as in the title I am struggling with the creation of the dkim key.
For key creation I use these commands
openssl genrsa -out s1024.private 1024
openssl rsa -in s1024.private -out s1024.public -pubout -outform PEM
In this way I got the public and private keys.
After that I put the private key in /etc/dkim/ dir
and I make the test about the key in this way
dkim-testkey -d
hostname
-s s1024 -k /etc/dkim/s1024.private
the parameters means
- -d is related to the domain
- -s is the selector is the config file in this case is s1024
- -k is the key to match
and the result is this one
dkim-testkey: keys do not match
How is possibile?
I have done the same procedure on another 60 different servers and everything was fine.
And of course the other 60 servers are cloned from the same debian image.
I also tried to uninstall and reinstall the dkim package but still nothing.
So any idea about why?
Best Answer
My reading of the man page indicates the verifier will use DNS to lookup the public key. Add a new selector for your new key to DNS. Do not reuse your existing selector for the new key. If you don't need ongoing verifiability, you can schedule deletion of the current selector at a future date (at least a week or so after the switch).
Don't start using the new key until it is published and the verifier tool reports you have correctly setup the DNS records. Unfortunately, a high percentage of the DKIM email I receive is missing the support DNS data.
See my article on Implementing DKIM with Exim for detail on selector management.