Closed juddm closed 3 years ago
juddm
commented
3 years ago I think I can just copy my private and public key in to the relevant files in /etc/exim4/tls.d to use the record I generated. I'm leaving this issue open in case you want to comment on why the record the container is generating fails.
juddm
commented
3 years ago I believe the key generated is too large for the bind server but I can confirm that by generating my DKIM and copying the private and public keys in to the appropriate file in /etc/exim4/tls.d (which is mapped to the directory a launch the mailman docker container), that when I regenerate the container it generates a DNS TXT record which is able to be used in bind.
Angatar
commented
3 years ago Hi, The container self-generates a 2048 bits DKIM key which is becoming the new standard that should be accepted in most cases. You can of course use your own DKIM key as you said by replacing the relevant files in /etc/exim4/tls.d/
Regarding the error you reported, it seems to be a syntax error that might be due to a miss-configuration of the container EMAIL_HOST environment variable since the proposed DKIM TXT record by the container is built this way:
listsdkim._domainkey.${EMAIL_HOST} IN TXT \"v=DKIM1; k=rsa; p=$key
And you reported that the container suggested a TXT record starting with
listsdkim._domainkey.lists.sa.[tld] IN TXT ...
Which means that the EMAIL_HOST environment variable was set to lists.sa.[tld]
but the DKIM TXT record you reported working starts with:
lists._domainkey.sa.[tld] IN TXT ...
Which means that your email host MX RECORD was actually set in your DNS records to be sa.[tld] instead of the lists.sa.[tld] declared in ${EMAIL_HOST} environment variable of the container.
I think that if you make match the MX RECORD of your DNS with the ${EMAIL_HOST} environment variable of the container it might fix the observed error and you might benefit from using a 2048 bits DKIM key.
Hi, I've copied the dkim TXT record to my DNS and I am receiving a syntax error:
listsdkim._domainkey.lists.sa.[tld] IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA75p6i6YYw51PuRd9eSGgVwC09+d8PNSEX6m2qxb3GF0hlUzjFkR2uab0j9fLigNSI4cfqR6XDL5wFqf4VOuiOqvRsdgQgYf+3RFLZgKy+YwcKNHPYrKcwnXQZSKaJylJ9X9DlqJFAVr4m6XdOowCuVAtIJdsAh2eJ9HbkUGuqVVl+kobR7HzFGt7Yo6bdaQaQu8v70mejGg7YYaf3jaGg1knVJS2rz5ay3Di3xBjxRewRic0L3PO5c5onyCtOLSkrCuhg7oV+FaIqpQ50EG/BYJJHNChn0e1DP5T34o2fK/audQyCtaNzEujSO2nvTrfu2k//2app2QvgRZmnEj6CwIDAQAB"
[tld] = I removed my domain name
The error in bind is: dns_rdata_fromtext: /etc/bind/primary/sa/sa:275: syntax error
I can generate a separate dkim which does work:
lists._domainkey.sa.[tld] IN TXT "v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHaugpuWW72XLAGF+jXTALY89jpYUYt2Ca7j9tH2DXU7SDp8T1XcU3Ol5oLX5w8wGwTs/G361Rr4/W98c37LFoZWkte21JO9TGB944jqIkL1FXbJF4GsaDmetcaGO63ICAzBbNIx/8cdwlvbVTdFWsvWgf4DCyIVvhwr+8qc42hwIDAQAB"
Any ideas? Can I just use my key ? Can i update the private key somewhere on the image ?
Thanks for any help you can provide.