DKIM not add key on outbound mail

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
edudneto
Posts: 8
Joined: Sat Sep 13, 2014 3:53 am

DKIM not add key on outbound mail

Postby edudneto » Fri Feb 12, 2021 1:07 pm

Hello
I made the activation of dkim in zimbra but it is not including the key in the outbound email.

Do you have any other settings that need to be done?

-----------------------------------------------------------------------------------

Code: Select all

zimbra@srvwebmail:~$ /opt/zimbra/libexec/zmdkimkeyutil -q  -d p.pinhais.pr.gov.br

DKIM Domain:
p.pinhais.pr.gov.br

DKIM Selector:
009E2A64-6D2D-11EB-BD49-6D0E59BB17BC

DKIM Private Key:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAwTS2pSGBqxQD2gU1nHrc26cPObd/f75GITHT5lPiRvImwxrd
q7KRVUgSJT55FK8CBpqaoA1BB06bHX4RyFAtd6xJwq3AvvohLkKAh8c/RrdqvP2C
1e3CAwCPEf/BlSphSFr4pADf1xZFMPXhrv4Nikvoj6V6ynsr780OdP1DQaYGDL6a
PLc6euo3yuLUStxNhzJkM5SezlgQn8jAfxQzJrmCR09xZAPZCbzXqj/HbWEo4Qrc
CPOFs1up8twDGDcO1EerHPf57+bd5TVHO737WH5WNzpQ9olJ0eZ5lKIkbJfubw/a
TjOuJdHoBocZ8UoNTddxf4qGBOyrLSuGE2zmTQIDAQABAoIBABiHGKjeGBgf8l07
TBMRhfhcvRIWuZj+Dukn6j7TZ2aaV1Ftl7a0dL7e527S/4wgq6Eq/3ZSOG81C3wz
BQ7pHtySgsq0REP6fTviNW8HXIEdx+82P+XoyTiYWZFvZqQJPVByPB6V/dTQfvg4
Pu54Uj+8Y0nZOD18ZZeL8MnpXSB4OsQVIvg2djm6+qk/mTIiTx6dYK1TNu+QYeHa
tJmERXCbg5E8Slzabhfw6lFqdGpSTNJumDu7H1zLSxarSginyeROwqzsu8scRWU7
KAjHgMt+dA6PHUfv9r0Mx3MYNUgVqhogftVyqYGyP2qPbB5gn8puqcikSGA2u3mW
qyYEwAECgYEA6UQ4mO4JGZh5TbGVkz+KWbUlnJVdkH6gXPIL/J12gQKC6F7bmuo8
bdDPFKaXX+D+uiH7pzrIL527rO+85eCowKM58N9XTK4+v5mh2n6k3qD/cSeGceCi
cb/5DAd2SGLKk8VnnPWijpNS7icw3rOt+cHUWDNCCNmq6NzCRnWQPKECgYEA1AkE
zbJUFY44KfgAYP2sf5uC9JS90S4D9w5VrJzpixlaaUUCvhI/NIDWD74YeKHW48Ub
rZhnjHyug9gYMz/eeSR6zhDYiBeP+s2HM4KHGDGccnIRC6sn3o/ZmODfyVJTr9af
mD1xpdaQqjd+4y9u1yUq2JS2PgPmUozmJh5bfi0CgYEAu+nsWi5wAEGXfuJPZ6ap
UmkemoytKikIELggtek3vOgEAyPfb2XBNoofODiX+3IqYlHcA7TT7Z/4v3EF0H3y
E/WqSIPzNN+txvYBsB2TvZEfFs3LfdODqXUIMQuV2uxS20YMmSI8SPUfuqCxusYu
oePmpwLr8GtBRoQIsXAluOECgYEAm1N0Al9Ve2jwucXkOSj7mYtJVnQzzS3BV9VX
a5iS+QP8mEsmpChnxsVuip+9+3jLG5XEHdocWOzpRsohiEGMbwALOjNa++8O2TKA
jXpcDpwhODFZTUv3a/HC/FwXc7psdc5qoTK5szvIQ/ldaX3Q26hth7UA/9MJgYWX
/2qTqY0CgYBuAfO8lsIoDb+C6JVaTAmS5aWKIPryO+7fWKmD77idd9/7LY5xWiK0
hjSywSbh/fgDrfPWKEfJPTVP2WF7OYtDOtXT7TF+4XFxlgn06BAB33Ff8103jckE
7dFVaTMcU1a2ofeeTGcA2EAPNWVZp7QSorsOX8D53zSaU54Q0J1j5g==
-----END RSA PRIVATE KEY-----

