DKIM help
-
- Posts: 1370
- Joined: Thu Nov 11, 2004 5:26 pm
- Location: Kingsville, Texas
DKIM help
I have DKIM set up in the DNS and in ME but my domain williamswebsolutions.net has a longer encryption or longer bit. I got an error (see below). Another post suggested that I need to make multiple TXT entries. I would like some assistance if that is true so I do it right.
MailEnable: Message could not be delivered to some recipients.
The following recipient(s) could not be reached:
Recipient: [SMTP:info@tahoeupshirtcreek.com]
Reason: 550-DKIM: encountered the following problem validating
Message contents follow:
DKIM-Signature: v=1; c=simple; h=Reply-To:From:Sender:To:Subject:Date:Message-ID:MIME-Version:Content-Type;
d=williamswebsolutions.net; s=wws; i=info@williamswebsolutions.net; a=rsa-sha256;
bh=MRYKCd5YMwUVlAuMoyq6trAtPDJdaYMM6B3XFBKIj2E=;
b=JoruCaODpiQFZADukemdrXes37/fvO9sXhQnFAUaPxKxdy9Of7WZPJkd+0iY0wE+p
uVZ3u04McIITSsPE5WADkzw70xD4iqX31Iv7lF1Y4SVwTsbjErWGIi7ek1s+v3kfgjs
RO1FfuOtRDiUPHn85blcXKyqzVBMaRQ0RzpsWm9aAeyU5YiZIQ1qzZBz60sW5kVZ+h9
XNRGg+bxob6fEi2JqSOvn/OaCRKFSySrlkNsZmivGIeL1BH9GJ2KTLRuAQcpiZN771o
hUsLhbYyEl6VMHeBPlycIwUPf1CnT3a0p2BgmZK9tVNiYAmpLnLi25z3yhO/gefV011
ZNRmYSl8A==;
Received: from wws010 ([208.80.175.163]) by williamswebsolutions.net with MailEnable ESMTP; Wed, 4 Nov 2015 10:56:29 -0600
Reply-To: <info@williamswebsolutions.net>
From: <jawilliams@williamswebsolutions.net>
Sender: "Robert Williams @ Williams Web Solutions" <info@williamswebsolutions.net>
To: <info@tahoeupshirtcreek.com>
Subject: clothing
Date: Wed, 4 Nov 2015 10:56:22 -0600
Organization: Williams Web Solutions
Message-ID: <001401d11721$bc659ab0$3530d010$@williamswebsolutions.net>
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_0015_01D116EF.71CE8610"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdEXIbvZ7Q2n89rIRNy/b+TJS6rhZA==
Content-Language: en-us
X-ME-CountryOrigin: US
This is a multipart message in MIME format.
------=_NextPart_000_0015_01D116EF.71CE8610
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0016_01D116EF.71CEAD20"
------=_NextPart_001_0016_01D116EF.71CEAD20
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
MailEnable: Message could not be delivered to some recipients.
