[SOLVED] DKIM creates invalid signature

Discussion forum for Enterprise Edition.
Post Reply
Matth
Posts: 133
Joined: Fri Nov 08, 2002 8:34 am
Location: Hong Kong

[SOLVED] DKIM creates invalid signature

Post by Matth »

I just tried to setup a DKIM on one of my domains.

I followed the steps lined out in the documentation. My server is a MailEnable Enterprise Premium Edition (V8.60)

Everything looks fine so far, yet when I send a test mail to dkimvalidator.com, I get the following result:
DKIM Information:

DKIM Signature

Message contains this DKIM Signature:
DKIM-Signature: v=1; c=simple; h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type:Reply-To;
d=karl.ch; s=karlch201510; i=mxxx@karl.ch; a=rsa-sha256;
bh=aUeS+HRdqPzXygjnfjMAaLJ/cIrlRofiLetPNTqoEIY=;
b=HWYDrBidi8tjLjn13y/ElG8n8okT5AjPhdvSNuOBdBPUhRHWdVi4MKhsEq+DYaABt
MCugm3njkwQgnxuv4oQzT1HnWu+/2ZoZMOtwiNYrpeCpXiFK9bp3Mw84hXsymSy54T5
dlsUNqdDk09BRyLuXGGY6rWNhq2TBC6lJNXRgzwQVhT5owinkNBXY+6dM3FKF91nQ09
QaBaaZZlNgOLOCGgE4J8AN7hrZd82j2+q7x3NTCRA1hkL9+8QhYudK/dfLZyMvXSpzY
3M3YphtA0laj9pxixmy87sdJKd+QoIoOXt4h+lJal+JVNC9GM7cgasB+jxTET/gOCuX
7UQ1HKCkw==;


Signature Information:
v= Version: 1
a= Algorithm: rsa-sha256
c= Method: simple
d= Domain: karl.ch
s= Selector: karlch201510
q= Protocol:
bh= aUeS+HRdqPzXygjnfjMAaLJ/cIrlRofiLetPNTqoEIY=
h= Signed Headers: From:To:Subject:Date:Message-ID:MIME-Version:Content-Type:Reply-To
b= Data: HWYDrBidi8tjLjn13y/ElG8n8okT5AjPhdvSNuOBdBPUhRHWdVi4MKhsEq+DYaABt
MCugm3njkwQgnxuv4oQzT1HnWu+/2ZoZMOtwiNYrpeCpXiFK9bp3Mw84hXsymSy54T5
dlsUNqdDk09BRyLuXGGY6rWNhq2TBC6lJNXRgzwQVhT5owinkNBXY+6dM3FKF91nQ09
QaBaaZZlNgOLOCGgE4J8AN7hrZd82j2+q7x3NTCRA1hkL9+8QhYudK/dfLZyMvXSpzY
3M3YphtA0laj9pxixmy87sdJKd+QoIoOXt4h+lJal+JVNC9GM7cgasB+jxTET/gOCuX
7UQ1HKCkw==
Public Key DNS Lookup

Building DNS Query for karlch201510._domainkey.karl.ch
Retrieved this publickey from DNS: v=DKIM1; a=rsa-sha256; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAufbE0DDA1qXg4uM1iIwegMnc9xuJY8j8WozjB8IXfHZs3beiUuLZtnTQwS5KyBUMF8d06GuNQgCkTawWycfvXD+pZrtVX
Validating Signature

result = invalid
Details: public key: OpenSSL error: bad base64 decode
The result is clearly invalid and it shows an error with bad base64 decode.

When I try to test it at www.mail-tester.com/spf-dkim-check and enter my DKIM selector, I get an error saying:
We were not able to retrieve the key length, there is maybe an issue in that key
Yet I do have copied over all the data in the box in the DKIM configurator.

What am I doing wrong?

Matth
Posts: 133
Joined: Fri Nov 08, 2002 8:34 am
Location: Hong Kong

Re: DKIM creates invalid signature

Post by Matth »

I figured it out.

The windows DNS server truncates longer single line TXT entries and therefore the public key was invalid.

I had to break the DNS entry into multiple lines and then it would store the whole key. Now it works.

rfwilliams777
Posts: 1370
Joined: Thu Nov 11, 2004 5:26 pm
Location: Kingsville, Texas

Re: [SOLVED] DKIM creates invalid signature

Post by rfwilliams777 »

Can you show me an example of your Windows DNS because I fear I have the exact same issue.
Robert Williams, Owner
www.WilliamsWebSolutions.com
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and we will migrate your accounts to us for FREE!
We can be hired to help you with your Mail Enable server, too!

Matth
Posts: 133
Joined: Fri Nov 08, 2002 8:34 am
Location: Hong Kong

Re: [SOLVED] DKIM creates invalid signature

Post by Matth »

Hi

It's very simple. Instead of pasting the copied key phrase directly into the window, just use the return key to split the whole long line into mulitples. Check where the key was cut off and place the cursor a few characters before that and split the line. You'll have to do that mulitple times. My key is split over three lines as you can see here below:
DKIM key.png
DKIM key.png (79.48 KiB) Viewed 22453 times

sri
Posts: 3
Joined: Thu Aug 31, 2017 10:32 pm

Re: [SOLVED] DKIM creates invalid signature

Post by sri »

I noticed that you placed + sign at the beginning of every new line. is that mandatory?
Please advise

sri
Posts: 3
Joined: Thu Aug 31, 2017 10:32 pm

Re: [SOLVED] DKIM creates invalid signature

Post by sri »

I tried the same, but still no go.
Not sure if it's because I'm using a Standard version of the product and not Enterprise like you are.

- Sri

Post Reply