DKIM Public signature:
009E2A64-6D2D-11EB-BD49-6D0E59BB17BC._domainkey IN      TXT     ( "v=DKIM1; k=rsa; "
          "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTS2pSGBqxQD2gU1nHrc26cPObd/f75GITHT5lPiRvImwxrdq7KRVUgSJT55FK8CBpqaoA1BB06bHX4RyFAtd6xJwq3AvvohLkKAh8c/RrdqvP2C1e3CAwCPEf/BlSphSFr4pADf1xZFMPXhrv4Nikvoj6V6ynsr780OdP1DQaYGDL6aPLc6euo3yuLUStxNhzJkM5SezlgQn8"
          "jAfxQzJrmCR09xZAPZCbzXqj/HbWEo4QrcCPOFs1up8twDGDcO1EerHPf57+bd5TVHO737WH5WNzpQ9olJ0eZ5lKIkbJfubw/aTjOuJdHoBocZ8UoNTddxf4qGBOyrLSuGE2zmTQIDAQAB" )  ; ----- DKIM key 009E2A64-6D2D-11EB-BD49-6D0E59BB17BC for p.pinhais.pr.gov.br

DKIM Identity:
p.pinhais.pr.gov.br


-----------------------------------------------------------------------------------------------------------------------
No email as it arrives


Code: Select all

Return-Path: <eduardo.dalbello@p.pinhais.pr.gov.br>
Delivered-To: eduardo@oceanoinfo.com
Received: from mx.mail.oceanoinfo.com
   by cloud-clone (Dovecot) with LMTP id tAAJDVF0JmDufQAAZ2f/Og
   for <eduardo@oceanoinfo.com>; Fri, 12 Feb 2021 10:28:01 -0200
Received: from srvwebmail.p.pinhais.pr.gov.br (srvwebmailp.p.pinhais.pr.gov.br [201.40.244.149])
   by mx.mail.oceanoinfo.com (Postfix) with ESMTP id 3171289308
   for <eduardo@oceanoinfo.com>; Fri, 12 Feb 2021 10:28:01 -0200 (BRST)
Date: Fri, 12 Feb 2021 12:28:00 +0000 (UTC)
From: "eduardo.dalbello Dalbello Neto" <eduardo.dalbello@p.pinhais.pr.gov.br>
To: eduardo <eduardo@oceanoinfo.com>
Message-ID: <1838525528.3.1613132880608.JavaMail.zimbra@p.pinhais.pr.gov.br>
Subject: teste
MIME-Version: 1.0
Content-Type: multipart/alternative;
   boundary="=_c63163e0-0d33-4979-97da-cae0127f3ce5"

--=_c63163e0-0d33-4979-97da-cae0127f3ce5
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

teste

--=_c63163e0-0d33-4979-97da-cae0127f3ce5
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><div>teste</div></div></body></html>
--=_c63163e0-0d33-4979-97da-cae0127f3ce5--
Last edited by edudneto on Fri Feb 12, 2021 7:36 pm, edited 1 time in total.


Klug
Elite member
Elite member
Posts: 2421
Joined: Mon Dec 16, 2013 11:35 am
Contact:

Re: DKIM not add key on mail

Postby Klug » Fri Feb 12, 2021 3:52 pm

What does "zmcontrol status" say?
edudneto
Posts: 8
Joined: Sat Sep 13, 2014 3:53 am

Re: DKIM not add key on mail

Postby edudneto » Fri Feb 12, 2021 7:23 pm

Klug wrote:What does "zmcontrol status" say?


Code: Select all

zimbra@srvwebmail:~$ zmcontrol status
Host srvwebmail.p.pinhais.pr.gov.br
        amavis                  Running
        antispam                Running
        antivirus               Running
        ldap                    Running
        logger                  Running
        mailbox                 Running
        memcached               Running
        mta                     Running
        opendkim                Running
        proxy                   Running
        service webapp          Running
        snmp                    Running
        spell                   Running
        stats                   Running
        zimbra webapp           Running
        zimbraAdmin webapp      Running
        zimlet webapp           Running
        zmconfigd               Running
zimbra@srvwebmail:~$
edudneto
Posts: 8
Joined: Sat Sep 13, 2014 3:53 am

Re: DKIM not add key on mail

Postby edudneto » Fri Feb 12, 2021 7:31 pm

This is a new server just installed.

Versão 8.8.15_GA_3996.FOSS 12 de Jan de 2021
Zimbra 8.8.15_GA_3996.FOSS (compilação 20210112040327)


Code: Select all

zimzimbra@srvwebmail:~$ zmcontrol -v
Release 8.8.15.GA.3869.UBUNTU18.64 UBUNTU18_64 FOSS edition, Patch 8.8.15_P18.