The following recipient(s) could not be reached:
Recipient: [SMTP:info@tahoeupshirtcreek.com]
Reason: 550-DKIM: encountered the following problem validating
Message contents follow:
DKIM-Signature: v=1; c=simple; h=Reply-To:From:Sender:To:Subject:Date:Message-ID:MIME-Version:Content-Type;
d=williamswebsolutions.net; s=wws; i=info@williamswebsolutions.net; a=rsa-sha256;
bh=MRYKCd5YMwUVlAuMoyq6trAtPDJdaYMM6B3XFBKIj2E=;
b=JoruCaODpiQFZADukemdrXes37/fvO9sXhQnFAUaPxKxdy9Of7WZPJkd+0iY0wE+p
uVZ3u04McIITSsPE5WADkzw70xD4iqX31Iv7lF1Y4SVwTsbjErWGIi7ek1s+v3kfgjs
RO1FfuOtRDiUPHn85blcXKyqzVBMaRQ0RzpsWm9aAeyU5YiZIQ1qzZBz60sW5kVZ+h9
XNRGg+bxob6fEi2JqSOvn/OaCRKFSySrlkNsZmivGIeL1BH9GJ2KTLRuAQcpiZN771o
hUsLhbYyEl6VMHeBPlycIwUPf1CnT3a0p2BgmZK9tVNiYAmpLnLi25z3yhO/gefV011
ZNRmYSl8A==;
Received: from wws010 ([208.80.175.163]) by williamswebsolutions.net with MailEnable ESMTP; Wed, 4 Nov 2015 10:56:29 -0600
Reply-To: <info@williamswebsolutions.net>
From: <jawilliams@williamswebsolutions.net>
Sender: "Robert Williams @ Williams Web Solutions" <info@williamswebsolutions.net>
To: <info@tahoeupshirtcreek.com>
Subject: clothing
Date: Wed, 4 Nov 2015 10:56:22 -0600
Organization: Williams Web Solutions
Message-ID: <001401d11721$bc659ab0$3530d010$@williamswebsolutions.net>
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_0015_01D116EF.71CE8610"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdEXIbvZ7Q2n89rIRNy/b+TJS6rhZA==
Content-Language: en-us
X-ME-CountryOrigin: US
This is a multipart message in MIME format.
------=_NextPart_000_0015_01D116EF.71CE8610
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0016_01D116EF.71CEAD20"
------=_NextPart_001_0016_01D116EF.71CEAD20
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Robert Williams, Owner
www.WilliamsWebSolutions.com
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and we will migrate your accounts to us for FREE!
We can be hired to help you with your Mail Enable server, too!
www.WilliamsWebSolutions.com
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and we will migrate your accounts to us for FREE!
We can be hired to help you with your Mail Enable server, too!
-
- Posts: 560
- Joined: Mon Nov 03, 2003 7:48 am
- Location: Cape Town
Re: DKIM help
I ran the SPF/DKIM test at https://www.mail-tester.com/spf-dkim-check on your domain and selector and got the DKIM result "No DNS record found for wws._domainkey.williamswebsolutions.net".
I do see you have a TXT record for DKIM but it is definitely not named correctly.
Cheers,
Brett
I do see you have a TXT record for DKIM but it is definitely not named correctly.
Cheers,
Brett
-
- Posts: 1370
- Joined: Thu Nov 11, 2004 5:26 pm
- Location: Kingsville, Texas
Re: DKIM help
Can you please advise on how I can fix that? Is there a website that helps with doing this correctly. I followed one and obviously got it wrong.
Robert Williams, Owner
www.WilliamsWebSolutions.com
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and we will migrate your accounts to us for FREE!
We can be hired to help you with your Mail Enable server, too!
www.WilliamsWebSolutions.com
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and we will migrate your accounts to us for FREE!
We can be hired to help you with your Mail Enable server, too!
-
- Posts: 560
- Joined: Mon Nov 03, 2003 7:48 am
- Location: Cape Town
Re: DKIM help
The fix is simple enough - your TXT record for DKIM currently has the name williamswebsolutions.net whereas it should be named wws._domainkey.williamswebsolutions.net in order for DKIM processing to correctly locate the relevant TXT record.
If you are using the DNS service from Windows then simply create a subdomain of williamswebsolutions.net called _domainkey and then add your DKIM TXT entry to that and name the record wws (which is your selector).
Cheers,
Brett
If you are using the DNS service from Windows then simply create a subdomain of williamswebsolutions.net called _domainkey and then add your DKIM TXT entry to that and name the record wws (which is your selector).
Cheers,
Brett
-
- Posts: 1370
- Joined: Thu Nov 11, 2004 5:26 pm
- Location: Kingsville, Texas
Re: DKIM help
I did what you suggested and got the following response when I did the test.
