Posted by DKIM is one of many tips for increase reputation of email server besides SPF records who has been explained on previous article. On this section, i will do generate DKIM on Zimbra and configure DKIM records on public DNS using cPanel.
First, login to Zimbra server via SSH and generate DKIM
su - zimbra /opt/zimbra/libexec/zmdkimkeyutil -a -d imanudin.net -s selector
The result of above command is like below
For records key DKIM is line on () starting with “v=DKIM1…..until double quote (“). Block and copy the records and check on website : http://dkimcore.org/tools/. Paste on key record for checking and validate.
The above result still problem on double quote (“). Please remove all double quote (“) and check it again
The above picture is valid DKIM key record after remove double quote (“) on all records DKIM. Block (Ctrl+a) and copy (Ctrl+c) the valid DKIM records and insert in public DNS. In here, i am using cPanel for insert DKIM records
Please try to send email to Gmail and see the result
If you has been saw Signed by on Gmail, it’s mean you has been success to configure DKIM. If no, usually still waiting for propagation of DNS
The following is example configure DKIM records on GIF
Good luck and hopefully useful 😀
hi iman,
Thanks for this guide. But how can I Set up DKIM for multiple domains on same host?
Thanks!
Hi Ferjun,
You only to repeat the guidance for other domain. Only change domain with other domain and the selector name should not same as previous domain
Hi , Iman,
i already setup my DKIM and check it to validator and it is pass , the question is why if i am sending from my mail server to gmail, or yahoo , they keep detect my mail as a spam? , i also check my hosting IP VPS to RATSdyna and my ip is not on the list
and this is the log from yahoo :
From test mail Tue Aug 11 03:42:07 2015
X-Apparently-To: example@yahoo.co.id; Tue, 11 Aug 2015 03:42:16 +0000
Return-Path:
X-YahooFilteredBulk: xxx.xxx.xxx.xxx
Received-SPF: pass (domain of example.com designates xxx.xxx.xxx.xxx as permitted sender)
X-YMailISG: AiAc7WYWLDsTz2IomQVdC3w48ILd96e9bh_2Jl23wfi2lf7u
I408TTKuNZ8co9zlq9kxQ1fCGyNan9JdWVhBKBABXkjtFeHXx5il1YYK6ikQ
vSJsqLfUteGbsjz8M2Sw.vo6pQiVScASzQ8zzuYxQiGkVJMX1qQF7vzRcpz9
21kFf_smLh164CNak.FO.D3FP9WhpZOB007PDMwcpRudTe690TQ7amo2LUx1
dbcwkHVvnq.PjP2ZbwJu15v5rlnyQ87xzc6kwBZYGUiHclorL0Nonb1odC6i
VDTdAdEZ_IJbDLbnKlWrcazoLj7uHI0cjp7j6YL8.cP2XTHDzpHYz4BEdcNe
bvEGIev5HC6xi.xXdeREImSs6fyzlb65d0tmmaLgoNJnkQFwfXjkCS3hDUPc
3HjqulLiuS3n_Fc3zFNgb1btmoEQFbKOQdR_AdyGJyQwcTkkidlfvauQ097j
gmpvUURZkR4hhl2N8vyKm9PArAQ4dWC7mfbRZUWxoCUhdhrZrewTc1ufGmvC
1gHnCNFhzdQt8.k_ddkW9JV9.uax64u3LkQ5PYzg0KHdgOE4SZB_iQg87tJf
7OibPm5c3XJtSxlMol.Tp6dOq2P0bpW58mZa8LG0UDxHCYJpugEp1NIEwkpg
t0wWhosmoQOVMkVPiUwJqMrT.6cmyLhNv_h9zf5410H6ibfz9uaZM0Rjk5tw
TLxWWTyFcJIGH_dfTqD0PV.ho5MiJ7yBeZKLGtHAKW_aqin75q_AjmDcRFtC
htXmubcJgPdiZ71TKFoKRS3PBhb3ZW8RxM7JTgJ5jn.NVTUtUDLOl1Fe3FlI
iKIJi5UkBJE_4d6iFV2a9NJPE6BYVER_O12w59SVhvMx7mF34BC1Nu9kp9KJ
a8xNTebL.GcSfwG6xuCo3pBBEHFjWjfNRlyGoEmsnY.bK4NZbhC26dDkKOAA
ZIs3WX4NqZnmCEDYY7FHKNk3NUsDhlqTPKIrC5lyNq0TnqzU7RUMeijLh8rS
4JKpCWUyW5Yqf_K73LmQ2kIf7a1u6Nas01u9gbf9xCKXgVQyQuHOn72cNsEY
KyRHB.GAhJcQfmTH.CYlJi.s_z8PGettBlmmzlt0zbrYLAlrmT10CWjNRL1n
WJWUwLBTlcS71Fullo_z6PmMe0W7P1ujdar_8Li3OkHKn8Y.Wn4vaSjMZ4Q0
D_eAjBMiVKZD80GfO_DG87fxR4Kxegp90APpCOxubU7LuDaF2TpH7dZmOAdU
PpjkGwjmdJJS7iGEjTdo4qB7f9JkWTNsLTWxJjE_95qI0LvnF8DsL..UZ3Tt
iMttfGokT2xlw4LFJ9RsVmokPOIOOo2fzjuxqrD8Nn_AsN6x_5RVn3x0t0qM
02Mnr0scIcPnvUG6vw–
X-Originating-IP: [xxx.xxx.xxx.xxx]
Authentication-Results: mta1208.mail.sg3.yahoo.com from=example.com; domainkeys=neutral (no sig); from=example.com; dkim=pass (ok)
Received: from 127.0.0.1 (EHLO example.com) (xxx.xxx.xxx.xxx)
by mta1208.mail.sg3.yahoo.com with SMTPS; Tue, 11 Aug 2015 03:42:14 +0000
Received: from localhost (localhost [127.0.0.1])
by example.com (Postfix) with ESMTP id B5CF1A42E6
for ; Tue, 11 Aug 2015 03:42:08 +0000 (UTC)
Received: from example.com ([127.0.0.1])
by localhost (example.com [127.0.0.1]) (amavisd-new, port 10032)
with ESMTP id 4lyY0M28IxPX for ;
Tue, 11 Aug 2015 03:42:08 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by example.com (Postfix) with ESMTP id 2D1CDA42DE
for ; Tue, 11 Aug 2015 03:42:08 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.9.2 example.com 2D1CDA42DE
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=example.com;
s=75567458-3F82-11E5-BB87-33198994C253; t=1439264528;
bh=v2hZ8tx91VhfLmGWNuPQd+4Hy7yi0KwHPNN2le9UwAQ=;
h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type;
b=jHK5gC63WMYctEe+oLQLZEz/3nZ6ticKaelP/q0iF2iMcd+RtSi9rYjtLBV4QGUJ4
geJ8LxgBnYEaMX2oONZvAZ0/sWOJqIV58qzCls462YAooa9vI4PZj+9Z0aqV5aOcSd
1IFAVC6vMRNucf1Kx4/rKCi6br5clo2qidfMIJKI=
X-Virus-Scanned: amavisd-new at example.com
Received: from example.com ([127.0.0.1])
by localhost (example.com [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id LX8xcvRVUg9j for ;
Tue, 11 Aug 2015 03:42:08 +0000 (UTC)
Received: from example.com (localhost [127.0.0.1])
by example.com (Postfix) with ESMTP id DDF3DA42D9
for ; Tue, 11 Aug 2015 03:42:07 +0000 (UTC)
Date: Tue, 11 Aug 2015 03:42:07 +0000 (UTC)
From: test mail
To: example@yahoo.co.id
Message-ID:
Subject: Test Mail From Mail Server
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=”—-=_Part_104_1482986880.1439264527638″
X-Originating-IP: [112.78.148.76]
X-Mailer: Zimbra 8.6.0_GA_1178 (ZimbraWebClient – FF39 (Win)/8.6.0_GA_1178)
Thread-Topic: Test Mail From Mail Server
Thread-Index: gX4LDdGxSGN314Gelq7lJBHrl09Qdg==
Content-Length: 563
Hi Deny,
For achieve a good reputation about email server, you should configure such as PTR, SPF, DKIM, DMARC and etc
Hi iman,
Thank you for your reply,
it looks like my IP is still fresh new and the reputation is still Green ,
so it is stil waaay to go i guess , haha
i like your website iman , it help me alot 🙂
Thank you very much
Regards
Deny
Hi Deny,
Thanks and appreciated 😀
Hi iman,
How to generate DKIM in a a single server setup with multi domain?
I have successfully generated my first domain but when i tried to generate DKIM on my second domain, I’ve got an error
Error: Failed to update LDAP: Selector selector is already in use.
Hi Ferjun,
Please using another name of selector for other domain. The selector could be custom or you can using random selector if not using -s parameter
Hi Iman,
I uses below command to generate DKIM record on my first domain.
/opt/zimbra/libexec/zmdkimkeyutil -a -d mydomain.com -s selector
How can I customize the above command or use a random selector to generate DKIM on other domain??
Sorry im a newbie..
Thanks for your help and great blog..
Hi Ferjun,
You can use domain name as selector. For example, i have domain imanudin.net and imanudin.com. I can configure DKIM for every domain like below
Selector name for every domain should be different
thanks iman it works 🙂
Hi Ahmad
I want to create tutorial moving picture like your GIF picture. How to make it?
Hi Dodi,
I am use this awesome tools : http://www.cockos.com/licecap/
Hello,
When running the command as follows
/opt/zimbra/opendkim/sbin/opendkim-testkey -d DOMAINNAME -s SELECTOR -x /opt/zimbra/conf/opendkim.conf
opendkim-testkey: ‘SELECTOR._domainkey.DOMAINNAME’ record not found
Do the DNS need to finish propagating ? Or Do I need to define DOMAINNAME in the DNS? For instance selector._domainkey.exmaple.com. ??
Hi,
You should define selector._domainkey.example.com in Public DNS so that known by other email server
how to define selector._domainkey.example.com in Public DNS so that known by other email server
Hi Irfan,
I am use cPanel as management DNS to do that 😉
Hi
how to configure multiple domain name in single zimbra mail server….
saya berhasil, namun jika multi domain bagaimana ?
Hi mas Irfan,
Untuk multi domain, lakukan hal yang sama untuk domain lainnya. Namun untuk selector tidak bisa sama (harus beda). Jika selector domain A adalah selector, maka untuk domain B bisa diset selectorB dan seterusnya
Hi iman
I create a custom selector, when I run the command, i get the following message:
[zimbra@carter ~]$ /opt/zimbra/opendkim/sbin/opendkim-testkey -d domain.cl -s dcarter -x /opt/zimbra/conf/opendkim.conf -vvv
opendkim-testkey: checking key ‘dcarter._domainkey.domain.cl’
opendkim-testkey: key missing
Thank for your help!
Cheers from Chile.
Hi Rodrigo,
I am never test opendkim like that formerly 🙂
I am usually configure DKIM in public DNS direct and check with dkimcore.org 🙂
Hi Imam,
Thanks for ur guide before. But why DomainKeys check: neutral in my server and DKIM check is pass ? This is report email from auth-results@verifier.port25.com :
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham
Where is the wrong setup?? 🙁
Hi Dhasa,
DomainKeys is old technology and replaced by DKIM. Your configuration already good and work. Please take a look difference among DomainKeys and DKIM : http://stackoverflow.com/questions/5580136/differences-between-domainkeys-vs-dkim
Selamat pagi Pak Iman:
Saya sudah konfig PTR, SPF, DKIM, DMARC, tpi ketika saya kirim email ke gmail dan yahoo selalu dianggap SPAM, kira2 masih kurang di konfig mananya ya?
ini Log dari yahoo:
X-Apparently-To: hendar_k125@yahoo.com; Tue, 01 Nov 2016 01:53:03 +0000
Return-Path:
X-YahooFilteredBulk: 119.XX.XXX.XXX
Received-SPF: pass (domain of example.org designates 119.XX.XXX.XXX as permitted sender)
X-YMailISG: zIMJEYwWLDtAKm6Yi2I6mBjaBS36OlqEVYvFtH6h9V3t6DVh
RMjxRBjN4WTwgQv.PI1pg8ZfVc5EuXBFVOPgbXu8kll2844aiJ1jVNK29H98
E34ZS5DY4nlao53SaAhfUQXJMSci58UfOn_F7mWFMDQYkWmh7trXD6WyTdXt
ZKrKeeL37kGk1VZh8_gLdppBi8v9TJ7NXRtDqglYuKrokVLMeTk0H2bh7cC.
p8X3znQ2gaFywpeEiNIeossIW9T94CMwT2sfbmuvLGsewwLyD5OM5HCsvkvl
J_9T8mVS6Pzc.99_U7G8dKKpw5EILmjH_dyiyjIAcOgBAUVxjCVfSVLRSk7k
p5Dkmn_IUtaxsN46lAUs1WzQpL12R3aDBLM8VtitUbOvf9cz7EZ8ZyA8642K
zngnD0_71PuZJafrBx0IWZIi5g3yybWbws7eo3PJD4f0aQmGWV._vzhD0KsG
38Zv8B2sp2_iRMKyTm_wG6Ql60RdVrvI9g3Ws4RFFfKSDBejayEKOv5kfdsW
aITDjf7R7WbgOSRq257xw1W.DXvid9FYhvAymMWbqAuNa9GHvDifYsd_o903
Wlwj5SnjVZ7owEU4o6QrUoOU0AImHz0Pnk3_ZLQAkdVEhnMIj4LaFNo27rUY
u6TqoWz3Qj0aYZGI1CqX2GbzYJCdoUltX7erQhSX8gdqmpYYQ1hMzO5YHq0z
lIQrgGlKIqWV1YJk3MX8uBkxwQy7cX8UXiRN5UirH948X77IXIzdxlZRefp2
NgOBgMsLfEugjUZTxwE1ZLi5kfpJYhYhLPUWjPubWTHMEINufqPJm6JLLJZI
HdggYSO5auBJjch_tOQFD7vsmNfCdeJtDieCvNjWznQsEtThxH043k5hgWsA
n16oFhDl63KafHrDd7Xrdw8sxzvPZ8gwXO3C4tynMyKN4WSRkiW8qZuRfqh9
yXFqp4JiBFc2JKfHANskiX0.4APtyIjrimL.rT4HpN7rkQDDY7wsLZp2gXcr
TbXhAUcXHzVZzcSJQOp5ZQTrzTgBeWXSKDxwf4B.HvU5BsfD7gTRLLaefy_W
gRMcDsBFdP2k2bcsMjM5mk8FopE5rlqgKxz7g7y5BnE6Hp1L6HEgEwqv1lKk
thL4eZSa3EBsxtM_LrGbsgTNElzLPPJsNj372eWE70RZSRd.kdUnm_nITr39
Br1SUDBkLhraaG3GnA5__1I63U33SR46V7gIYGiO3.a5jSyCYwgMg10.b3tS
c5w3jITLlMAC6lALVI6MKx0x9BN7HQE5zdhsuKIJe13.zyEKRBvbLpxF4QJA
fRdOkaXNsX8tVlIfvqUL3YTDomdw6eeuz8r2MBl0JDCAJgmgku2aPlEm8lVm
Duqk2ci6GY8-
X-Originating-IP: [119.XX.XXX.XXX]
Authentication-Results: mta1171.mail.ne1.yahoo.com from=example.org; domainkeys=neutral (no sig); from=example.org; dkim=pass (ok)
Received: from 127.0.0.1 (EHLO mail.example.org) (119.XX.XXX.XXX)
by mta1171.mail.ne1.yahoo.com with SMTPS; Tue, 01 Nov 2016 01:53:01 +0000
Received: from mail.example.org (localhost [127.0.0.1])
by mail.example.org (Postfix) with ESMTPS id 3B0331000C86;
Tue, 1 Nov 2016 08:52:36 +0700 (WIB)
Received: from localhost (localhost [127.0.0.1])
by mail.example.org (Postfix) with ESMTP id 17FE61000C87;
Tue, 1 Nov 2016 08:52:36 +0700 (WIB)
DKIM-Filter: OpenDKIM Filter v2.9.2 mail.example.org 17FE61000C87
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=example.org;
s=D675DDC4-9CC3-11E6-B70E-43829B4A31EA; t=1477965156;
bh=fn2VwlTlM473OcbaLLi25zwY0YOgDU9iAchLeSyq5DM=;
h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type;
b=eUp6lqHklHboM3hKyoO2zSRXf8HnVce0DxqsUP8aIrPvM5STZNigqcWEtNmZfpGiK
SsGAKejoZlrt8kaKYrggv+CLAxY2n+6TlnIkuzjZe1JLgKYi6QCf0frptjOeVD/b2p
RN6lqbmey1FkLknBVsOKZRp/9b5Agl3Zsmj1Eud8=
Received: from mail.example.org ([127.0.0.1])
by localhost (mail.example.org [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id d8-vX631jqV2; Tue, 1 Nov 2016 08:52:36 +0700 (WIB)
Received: from mail.example.org (mail.example.org [119.XX.XXX.XXX])
by mail.example.org (Postfix) with ESMTP id EC93C1000C86;
Tue, 1 Nov 2016 08:52:35 +0700 (WIB)
