View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions DKIM DNS TXT record
Log in to Ask a Question

DKIM DNS TXT record

email

I just setup dkim using opendkim on an ubuntu 10.04 server. Everything seemed to go smoothly but when I send a test email to autorespond+dkim[at]dk.elandsys.com, I get the following:

> The results are as follows:

DKIM Signature validation: not available

DKIM Author Domain Signing Practices: no DNS record for adsp.domainkey..com

ADSP is not required for DKIM signature validation.

Note: The authentication results are not available as

there was no signature header or the signature could

not be verified

Information about DKIM is available at http://www.elandsys.com/resources/mail/ … ndkim.html">http://www.elandsys.com/resources/mail/dkim/opendkim.html

Information about ADSP is available at http://www.elandsys.com/resources/sendm … ndkim.html">http://www.elandsys.com/resources/sendmail/opendkim.html

Information about dkim-milter is available at http://www.elandsys.com/resources/sendmail/dkim.html

Information about DomainKeys is available at http://www.elandsys.com/resources/sendm … nkeys.html">http://www.elandsys.com/resources/sendmail/domainkeys.html

Original message:

Received: from liberty..com (li371-73.members.linode.com [96.126.122.73])

by mx.elandsys.com (8.14.4/8.14.5) with ESMTP id p8ALNUZr012213

for <autorespond+dkim@dk.elandsys.com>; Sat, 10 Sep 2011 14:23:36 -0700 (PDT)

Received: by liberty..com (Postfix, from userid 33)

id 4EBF8C7C0; Sat, 10 Sep 2011 17:23:29 -0400 (EDT)

DomainKey-Signature: a=rsa-sha1; s=; d=.com; c=simple; q=dns;

b=oLYMc16U1c9ztV4cnilGTdeA6qIARkvfB4fihzWuoVQWkJ2EmPHhkUHlQ1tFZIIm5

oj9zHzKTL7/oy+ohaBLyKDkY2yQ8ZbQMZ+Tm3NahrPgyF2PaLJhanSOU8tFBFwDtJ0w

iNdAVftNSc3Rd6dhbDQmeOQdwSzfnrK4fniOR+0=

X-DKIM: OpenDKIM Filter v2.0.2 liberty..com 4EBF8C7C0

To: <autorespond+dkim@dk.elandsys.com>

Subject: dkim test

X-PHP-Originating-Script: 0:func.inc

MIME-Version: 1.0

Date: Sat, 10 Sep 2011 17:23:29 -0400

From: "Steve O'Connor" .com>Message-ID: <9001db7d7036f684df27eb7a7d79e86b@localhost>

X-Sender: steve@.com

User-Agent: RoundCube Webmail/0.3.1

Content-Transfer-Encoding: 8bit

Content-Type: text/plain;

charset=UTF-8

This is a dkim test..com>

I set the TXT record as follows:

Name: ._domainkey

Value: v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQNJgrFoP7Af5

pSPbIKkajnT+rz/NWJGZFKG632mXTY0WVIRBPKJOztJTOB92EGsyfJ6tk

Ovv1n3rH6tmBFHkvWnfJEwE4HI1SGXs70Pt5iCfstx0hOZgGXcPVgbhI

aU3ITT23XV2a2wo+b8Eh7r8DBQ39FbCgZ+q+/iSRm3VY6wIDAQAB

TTL: Default

(Note that there are no line breaks in the actual entry.)

I waited at least a half hour to give the nameserver time to update. What am I missing?

3 Replies

Your DNS record is currently being published at "securifieds.domainkey.securifieds.com", looking at the output of the email it looks like the record should be at "adsp._domainkey.securifieds.com ".

$dig securifieds._domainkey.securifieds.com TXT

; <<>> DiG 9.6.0-APPLE-P2 <<>> securifieds._domainkey.securifieds.com TXT

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42443

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;securifieds._domainkey.securifieds.com. IN TXT

;; ANSWER SECTION:

securifieds._domainkey.securifieds.com. 86400 IN TXT "v=DKIM1\; g=*\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQNJgrFoP7Af5pSPbIKkajnT+rz/NWJGZFKG632mXTY0WVIRBPKJOztJTOB92EGsyfJ6tkOvv1n3rH6tmBFHkvWnfJEwE4HI1SGXs70Pt5iCfstx0hOZgGXcPVgbhIaU3ITT23XV2a2wo+b8Eh7r8DBQ39FbCgZ+q+/iSRm3VY6wIDAQAB"

;; Query time: 140 msec

;; SERVER: 192.168.1.1#53(192.168.1.1)

;; WHEN: Sat Sep 10 22:53:45 2011

;; MSG SIZE rcvd: 308

Assuming the email is proving the correct location for your TXT record you would want to rename it "adsp.domainkey".

Actually, it turns out that my opendkim config file was a little screwy, but thanks for pointing me in the right general direction.

@psandin:

Your DNS record is currently being published at "securifieds.domainkey.securifieds.com", looking at the output of the email it looks like the record should be at "adsp._domainkey.securifieds.com ".

$dig securifieds._domainkey.securifieds.com TXT

; <<>> DiG 9.6.0-APPLE-P2 <<>> securifieds._domainkey.securifieds.com TXT

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42443

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;securifieds._domainkey.securifieds.com. IN TXT

;; ANSWER SECTION:

securifieds._domainkey.securifieds.com. 86400 IN TXT "v=DKIM1\; g=*\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQNJgrFoP7Af5pSPbIKkajnT+rz/NWJGZFKG632mXTY0WVIRBPKJOztJTOB92EGsyfJ6tkOvv1n3rH6tmBFHkvWnfJEwE4HI1SGXs70Pt5iCfstx0hOZgGXcPVgbhIaU3ITT23XV2a2wo+b8Eh7r8DBQ39FbCgZ+q+/iSRm3VY6wIDAQAB"

;; Query time: 140 msec

;; SERVER: 192.168.1.1#53(192.168.1.1)

;; WHEN: Sat Sep 10 22:53:45 2011

;; MSG SIZE rcvd: 308

Assuming the email is proving the correct location for your TXT record you would want to rename it "adsp.domainkey".

Just in case anyone stumbles upon this thread in the future, it should be made clear that this advice is totally wrong. ADSP is an optional extra record with a completely different format that would tell everyone your DKIM signing policy, and is not required at all. The OP simply wasn't signing the message with DKIM.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct