Working DKIM TXT entry is different now?

[sir-marv]

I was struggling to get emails to properly show up in Gmail due to DKIM errors with the TXT entry shown at the end of the script. I used the original TXT record in /etc/postfix/dkim/mail.txt and that seemed to fix it (you have to remove the extra lines between quotation marks as well).

[LukeSmithxyz]

Where they visibly different in some way or are you just saying it was hard to copy?

[sir-marv]

The mail.txt contained a sha256 hash. My mail.txt that was setup by openDKIM in this shell script.

I did some testing this morning and removed the hash from the TXT record and it looks like I am getting emails to Gmail now, however they do show DKIM as FAIL. Testing by sending an email to check-auth@verifier.port25.com returned that the DKIM does error out without the hash, but I am able to get emails to Gmail now. If I put in the hash in the TXT record, it appears to be fine.

[LukeSmithxyz]

DKIM is failing? How did you input the TXT entry? Do you have a web interface or a DNS server proper?

Some web services might require only mail._domainkey while some might want mail._domainkey.yourdomain.com.

[sir-marv]

DKIM is working fine now. I use epic and have a similar setup to yours. I just noticed that the DKIM output is slightly different than what this script outputs and thought maybe that was the cause of my issue. However, I did change a few things in my record as well when I put the full DKIM key in my record so I can't say for sure this was the issue. Closing for now.

[s0m3OnE47]

I had same issue. Solved using this. But my mails are going to spam in gmail. All tests are passing on https://www.appmaildev.com/en/dkim

[Abdulee]

wow surprisingly enough this worked! I just removed the inverted commas from the /etc/postfix/dkim/mail.txt and then put it in my registrar and it passed the dkim test on the appmaildev.com i think the reason might be because in when the script spits out the record it doesnt include some tab spaces whereas in that txt file tab spaces make the difference maybe xD?

[rajrkane]

This issue is still occuring. From the test, the error message is DKIM-Result: permerror (no key). I have the following content in /etc/postfix/dkim/mail.txt

mail._domainkey IN      TXT     ( "v=DKIM1; h=sha256; k=rsa; "
          "p=<string1>"
          "<string2>" )  ; ----- DKIM key mail for <site>

I have copied the value in parentheses w/o quotation marks to the registrar as

v=DKIM1; h=sha256; k=rsa;           p=<string1>           <string2>

But the error persists.

Have I removed too many quotation marks or not copied it correctly?

[rajrkane]

Also updated the value in dns_emailwizard file to mirror what I copied to the registrar. I seem to have exhausted the solutions in the various threads but still getting the same error.

[sir-marv]

I had to use quotes for my TXT record with my registrar (Epik). Passes this DKIM check https://appmaildev.com/en/dkim .

Host: mail._domainkey TXT value: "v=DKIM1; k=rsa; p= --string--"

[rajrkane]

I think epik adds quotes by default.

Probably going to fold on this for now. Reran the script, reconfigured everything but still getting the permerror.

[alexnils]

TL;DR: Manually enclose your TXT records with quotation marks to get it to work.

After failing the DKIM test with permerror (no key), I looked into what was causing the problem.

You can access your TXT records thus: $ host -t txt yourdomain.com $ host -t txt _dmarc.yourdomain.com $ host -t txt mail._domainkey.yourdomain.com

I noticed that the main domain and the _dmarc one returned the text values I had assigned them, but mail._domainkey would return mail._domainkey.yourdomain.com has no TXT record.

After a lot of tinkering I found out that this is a problem with Epik and the way it auto-inserts enclosing quotation marks four you TXT records. This apparently messes up the mail._domainkey record (but not the other ones) in such a way that it is not found upon query. The way I got it to work was to add enclosing quotation marks myself instead of relying on Epik to do this for me.