DNS record for wws._domainkey.williamswebsolutions.net:
"v=DKIM1\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzNWt9RHrbaufG45ZAUUxk40DgYk/RTZFTjysqcNBuXSuGEyPV1thnWxXHi1UPZB1LMqOvw2VgoYIhb8WdYleVqRnv9MM"
We were not able to retrieve the key length, there is maybe an issue in that key
The key is at 2048.
DNS record for wws._domainkey.williamswebsolutions.net:
"v=DKIM1\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzNWt9RHrbaufG45ZAUUxk40DgYk/RTZFTjysqcNBuXSuGEyPV1thnWxXHi1UPZB1LMqOvw2VgoYIhb8WdYleVqRnv9MM"
We were not able to retrieve the key length, there is maybe an issue in that key
The key is at 2048.
Robert Williams, Owner
www.WilliamsWebSolutions.com
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and we will migrate your accounts to us for FREE!
We can be hired to help you with your Mail Enable server, too!
www.WilliamsWebSolutions.com
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and we will migrate your accounts to us for FREE!
We can be hired to help you with your Mail Enable server, too!
-
- Posts: 560
- Joined: Mon Nov 03, 2003 7:48 am
- Location: Cape Town
Re: DKIM help
Yip, your key is way too short. The entire key runs to the second semi-colon so you need to update the record content with exactly what ME gave you as the string for the TXT record.
check out nkosi._domainkey.knowbase.co.za for an example of what the key should look like.
Cheers,
Brett
check out nkosi._domainkey.knowbase.co.za for an example of what the key should look like.
Cheers,
Brett
-
- Posts: 1370
- Joined: Thu Nov 11, 2004 5:26 pm
- Location: Kingsville, Texas
Re: DKIM help
Below is a copy of the key generated by ME and is in the DNS.
v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzNWt9RHrbaufG45ZAUUxk40DgYk/RTZFTjysqcNBuXSuGEyPV1thnWxXHi1UPZB1LMqOvw2VgoYIhb8WdYleVqRnv9MM87nG79b2L9VEsnxOL07ZvOqMix9xdzb/apwfsX9buDbbukPZe3a+LHIV6w6GJhFLAzJVhXfxUr+fI+tf7SHmrjfiSkRzpc+I+v+Y+efnOerOpMdnYCJ46Yc2gRm9js04QuBk5N2jlwy3ZEqcJVsji2aE92fgp7C+a1sKsCmjWr8VfAPOV+26wzbHofNMzux1/+8gAgEvdVqnf68R/U9ROiPKevesyr8UiamCapVtx+XyQs14jA7H6UUhwIDAQAB;
But when I run the test, it only gets this far
v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzNWt9RHrbaufG45ZAUUxk40DgYk/RTZFTjysqcNBuXSuGEyPV1thnWxXHi1UPZB1LMqOvw2VgoYIhb8WdYleVqRnv9MM
v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzNWt9RHrbaufG45ZAUUxk40DgYk/RTZFTjysqcNBuXSuGEyPV1thnWxXHi1UPZB1LMqOvw2VgoYIhb8WdYleVqRnv9MM87nG79b2L9VEsnxOL07ZvOqMix9xdzb/apwfsX9buDbbukPZe3a+LHIV6w6GJhFLAzJVhXfxUr+fI+tf7SHmrjfiSkRzpc+I+v+Y+efnOerOpMdnYCJ46Yc2gRm9js04QuBk5N2jlwy3ZEqcJVsji2aE92fgp7C+a1sKsCmjWr8VfAPOV+26wzbHofNMzux1/+8gAgEvdVqnf68R/U9ROiPKevesyr8UiamCapVtx+XyQs14jA7H6UUhwIDAQAB;
But when I run the test, it only gets this far
v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzNWt9RHrbaufG45ZAUUxk40DgYk/RTZFTjysqcNBuXSuGEyPV1thnWxXHi1UPZB1LMqOvw2VgoYIhb8WdYleVqRnv9MM
Robert Williams, Owner
www.WilliamsWebSolutions.com
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and we will migrate your accounts to us for FREE!
