching off then on the signing of outgoing mail on each domain solved the problem (it generated a new, 1024 bit key).

You can check the key length with this page:
http://www.protodave.com/tools/dkim-key-checker/

I wrote this script to switch off/on the service for all domains:

#!/usr/bin/env bash

pw=`/usr/local/psa/bin/admin --show-password`

for name in `mysql --skip-column-names -u root -p --password=$pw -D psa -e 'SELECT name FROM dns_zone ORDER BY name;'`; do
    /usr/local/psa/bin/domain_pref -u $name -sign_outgoing_mail false
    echo $name;
done

 

[ilijamt]

But I never upgraded from a previous version of Plesk, I installed Plesk 11.5 from the beginning there was no upgrade, I checked the keys they were 1024 bit, they are located in /etc/domainkeys.

Since I reinstalled, I set it up it with everything

SPF
DomainKeys
DKIM

Everything is working perfectly now, the instructions are in the link I sent

 

[VASILEIOSP]

I had the same problem. I solved by restarting the server