Date: Tue, 1 Nov 2016 08:52:35 +0700 (WIB)
From: ICT YUQBogor
To: hendar_k125@yahoo.com
Message-ID:
Subject: uncheck mail server – 1 November 2016 – 08:53 AM
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=”—-=_Part_939_1166280299.1477965155753″
X-Mailer: Zimbra 8.6.0_GA_1153 (ZimbraWebClient – FF49 (Linux)/8.6.0_GA_1153)
Thread-Topic: uncheck mail server – 1 November 2016 – 08:53 AM
Thread-Index: 36dPBmN0wmUt4EBLL4sIYVRKqpTHMg==
Content-Length: 504
——=_Part_939_1166280299.1477965155753
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
uncheck mail server – 1 November 2016 – 08:53 AM
——=_Part_939_1166280299.1477965155753
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
uncheck mail server – 1 November 2016 – 08:53 AM
——=_Part_939_1166280299.1477965155753–
hi iman i have problem with gmail. my domain cannot send to gmail..
this error msg
host gmail-smtp-in.l.google.com[74.125.68.27] said:
550-5.7.1 [60.54.116.91 12] Our system has detected that this message
is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to
Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1
https://support.google.com/mail/?p=UnsolicitedMessageError 550 5.7.1 for
more information. f17si7873152plj.199 – gsmtp (in reply to end of DATA
Hi Irwan,
I think your public IP ever spamming and blocked by Gmail. Please use another SMTP Relay few months until your public IP clean
Hi specialists
I have problem with checking DKIM Core Key Record
“This doesn’t seem to be a valid RSA public key: RSA.xs:178: OpenSSL error: bad base64 decode at blib/lib/Crypt/OpenSSL/RSA.pm (autosplit into blib/lib/auto/Crypt/OpenSSL/RSA/new_public_key.al) line 91.”
http://prntscr.com/e3t6hs
I did:
1) /opt/zimbra/libexec/zmdkimkeyutil -a -d newexample.com -s newexample
2) Checked on http://dkimcore.org/
Please help me who can!
Hi Viktor,
I think your record is not complete when check on dkimcore.org. Please carefully when checking on dkimcore.org and make sure you have been copy all records
Thanks, you are right
mail server saya sudah config dkim akan tetapi untuk pengiriman
ada relay lagi apakah dkim tetap ke detect oleh gmail ?
Hi mas Gugum,
Untuk DKIM tetap terdeteksi meskipun menggunakan Relay
Hi Imanudin,
I have 2 questions.
1- Do i need to add domain into zimbra server to generate DKIM keys? I ran /opt/zimbra/libexec/zmdkimkeyutil -a -d example.com and it said domain doesn’t exist. I need this to be done as some server will send out mail with external domain in FROM field.
2- If i have 2 servers, receiving mails from internal clients, How can i configure same key on both servers?
