DKIM help

Discussion forum for Enterprise Edition.
Post Reply
rfwilliams777
Posts: 1312
Joined: Thu Nov 11, 2004 5:26 pm
Location: Kingsville, Texas

DKIM help

Post by rfwilliams777 » Wed Nov 04, 2015 5:36 pm

I have DKIM set up in the DNS and in ME but my domain williamswebsolutions.net has a longer encryption or longer bit. I got an error (see below). Another post suggested that I need to make multiple TXT entries. I would like some assistance if that is true so I do it right.

MailEnable: Message could not be delivered to some recipients.
The following recipient(s) could not be reached:

Recipient: [SMTP:info@tahoeupshirtcreek.com]
Reason: 550-DKIM: encountered the following problem validating


Message contents follow:

DKIM-Signature: v=1; c=simple; h=Reply-To:From:Sender:To:Subject:Date:Message-ID:MIME-Version:Content-Type;
d=williamswebsolutions.net; s=wws; i=info@williamswebsolutions.net; a=rsa-sha256;
bh=MRYKCd5YMwUVlAuMoyq6trAtPDJdaYMM6B3XFBKIj2E=;
b=JoruCaODpiQFZADukemdrXes37/fvO9sXhQnFAUaPxKxdy9Of7WZPJkd+0iY0wE+p
uVZ3u04McIITSsPE5WADkzw70xD4iqX31Iv7lF1Y4SVwTsbjErWGIi7ek1s+v3kfgjs
RO1FfuOtRDiUPHn85blcXKyqzVBMaRQ0RzpsWm9aAeyU5YiZIQ1qzZBz60sW5kVZ+h9
XNRGg+bxob6fEi2JqSOvn/OaCRKFSySrlkNsZmivGIeL1BH9GJ2KTLRuAQcpiZN771o
hUsLhbYyEl6VMHeBPlycIwUPf1CnT3a0p2BgmZK9tVNiYAmpLnLi25z3yhO/gefV011
ZNRmYSl8A==;
Received: from wws010 ([208.80.175.163]) by williamswebsolutions.net with MailEnable ESMTP; Wed, 4 Nov 2015 10:56:29 -0600
Reply-To: <info@williamswebsolutions.net>
From: <jawilliams@williamswebsolutions.net>
Sender: "Robert Williams @ Williams Web Solutions" <info@williamswebsolutions.net>
To: <info@tahoeupshirtcreek.com>
Subject: clothing
Date: Wed, 4 Nov 2015 10:56:22 -0600
Organization: Williams Web Solutions
Message-ID: <001401d11721$bc659ab0$3530d010$@williamswebsolutions.net>
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_0015_01D116EF.71CE8610"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdEXIbvZ7Q2n89rIRNy/b+TJS6rhZA==
Content-Language: en-us
X-ME-CountryOrigin: US

This is a multipart message in MIME format.

------=_NextPart_000_0015_01D116EF.71CE8610
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0016_01D116EF.71CEAD20"


------=_NextPart_001_0016_01D116EF.71CEAD20
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Robert Williams, Owner
www.WWSHosting.net
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and get your first 2 months FREE!
We can be hired to help you with your Mail Enable server, too!

Brett Rowbotham
Posts: 534
Joined: Mon Nov 03, 2003 7:48 am
Location: Cape Town

Re: DKIM help

Post by Brett Rowbotham » Thu Nov 05, 2015 6:24 am

I ran the SPF/DKIM test at https://www.mail-tester.com/spf-dkim-check on your domain and selector and got the DKIM result "No DNS record found for wws._domainkey.williamswebsolutions.net".

I do see you have a TXT record for DKIM but it is definitely not named correctly.

Cheers,
Brett

rfwilliams777
Posts: 1312
Joined: Thu Nov 11, 2004 5:26 pm
Location: Kingsville, Texas

Re: DKIM help

Post by rfwilliams777 » Thu Nov 05, 2015 2:06 pm

Can you please advise on how I can fix that? Is there a website that helps with doing this correctly. I followed one and obviously got it wrong.
Robert Williams, Owner
www.WWSHosting.net
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and get your first 2 months FREE!
We can be hired to help you with your Mail Enable server, too!

Brett Rowbotham
Posts: 534
Joined: Mon Nov 03, 2003 7:48 am
Location: Cape Town

Re: DKIM help

Post by Brett Rowbotham » Fri Nov 06, 2015 4:23 am

The fix is simple enough - your TXT record for DKIM currently has the name williamswebsolutions.net whereas it should be named wws._domainkey.williamswebsolutions.net in order for DKIM processing to correctly locate the relevant TXT record.

If you are using the DNS service from Windows then simply create a subdomain of williamswebsolutions.net called _domainkey and then add your DKIM TXT entry to that and name the record wws (which is your selector).

Cheers,
Brett

rfwilliams777
Posts: 1312
Joined: Thu Nov 11, 2004 5:26 pm
Location: Kingsville, Texas

Re: DKIM help

Post by rfwilliams777 » Fri Nov 06, 2015 5:23 am

I did what you suggested and got the following response when I did the test.

