Recently I have checked my messages headers of the mail that comes from the andreybondarenko.com MX and found that Google shows that my DKIM signature is invalid:
Authentication-Results: mx.google.com; dkim=temperror (no key for
signature) header.i=@andreybondarenko.com;In the spam score section:
DKIM_SIGNED,T_DKIM_INVALIDHowever the header itself is present:
DKIM-Filter: OpenDKIM Filter v2.10.3 andreybondrenko.com CE25780BAC
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=andreybondarenko.com; s=default; t=1483634085;
bh=w00tuUhwty0/5n/YHiopiY3PpnqKT5BLK9l6TkDNUUk=;
h=Subject:From:Reply-To:To:Date:From;
b=J5qB5RF9lrOho1wBpLyLi5a6CwIHZK1sugCr2wpwnPKwEg76RFv2/y8xaiwquqftX
VhTJH9NLJXcPdu8k8/zN/sc8P1RksNR9EvDw6k2YNEKoeMsKMGgyMC4kAAhcT31IgX
eqnIqWxhVTVdjRqrqzNPn0wuBbGJgO2bwmFcVsy8=I have found that it’s quite common configuration error of the OpenDKIM, the selector you choose to store key can be chosen randomly, but the TXT record should match /etc/opendkim.conf. In my case:
## Defines the name of the selector to be used when signing messages.
Selector defaultBut the DNS record:
[user@andreybondarenko ~]$ dig TXT mail._domainkey.andreybondarenko.com
;; ANSWER SECTION:
mail._domainkey.andreybondarenko.com. 1800 IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdGRWtWPPZVIg0fy7Pr0+rsBsoL6Imt1GBE/QRd3X5Izv1iAJFUsOtea
f9TI9EO/YFwoLLahzuoZM1oUU4ED3fHlItEnqXCKQhX8Zripi7gfIO+DRFEhGuQtG6OIuA6+c3ivao7DTPk/IFqY7MG5M3wMvAfV+
eIBf1VjmajSwe3wIDAQAB"Changing ‘Selector’ to ‘mail’ and restating opendkim (it’s faster then change DNS):
Authentication-Results: mx.google.com; dkim=pass
header.i=@andreybondarenko.com;In the spam score section:
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU
Leave a Reply