Thank you
Hi Imran Yousuf,
1. Yes, you need add every domain on Zimbra if want generate DKIM
2. You can copy Key from another machine. PleaSe use zmprov gd domainname to check Key on Domain
I Have configure spf dkim and dmarc and i have checked the result is passed, but while sending mail to gmail and yahoo its mark as spam, how to resolve this, i have original message below :
Delivered-To: alhafidz.ramadhan2015@gmail.com
Received: by 10.176.23.1 with SMTP id j1csp21995uaf;
Fri, 24 Mar 2017 04:14:30 -0700 (PDT)
X-Received: by 10.84.217.222 with SMTP id d30mr10429139plj.33.1490354070315;
Fri, 24 Mar 2017 04:14:30 -0700 (PDT)
Return-Path:
Received: from mail.lumajangkab.go.id (mail.lumajangkab.go.id. [182.253.66.204])
by mx.google.com with ESMTPS id m17si2408502pli.193.2017.03.24.04.14.29
for
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 24 Mar 2017 04:14:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of fendi_kurniawan@lumajangkab.go.id designates 182.253.66.204 as permitted sender) client-ip=182.253.66.204;
Authentication-Results: mx.google.com;
dkim=pass header.i=@lumajangkab.go.id;
spf=pass (google.com: domain of fendi_kurniawan@lumajangkab.go.id designates 182.253.66.204 as permitted sender) smtp.mailfrom=fendi_kurniawan@lumajangkab.go.id
Received: from localhost (localhost [127.0.0.1]) by mail.lumajangkab.go.id (Postfix) with ESMTP id 0971512E1A2A for ; Fri, 24 Mar 2017 18:14:28 +0700 (WIB)
Received: from mail.lumajangkab.go.id ([127.0.0.1]) by localhost (mail.lumajangkab.go.id [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id oqve2V0Jg4-W for ; Fri, 24 Mar 2017 18:14:26 +0700 (WIB)
Received: from localhost (localhost [127.0.0.1]) by mail.lumajangkab.go.id (Postfix) with ESMTP id 6BE2712E1A57 for ; Fri, 24 Mar 2017 18:14:26 +0700 (WIB)
DKIM-Filter: OpenDKIM Filter v2.9.0 mail.lumajangkab.go.id 6BE2712E1A57
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lumajangkab.go.id; s=88C0D3D6-75FB-11E4-A8DF-35BB24C30973; t=1490354066; bh=PgiHVolGPmw/nHTyx4M03pvaWqArocVItkLijp2KXDg=; h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type:
Content-Transfer-Encoding; b=BQY3pAP+vLEZ24rbIgBVM4njulMorDQ/uyx558K4ijaJL0KGqMb3rFEAxjp5sCWfn
KoRv8J8kxG0qss5wi7GUGZiqUJA8HNh6ShuwE5TwLtfB/pKY3aDmJr10dRSiuYNUOo
rMxdSOYAcQ6gIoxlHfrhM/0mPyVwYdXxpLN1ii8Q=
X-Virus-Scanned: amavisd-new at mail.lumajangkab.go.id
Received: from mail.lumajangkab.go.id ([127.0.0.1]) by localhost (mail.lumajangkab.go.id [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id bbywAxGXuPBg for ; Fri, 24 Mar 2017 18:14:26 +0700 (WIB)
Received: from mail.lumajangkab.go.id (mail.lumajangkab.go.id [182.253.66.204]) by mail.lumajangkab.go.id (Postfix) with ESMTP id 43C2612E1A2A for ; Fri, 24 Mar 2017 18:14:26 +0700 (WIB)
Date: Fri, 24 Mar 2017 18:14:26 +0700 (WIB)
From: Fendi Kurniawan
To: alhafidz.ramadhan2015@gmail.com
Message-ID:
Subject: tes lagi ya
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: [117.102.66.48]
X-Mailer: Zimbra 8.0.7_GA_6021 (ZimbraWebClient – FF52 (Win)/8.0.7_GA_6021)
Thread-Topic: tes lagi ya
Thread-Index: AzUDxLzhiKBYv1A1LkGMtxc7SaGwfg==
——————————————————-
Warm Regards,
Hi Fendi Kurniawan,
You need waiting until your domain eligible. The new domain or formerly perform spamming into internet usually need more time to get passed and trust by another domain
Ok, Thank you
hi,
I have 2 mtas and already generate DKIM keys on mta1, using this command:
/opt/zimbra/libexec/zmdkimkeyutil -a -d example.com
Do I need to generate the key on 2nd mta (same domain)? or
Can I use the same generated DKIM for the 2nd mta? If yes how do I configure on the 2nd mta?