DNS record for wws._domainkey.williamswebsolutions.net:

"v=DKIM1\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzNWt9RHrbaufG45ZAUUxk40DgYk/RTZFTjysqcNBuXSuGEyPV1thnWxXHi1UPZB1LMqOvw2VgoYIhb8WdYleVqRnv9MM"

We were not able to retrieve the key length, there is maybe an issue in that key

The key is at 2048.
Robert Williams, Owner
www.WWSHosting.net
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and get your first 2 months FREE!
We can be hired to help you with your Mail Enable server, too!

Brett Rowbotham
Posts: 534
Joined: Mon Nov 03, 2003 7:48 am
Location: Cape Town

Re: DKIM help

Post by Brett Rowbotham » Fri Nov 06, 2015 5:37 am

Yip, your key is way too short. The entire key runs to the second semi-colon so you need to update the record content with exactly what ME gave you as the string for the TXT record.

check out nkosi._domainkey.knowbase.co.za for an example of what the key should look like.

Cheers,
Brett

rfwilliams777
Posts: 1312
Joined: Thu Nov 11, 2004 5:26 pm
Location: Kingsville, Texas

Re: DKIM help

Post by rfwilliams777 » Fri Nov 06, 2015 2:16 pm

Below is a copy of the key generated by ME and is in the DNS.

v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzNWt9RHrbaufG45ZAUUxk40DgYk/RTZFTjysqcNBuXSuGEyPV1thnWxXHi1UPZB1LMqOvw2VgoYIhb8WdYleVqRnv9MM87nG79b2L9VEsnxOL07ZvOqMix9xdzb/apwfsX9buDbbukPZe3a+LHIV6w6GJhFLAzJVhXfxUr+fI+tf7SHmrjfiSkRzpc+I+v+Y+efnOerOpMdnYCJ46Yc2gRm9js04QuBk5N2jlwy3ZEqcJVsji2aE92fgp7C+a1sKsCmjWr8VfAPOV+26wzbHofNMzux1/+8gAgEvdVqnf68R/U9ROiPKevesyr8UiamCapVtx+XyQs14jA7H6UUhwIDAQAB;

But when I run the test, it only gets this far
v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzNWt9RHrbaufG45ZAUUxk40DgYk/RTZFTjysqcNBuXSuGEyPV1thnWxXHi1UPZB1LMqOvw2VgoYIhb8WdYleVqRnv9MM
Robert Williams, Owner
www.WWSHosting.net
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and get your first 2 months FREE!
We can be hired to help you with your Mail Enable server, too!

dbly
Posts: 47
Joined: Wed Aug 20, 2008 9:18 pm

Re: DKIM help

Post by dbly » Fri Nov 06, 2015 9:44 pm

You don't have the full key in DNS. You can check it from the command prompt like this:

C:\>nslookup -type=txt wws._domainkey.williamswebsolutions.net

The response you are getting is looking like this:

Non-authoritative answer:
wws._domainkey.williamswebsolutions.net text =

"v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzNWt9RHrbaufG45ZAUUxk40DgYk/RTZFTjysqcNBuXSuGEyPV1thnWxXHi1UPZB1LMqOvw2VgoYIhb8WdYleVqRnv9MM"

Whatever you are doing to update the DNS is apparently truncating the entry. What are you using for DNS?

rfwilliams777
Posts: 1312
Joined: Thu Nov 11, 2004 5:26 pm
Location: Kingsville, Texas

Re: DKIM help

Post by rfwilliams777 » Fri Nov 06, 2015 9:58 pm

Windows DNS
Robert Williams, Owner
www.WWSHosting.net
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and get your first 2 months FREE!
We can be hired to help you with your Mail Enable server, too!

dbly
Posts: 47
Joined: Wed Aug 20, 2008 9:18 pm

Re: DKIM help

Post by dbly » Fri Nov 06, 2015 10:11 pm

That explains it -- Window's DNS can't handle TXT records longer than 255 bytes. Regenerate your key as 1024 bits, and the shorter key will fix within your DNS constraints.

rfwilliams777
Posts: 1312
Joined: Thu Nov 11, 2004 5:26 pm
Location: Kingsville, Texas

Re: DKIM help

Post by rfwilliams777 » Fri Nov 06, 2015 10:19 pm

Got it!
Thank you very much for your help and patience.
So will I need to do the same thing as that I did for the other domains and email accounts I host with the adding the subdomain and all that? They are all hosted on the same server. Their bit length is 1024 by default.
Robert Williams, Owner
www.WWSHosting.net
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and get your first 2 months FREE!
We can be hired to help you with your Mail Enable server, too!

dbly
Posts: 47
Joined: Wed Aug 20, 2008 9:18 pm

Re: DKIM help

Post by dbly » Fri Nov 06, 2015 10:30 pm

Yes, since DKIM is on a per-domain basis it will need to be done for each of the domains.

I prefer to set up SPF, DKIM, and AutoDiscover records all at the same time since each of them require modifying the domain's DNS.

dbly
Posts: 47
Joined: Wed Aug 20, 2008 9:18 pm

Re: DKIM help

Post by dbly » Fri Nov 06, 2015 10:41 pm

Also, don't forget to create your policy record in DNS. At the very least you should have

_domainkey TXT t=y; o=~

t=y means testing
o=~ means that SOME messages are signed

Once you are sure that things are working, remove the t=y;

and if ALL of the email for that domain flows through mailenable and is signed, change the tilde to a hyphen ( o=- ) to indicate that all messages should be signed and any unsigned messages should be discarded.

Post Reply