Page 1 of 1

DKIM fail for internal email

Posted: Mon Jul 08, 2019 1:16 pm
by FredKarno
Hi folks,
When checking my DMARC set-up and poking through email headers, I noticed this:

Authentication-Results: (amavisd-new); dkim=neutral
reason="invalid (public key: OpenSSL error: too long)"

It was an email to me from another user on the same server and my server is set to use the default 2048bit key length.

[root@mail ~]# openssl version -v
OpenSSL 1.0.2k-fips 26 Jan 2017

Using Centos7

If I look at the headers of an email I sent to a webmail account (yahoo) I see a DKIM pass. I'm a little concerned as I'm trying very hard to block phishing emails that are pretending to come from our own domain and I was hoping that DKIM/DMARC would help with this.
Any clues for the clueless? :)

Re: DKIM fail for internal email

Posted: Mon Jul 08, 2019 1:35 pm
by phoenix
Is this ZCS server on a LAN? I believe this error happens when a private-key is associated with a wrong public-key or you have no public-key in your dns. If it's on a LAN then I'd check your DNS records. Does this happen with mail from all users or just one?

Re: DKIM fail for internal email

Posted: Thu Jul 11, 2019 9:40 am
by FredKarno
OOps! That is a very good point!
I've now configured the domainkey etc on our internal DNS servers and I'm trying to get it to work (stupid truncating MS web interface) but I'm sure that's the source of the issue.