Tq.
Hi Nur,
No, you didn’t. DKIM records have been integrated with LDAP. So, you can generate on any MTA just once
Hi Iman,
Thanks for replying.
Mail outgoing from mta2 tested using dkimvalidator.com show
no DKIM signature while mail outgoing from mta1 does have DKIM signature.
I noticed that opendkim service is not running on mta2 and it doesn’t have opendkim.conf file.
Should I copy opendkim.conf from mta1? How do I make opendkim service running on mta2?
Thanks.
Hi Nur,
Please make sure opendkim service is running. You can try to enable by performing below command
Hi Iman,
Really appreciate ur help. Now the 2nd MTA has DKIM signature when tested using dkimvalidator.com
Thanks.
Hi Iman,
I need add DKIM records as your article I went http://dkimcore.org/c/keycheck i am getting error
There is a parsing error at character 410 (‘ ‘)
And
This doesn’t seem to be a valid RSA public key: RSA.xs:178: OpenSSL error: bad base64 decode at blib/lib/Crypt/OpenSSL/RSA.pm (autosplit into blib/lib/auto/Crypt/OpenSSL/RSA/new_public_key.al) line 91.
Hello Iman,
using your doc, we were able to generate 2048 bits DKIM keys and it worked fine, but Domain providers like Namecheap only allows 1024 bit keys, I need your help in
1. how to convert existing 2048bit Keys to 1024 bit.
2. how to create multiple keys for same domain uisng zmdkimkeyutil having different bits.
Waiting a response, thanks in advance…
Hi Tijo,
You can use 2 methods :
1. you can use -b options when generate. -b 1024 to generate become 1024 bit
2. you can change value 2048 into 1024 on zmdkimkeyutil file
I think you cannot have multiple keys for the same domain
Hi Imam, My dkim tes is error This is not a good DKIM key record. You should fix the errors shown in red when I checked with published DKIM Core Key in dkimcore.org. I already added in cpanel. Can you suggest to me what step must be check
Hi Ari,
You should paste the key into DKIM Core Key Record and make sure all have been correct. You can see example configuration in the GIF format on the bottom article
This is a valid DKIM key record, when paste the key into DKIm core key.The problem is when the valid key paste into cpanel and check published dkim core key still “DNS query failed for ‘0C23ACF2-4444……..(my selector)”thanks
Hi Ari,
Could you please info to me what your selector and domain name? so that i can check your DKIM
hello iman,
we setup the dkim a while ago and it was working fine , but suddendly we’re having logs like this
May 9 11:18:56 mail amavis[14202]: (14202-11) dkim: FAILED Author+Sender+MailFrom signature by d=domain, From: , a=rsa-sha256, c=relaxed/relaxed, s=BA2F693A-536C-11E8-A05B-E082684463FB, i=@domain, ORIG [127.0.0.1]:37910, invalid (public key: not available)
when a user sends a mail internaly or extenaly we have this logs.
we’ve updated the dkim and the logs persist. and when we remove the dkim the logs disapear.
what we’re missing.
thanks.
Hi,
If you have internal DNS on your Zimbra, please try to add DKIM records into your DNS (internal DNS)
Dear, I am writing to you because it already brings me a head that should be simple, but I have not yet been able to implement it, it is dkim, I know I am crashing into something simple, could you help me see where I might have the error, tell me I sent you here to do the tests, in dkim core we are ok, but when the test in my zimbra throws a record not found, I’m almost sure that the error I have in my server dns centos 6 with bind, give me A hand to know what may be happening. thank you very much. greetings from Chile.
Hi Arturo Jara,
Could you share what have been you do to getting DKIM works? so that i can help you where you should improve
hai mas iman
mau tanya bisa g signature digunakan double dari zimbra dan google apps,
kebetulan saya mengimplementasikan zimbra dan google apps dgn domain yg sama.