Klug
Elite member
Elite member
Posts: 2421
Joined: Mon Dec 16, 2013 11:35 am
Contact:

Re: DKIM not add key on outbound mail

Postby Klug » Fri Feb 12, 2021 11:04 pm

Anyway...

Now you have posted your private key and selector on the forum, you should delete the current DKIM config for this domain.
Then restart zimbra, at least the full MTA (zmmtactl restart).
Then recreate a new DKIM configuration for the domain and restart zimbra (MTA) again.
edudneto
Posts: 8
Joined: Sat Sep 13, 2014 3:53 am

Re: DKIM not add key on outbound mail

Postby edudneto » Sat Feb 13, 2021 12:09 am

Klug wrote:Anyway...

Now you have posted your private key and selector on the forum, you should delete the current DKIM config for this domain.
Then restart zimbra, at least the full MTA (zmmtactl restart).
Then recreate a new DKIM configuration for the domain and restart zimbra (MTA) again.


Yes of course when solving the problem I will generate a new key
User avatar
JDunphy
Outstanding Member
Outstanding Member
Posts: 573
Joined: Fri Sep 12, 2014 11:18 pm
Location: Victoria, BC
ZCS/ZD Version: 8.8.15_P20 RHEL6 Network Edition
Contact:

Re: DKIM not add key on outbound mail

Postby JDunphy » Sat Feb 13, 2021 2:59 am

Unless you removed your entry, it doesn't appear to be published via DNS from where I am. You can pull your txt record yourself and compare against what zimbra generated for you or use something like https://dkimcore.org/c/keycheck to track this down. I would start with making sure DNS looks good for that TXT record. One common problem is for people that don't run their own BIND servers and use a service that has a web form... in that case, you need to concatenate the record together and remove the extra double quotes. There is more in this thread below explaining that.

Ref: viewtopic.php?t=60548
edudneto
Posts: 8
Joined: Sat Sep 13, 2014 3:53 am

Re: DKIM not add key on outbound mail

Postby edudneto » Sat Feb 13, 2021 8:38 am

JDunphy wrote:Unless you removed your entry, it doesn't appear to be published via DNS from where I am. You can pull your txt record yourself and compare against what zimbra generated for you or use something like https://dkimcore.org/c/keycheck to track this down. I would start with making sure DNS looks good for that TXT record. One common problem is for people that don't run their own BIND servers and use a service that has a web form... in that case, you need to concatenate the record together and remove the extra double quotes. There is more in this thread below explaining that.

Ref: viewtopic.php?t=60548


I understand but the problem I am having is that he is not including the dkim record in the email sent.
As if the server did not have opendkim active.
User avatar
JDunphy
Outstanding Member
Outstanding Member
Posts: 573
Joined: Fri Sep 12, 2014 11:18 pm
Location: Victoria, BC
ZCS/ZD Version: 8.8.15_P20 RHEL6 Network Edition
Contact:

Re: DKIM not add key on outbound mail

Postby JDunphy » Sat Feb 13, 2021 5:07 pm

It runs as a milter I believe. Is /opt/zimbra/conf/opendkim.conf present? Does it look sane for your environment? What about master.cf? Do you see the DKIM entry. What about amavisd.conf? Is DKIM verification enabled?

Ref: https://wiki.zimbra.com/wiki/Configurin ... IM_Signing

Generally it is fairly uneventful to configure DKIM with zimbra so lots of guesses of what may have gone wrong for you.
edudneto
Posts: 8
Joined: Sat Sep 13, 2014 3:53 am

Re: DKIM not add key on outbound mail

Postby edudneto » Sun Feb 14, 2021 11:59 pm

JDunphy wrote:It runs as a milter I believe. Is /opt/zimbra/conf/opendkim.conf present? Does it look sane for your environment? What about master.cf? Do you see the DKIM entry. What about amavisd.conf? Is DKIM verification enabled?

Ref: https://wiki.zimbra.com/wiki/Configurin ... IM_Signing

Generally it is fairly uneventful to configure DKIM with zimbra so lots of guesses of what may have gone wrong for you.


Hello I made several changes on the server.
But at first I believe there will be some restrictions on my firewall.

But it was soon after disabling services and then reactivating that it went back to work.

Code: Select all

$ zmprov ms 'srvwebmail.p.pinhais.pr.gov.br' -zimbraServiceEnabled antispam
$ zmprov ms 'srvwebmail.p.pinhais.pr.gov.br' -zimbraServiceEnabled antivirus

$ zmcontrol restart

$ zmprov ms 'srvwebmail.p.pinhais.pr.gov.br' +zimbraServiceEnabled antispam
$ zmprov ms 'srvwebmail.p.pinhais.pr.gov.br' +zimbraServiceEnabled antivirus

$ zmcontrol restart

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 13 guests