We can be hired to help you with your Mail Enable server, too!
www.WilliamsWebSolutions.com
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and we will migrate your accounts to us for FREE!
We can be hired to help you with your Mail Enable server, too!
Re: DKIM help
You don't have the full key in DNS. You can check it from the command prompt like this:
C:\>nslookup -type=txt wws._domainkey.williamswebsolutions.net
The response you are getting is looking like this:
Non-authoritative answer:
wws._domainkey.williamswebsolutions.net text =
"v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzNWt9RHrbaufG45ZAUUxk40DgYk/RTZFTjysqcNBuXSuGEyPV1thnWxXHi1UPZB1LMqOvw2VgoYIhb8WdYleVqRnv9MM"
Whatever you are doing to update the DNS is apparently truncating the entry. What are you using for DNS?
C:\>nslookup -type=txt wws._domainkey.williamswebsolutions.net
The response you are getting is looking like this:
Non-authoritative answer:
wws._domainkey.williamswebsolutions.net text =
"v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzNWt9RHrbaufG45ZAUUxk40DgYk/RTZFTjysqcNBuXSuGEyPV1thnWxXHi1UPZB1LMqOvw2VgoYIhb8WdYleVqRnv9MM"
Whatever you are doing to update the DNS is apparently truncating the entry. What are you using for DNS?
-
- Posts: 1370
- Joined: Thu Nov 11, 2004 5:26 pm
- Location: Kingsville, Texas
Re: DKIM help
Windows DNS
Robert Williams, Owner
www.WilliamsWebSolutions.com
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and we will migrate your accounts to us for FREE!
We can be hired to help you with your Mail Enable server, too!
www.WilliamsWebSolutions.com
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and we will migrate your accounts to us for FREE!
We can be hired to help you with your Mail Enable server, too!
Re: DKIM help
That explains it -- Window's DNS can't handle TXT records longer than 255 bytes. Regenerate your key as 1024 bits, and the shorter key will fix within your DNS constraints.
-
- Posts: 1370
- Joined: Thu Nov 11, 2004 5:26 pm
- Location: Kingsville, Texas
Re: DKIM help
Got it!
Thank you very much for your help and patience.
So will I need to do the same thing as that I did for the other domains and email accounts I host with the adding the subdomain and all that? They are all hosted on the same server. Their bit length is 1024 by default.
Thank you very much for your help and patience.
So will I need to do the same thing as that I did for the other domains and email accounts I host with the adding the subdomain and all that? They are all hosted on the same server. Their bit length is 1024 by default.
Robert Williams, Owner
www.WilliamsWebSolutions.com
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and we will migrate your accounts to us for FREE!
We can be hired to help you with your Mail Enable server, too!
www.WilliamsWebSolutions.com
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and we will migrate your accounts to us for FREE!
We can be hired to help you with your Mail Enable server, too!
Re: DKIM help
Yes, since DKIM is on a per-domain basis it will need to be done for each of the domains.
I prefer to set up SPF, DKIM, and AutoDiscover records all at the same time since each of them require modifying the domain's DNS.
I prefer to set up SPF, DKIM, and AutoDiscover records all at the same time since each of them require modifying the domain's DNS.
Re: DKIM help
Also, don't forget to create your policy record in DNS. At the very least you should have
_domainkey TXT t=y; o=~
t=y means testing
o=~ means that SOME messages are signed
Once you are sure that things are working, remove the t=y;
and if ALL of the email for that domain flows through mailenable and is signed, change the tilde to a hyphen ( o=- ) to indicate that all messages should be signed and any unsigned messages should be discarded.
_domainkey TXT t=y; o=~
t=y means testing
o=~ means that SOME messages are signed
Once you are sure that things are working, remove the t=y;
and if ALL of the email for that domain flows through mailenable and is signed, change the tilde to a hyphen ( o=- ) to indicate that all messages should be signed and any unsigned messages should be discarded.