Hi mas Wahyu,
Untuk records DKIM bisa banyak mas. Namun untuk records SPF hanya boleh satu
There is a way to export the dkim to another server for migration
Hello Atmane,
Yes, you can. You can copy all data from domain attribute (DKIMKey, DKIMPublicKey, DKIMSelector). You can view with zmprov gd command
Dear Iman, I’ve followed all your steps and DKIM for incoming mails is working through OpenDKIM.
But the problem is I get always this type of error:
dkim: FAILED Author+Sender+MailFrom signature by d=gmail.com, From: , a=rsa-sha256, c=relaxed/relaxed, s=20161025, i=@gmail.com, invalid (public key: DNS error: no nameservers)
I confirm I have DNS resolution from my Zimbra server.
What could be the problem?
Thanks a lot !!!
Hello Alex,
Please verify from your side about resolver
Hi Iman,
Thanks for this valuable blog.
I have created the DKIM key in cpanel and validate it. But when sent an email to gmail, its now showing the “signed by” in gmail and emails are going to spam folder. Can you please help ?
Thanks,
Ritz
Hi Ritz,
DNS needs propagation until new records known by all DNS servers. So, you can check 2 days later
Hi Iman,
I had waited for 4 days but still the DKIM key was failed. Later I checked and found that I have configured the dnsmasq . I have added the DKIM key in dnsmasq and waited for 3-4 hours. It works.
Thanks,
Ritesh
Hi Ritz,
Glad to hear that
Salam Iman,
I created DKIm according to your tutorial but i didnt not use ” -s selector” at the end of the command. what can i use as the selector?
all domains are failing DKIm test.
I have several domains on the sever. is it possible to delete the existing dkim and re set it on the server?
thanks
Hi Javid,
If you do not use -s, the selector name will be random. You can check your selector name by -q -d yourdomain. You can also delete existing DKIM with -r -d yourdomain commands
Hi Iman!
My name is Rogério Muhate
Your guides are so nice to follow, I have installed and configured Zimbra using them and it is running up to now since 2018.
I am getting some issues with my DKIM, when I test it against “mail-tester.com” it gives me the message: “The message has a DKIM or DK signature, but it is not necessarily valid”, how can I improve that result?
Otehr issue, today all my team received strange emails, it seems the sender has all our accounts and added some attachements, is there any way to make ClamaV to real-time scanning attachments in incoming mails?
Best wishes
Hi Rogerio Muhate,
You can follow this article to configure openDKIM on your Zimbra server. Regarding attachments, please try to update the ClamAV database. Maybe the virus is new
This is my generated key, cannot get a correct output from DKIM record checker. Please help
( “v=DKIM1; k=rsa; ”
“p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxeGoQw6TYNSqOb+Pj2aJWnX7KAbUMs46rCcvvITgk5oE3MoA7q2DtWOhIZbM1OnvER5BsB4W/QbDAlmpdkCJl5hlEMbRdmWvls+2/M7gXdAqdEtXl31WUrBFbphxMyQMOqRpsnrR19TAx4c0XC+NO9map+F0D3pzl5YT4yCjz9RbNAvcgQ94nIkfYoR5MuLcKAfAYuVhSjDZe”
“/ocXrE6cW9JCineij+FqIg7az3QRmJ050dklkSvmNW2D2GMxoW1mel2AGvZee9NsFnbWpjxjebU/oGfmUrwuAmtHKToxJWk8/0aY74KckJIR9KuEcuUNLboaIRcTye4j8yi4q99QIDAQAB” )
Hello Iman, do you know if there is a way to increase the score of old versions of zimbra, so that those with an invalid dkim enter SPAM?
X-Spam-Status: No, score=3.288 tagged_above=-10 required=4
tests=[BAYES_99=3.5, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001,
MISSING_HEADERS=1.021, RP_MATCHES_RCVD=-1.344, T_DKIM_INVALID=0.01]
autolearn=no
dkim=fail (2048-bit key) reason=”fail (body has been altered)”
Hello,
You can increase value T_DKIM_INVALID in salocal.cf.in [1]. Let say
score T_DKIM_INVALID 5.0
[1] https://wiki.zimbra.com/wiki/Improving_Anti-spam_system