I'm using Mail Enable on my VPS and have copied the generated DKIM (see screenshot 1) to my DNS. (yes, I've restarted the VPS already):
Now my DNS settings are configured at hosting company A, and point to the VPS I host at company B:
The strange thing now is that when I try and check the DKIM validity, dmarcanalyzer.com says it's incorrect whereas mxtoolbox.com shows it's correct.
The DKIM report I get from Google (and other email service providers) shows fail
for the dkim node. See the full report here:
I'm sending my emails via localhost
(and prefer to keep doing so), but am also wondering if localhost
and a DKIM for a specific domain may conflict and cause this issue.
I've been in contact with hosting company A, and they state the DNS settings are correct and everything is configured and working as expected on their end.
I have no idea where else I can and need to configure my DKIM settings now.
ps. I also checked here:
- Properly configuring DNS for email sending on multi-domain hosting VPS
- How to fix DKIM for mail on VPS hosting?
UPDATE 1
Via mail-tester.com, I get the DKIM signature of your message is:
v=1;
c=relaxed/relaxed;
h=mime-version:from:date:message-id:subject:to:content-type;
d=example.com;
s=default.domainkey;
a=rsa-sha256;
bh=9GbEYuoERz+rKK0duec8ZYNDPzF429KQdM3YJavh32U=;
b=YQxDCBHCx1n1aLE0uVyOb2QsT2wOnkFqziZcyZtdNsGtMwz2y7ItPpB1MMkL5VZJl8Jgtszh9DomKhBPQ50WwAmIi/ayrR8hq61h0I2zdBNOs9A2bTYSBd/H11iTXGOuc8FFS3GHj+ohh3E+r+V6gvi4NF5shQ041OEdeZNUigUDRRr0eRDUnrK2/jq5ERWNDcg3MCDZI7Kcgj75BDJKfxBioVesKTV3/iLLuoBiDdVRdjqdAQC0Izc7KXweYab0wAiWvsCKvzBAyh0ieYFYHR4Wy3RAsKNUAwJkOJLF2IzvIBJaeIU8KVqJHONJ+IV40l13EsMZQUINZhJG9hvbbw==;
UPDATE 2
As per @anx's suggestions below I generated a new key rsa2021
and added that to my DNS:
"v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAum44LLMyisKD6mOwTaXQqNjYsI6bNBS4uzhA03RaifyRDmmIKUPNv1bGb3QGihdDFzKbL+aax6o3INZSFcf1o5rKr8+3a2gAf+p2daNlycFQFmsWK94h4Vtu6j0VZ5E7bElFI0NQ/MYBOVwUST6H5DOsygGK9uWm8zVSBk8QtknZlLCPJYjHYc8V3dejnYcNIjBDtPKCB20E0q0pzIm63Dn8Z78J9wSvsSGl4FLN/3Tr96RLxwhqu+tFN04OVpdmlKnM7IQ3pGFMSEXqUoucndPUqzaNgT/u8GtowBoz72UgpDzuxkiehvg7PK/FPC6Vj/jTwe9d3oj/ZMN2ujMWYQIDAQAB;"
I then send an email via smtp.example.com
and then checking here: http://isnotspam.com
I still see DKIM fails:
* 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
X-Spam-Status: Yes, hits=6.4 required=-20.0 tests=BAYES_99,BAYES_999,
DKIM_SIGNED,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,MISSING_SUBJECT,
SPF_PASS,T_DKIM_INVALID autolearn=no autolearn_force=no version=3.4.0
Envelope-to: [email protected]
Delivery-date: Fri, 13 Aug 2021 09:07:46 +0000
Received: from vpsnr12.myisp.com ([12.12.12.12] helo=mail.domainA.com)
by localhost.localdomain with esmtp (Exim 4.84_2)
(envelope-from <[email protected]>)
Best Answer
Your DKIM selector is.. odd.
While this is perfectly valid..
.. because DKIM keys are stored in a subdomain named "_domainkey" it is unusual to have the selector also contain "domainkey". If you really wanted that as a selector, you would place the key at
default.domainkey._domainkey.example.com
- I did not notice at first because I confirmed the key atdefault._domainkey.example.com
.Recommendation: Remove the extra
domainkey
out of the two such labels. Only use periods in the selector if intend to make use of how that interfaces with the meaning of dots in DNS context, otherwise it is just an unnecessary source of confusion.Configure a key with a name actually encoding something that helps remember what this key is or at some later point: was (which is my main reason to recommend things like
rsa2021
overdefault
). Depending on how your mail server is configured, you may want to delete the misplaced key and generate a new one, this time setting a name from the start - this is to avoid other mismatches in the configuration.