Hello everyone. I am running 3.2.2 version with no problem except mail-tester.com fails me for my DKIM. I have the DNS setup correctly. It shows the mail signature and shows my public key, But says your DKIM signature is invalid. I am assuming maybe my private key is wrong or something? If so how do I re-generate this so I can publish a new public key?
Thank you!
J
Well, can you explain where you got the DKIM record to put in your DNS ? Did you use yunohost domain dns-conf your.domain.tld (or the equivalent from the webadmin) ?
Sorry for the late reply, and sorry for not providing more info. I got the DKIM info exactly like you said. I copied that info directly into my DNS record successfully. mxtoolbox confirms.
Iâm assuming I just need to regen the config. Such as the private key not matching but I canât find any yunohost docs on how to do that. And to confirm if the selector should me mail._domainkey ?
Well to me you donât need to regen anything.
Can you check that everything looks okay (at least for the mail / DKIM part) with this script :
wget https://raw.githubusercontent.com/alexAubin/yunoScripts/master/yunoCheckDNS.py
bash yunoCheckDNS.py your.domain.tld
Itâs not running correctly for me. Running debian 9.5. Python 2.7.13.
yunohost version:
yunohost:
repo: stable
version: 3.2.2
yunohost-admin:
repo: stable
version: 3.2.1
moulinette:
repo: stable
version: 3.2.0
ssowat:
repo: stable
version: 3.2.0
Below is the output.
import-im6.q16: unable to open X server ' @ error/import.c/ImportImageCommand/358. import-im6.q16: unable to open X serverâ @ error/import.c/ImportImageCommand/358.
import-im6.q16: unable to open X server ' @ error/import.c/ImportImageCommand/358. import-im6.q16: unable to open X serverâ @ error/import.c/ImportImageCommand/358.
import-im6.q16: unable to open X server ' @ error/import.c/ImportImageCommand/358. import-im6.q16: unable to open X serverâ @ error/import.c/ImportImageCommand/358.
yunoCheckDNS.py: line 19: syntax error near unexpected token (' yunoCheckDNS.py: line 19:resolver = subprocess.check_output(âcat /etc/resolv.dnsmasq.confâ.split()).split("\n")[0].split(" ")[1]â
Sorry, I typed this too quickly
The second command should be :
python yunoCheckDNS.py your.domain.tld
(and not bash)
ahh ok. Output below:
SRV record for _xmpp-client._tcp : OK! 
SRV record for _xmpp-server._tcp : OK!
CNAME record for muc : OK!
CNAME record for pubsub : OK!
CNAME record for vjud : OK!
MX record for @ : OK!
TXT record for @ : OK!
TXT record for mail._domainkey : OK!
TXT record for _dmarc : OK!
A record for @ : OK!
I just wanted to add, I donât have any trouble sending or receiving email. Itâs been like this for almost 2 years and Iâve not had any trouble, but Itâs always puzzled me why mail-tester.com thinks my DKIM is invalid. It scores me at like 5.9.
Weell that is weird ⌠Do you have the exact message from mail-tester.com ?
Also maybe your postfix + rspamd config is not up to date ?
If you run :
yunohost service regen-conf --dry-run
do you see some stuff related to postfix and rspamd config ?
Warning: The configuration file â/etc/nslcd.confâ has been manually modified and will not be updated
Warning: The configuration file â/etc/postfix/main.cfâ has been manually modified and will not be updated
Success! The configuration would have been updated for service âdnsmasqâ
Warning: The configuration file â/etc/fail2ban/jail.confâ has been manually modified and will not be updated
dnsmasq:
applied:
/etc/resolv.dnsmasq.conf:
status: updated
pending:
fail2ban:
applied:
pending:
/etc/fail2ban/jail.conf:
status: modified
nslcd:
applied:
pending:
/etc/nslcd.conf:
status: modified
postfix:
applied:
pending:
/etc/postfix/main.cf:
status: modified
Below is a fresh mail-tester.com output for the DKIM failure:
DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.
The DKIM signature of your message is:
v=1;
a=rsa-sha256;
c=relaxed/simple;
d=REDACTED.com;
s=mail;
t=1541170798;
bh=dFXOtBYl3yl9dSNf/dxJGuMv9ZUM2RsxLxGHbFIeRis=;
h=Date:From:Subject:To;
b=rCdCcS2BhigOpePQnJGTqaLPyxeB8hFn1lnrCxP49hnxVKltUhKGVyDd/2jCDHWawVZwwoNMj4lscC19XcEE0odbLRs6oVKbnX/yyvx/cIJ1YADgi/r9cVaJuHWIzqsL6IGXBD6gozULP7bbx9LU5qAQ7OKHWLoRsxRHGFobpUc=
Your public key is:
âv=DKIM1;
k=rsa;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFknLFk2BW/GOpM+rbknTqhzJWfbuGsOJR4yX6qYe/99RDhWD8pmPf6BUSM9gcQEUspdek70fqo9tbwxSMBce6VPCt8+0aJXl+pyV1kCjjeDgV9zUr69Ni50i2n05gnZGAgiRRmIaR9stmR+mwAnmsca2vOl5Gb32vPK2D64MhuQIDAQABâ
Key length: 1024bits
Your DKIM signature is not valid
Edit: sorry for french 
Well then itâs talking about postfix so thatâs probably the source of the issue. You should look in detail with :
yunohost service regen-conf postfix --dry-run -d
And if nothing surprises you (well itâs a bit technical :/), apply the changes with :
yunohost service regen-conf postfix --force
Hey, 
problem, french is ok.
Nothing looked unusual. I applied the --force config update. Shall I re-test?
Yes, retest with mail-tester.
That did the trick. 8.8/10 now.
Aleks sir, you are the man. I appreciate the prompt help.
Cool cool cool 
!
Aleks, very cool script. Really helps âdebuggingâ when using an external nameserver. You should consider integrating it into Yunohost.
Yup, thatâs on the way ⌠if I ever find time to work on it between all the things to do âŚ