Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » [solved] DKIM Issue
  •  
swierzbicki

Messages: 16
Karma: -1
Send a private message to this user
Hello,

I've trouble while setting my DKIM signature.
From the admin console I can get this public key :

Record name: mail._domainkey.mydomain.com.
TXT value: v=DKIM1; p=ANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8KDzBXiAHQvf2xpBfkf
TauaGeRsOUnCnIAT8xskPadojStMV6DwnlEb5kqvqv43pE70kA4qMkCszDPFpESF
Dq4LSvINnrePfDlUpmTBPRlfwx5TX0rXmNf+l3sS5x6Su9zz7883aCzK8k7kk8/f
fszokP8hQSnkVaMIWJDbUgSdf+Uq4+VrumRE4AK3bA/TIkkU9FgcjGqFrDkoRX8E
0kdk07jm6xtstA7TH4Ol5HEaXxrKJDh2bG5G0hF+BWX5+8frTWa0bRXGj13N+oO3
CQJodWoIUj+W15cR5O2dtJdTiKiKYzRpXWnwQYkaXw5zdwcnqcsmWDddY8tyYywt
TwIDAQAB


From the console, DIG TXT mail._domainkey.mydomain.com. returns :

mail._domainkey.mydomain.com. 18974  IN      TXT     "k=rsa\; p=ANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAr8KDzBXiAHQvf2xpBfkfTauaGeRsOUnC
nIAT8xskPadojStMV6DwnlEb5kqvqv43pE70kA4qMkCszDPFpESFDq4LSvINnrePfDlUpmTBPRlfwx5T
X0rXmNf+l3sS5x6Su9zz7883aCzK8k7kk8/ffszokP8hQSnkVaMIWJDbUgSdf+Uq4+VrumRE4AK3b
A/TIkkU9" "FgcjGqFrDkoRX8E0kdk07jm6xtstA7TH4Ol5HEaXxrKJDh2bG5G0hF+BWX5+8frTWa0b
RXGj13N+oO3CQJodWoIUj+W15cR5O2dtJdTiKiKYzRpXWnwQYkaXw5zdwcnqcsmWDddY8tyYywt
TwIDAQAB"


As you can see, password are the same but kerio connect keep complains that my DKIM public key isn't found in the DNS record !

What's wrong with my config ?

[Updated on: Thu, 30 January 2014 14:42]

  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
DKIM record in DNS (that TXT value) must start with
v=DKIM1\; p=ANBgkq......

and not
k=rsa\; p=ANBg...

[Updated on: Wed, 29 January 2014 16:46]


Petr Dobry
Product Development Manager | Kerio
  •  
swierzbicki

Messages: 16
Karma: -1
Send a private message to this user
I'm using a web interface to configure the DKIM Record.

When pasting that TXT value and validating the entry, "v=DKIM1\;" is automatically replaced by "k=rsa\;" !
  •  
Kedar

Messages: 1320
Karma: 48
Send a private message to this user
In this case you must contact your registrator and ask them to fix their web interface and not modify what you are include.
  •  
swierzbicki

Messages: 16
Karma: -1
Send a private message to this user
I have modified the TXT value.

Kerio is still complaining about the key.
The only difference I see is that text value is composed with two strings see the double quote " " : could it be the problem ? Should I use a shorter key ?

mail._domainkey.mydomain.com. 18974  IN      TXT     "v=DKIM1\; p=ANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAr8KDzBXiAHQvf2xpBfkfTauaGeRsOUnC
nIAT8xskPadojStMV6DwnlEb5kqvqv43pE70kA4qMkCszDPFpESFDq4LSvINnrePfDlUpmTBPRlfwx5T
X0rXmNf+l3sS5x6Su9zz7883aCzK8k7kk8/ffszokP8hQSnkVaMIWJDbUgSdf+Uq4+VrumRE4AK3b
A/TIkkU9" "FgcjGqFrDkoRX8E0kdk07jm6xtstA7TH4Ol5HEaXxrKJDh2bG5G0hF+BWX5+8frTWa0b
RXGj13N+oO3CQJodWoIUj+W15cR5O2dtJdTiKiKYzRpXWnwQYkaXw5zdwcnqcsmWDddY8tyYywt
TwIDAQAB"

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Does it complain about DKIM key "is not valid" or "is not found"? There is a difference. Have you tried to enable DNS resolver messages in the debug log to see if your DNS is capable to retrieve TXT records over TCP?
  •  
swierzbicki

Messages: 16
Karma: -1
Send a private message to this user
I'm getting :

Quote:
The public DKIM key for this domain is invalid or doesn't match the private key


I've also tested a shorter DKIM key (1024bit). Kerio server gives me :

Record name: mail._domainkey.XXXXX.
TXT value: v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9e77D+ZnKc2ya9+7/zbkte/ts
cZ4dkqGoUAyM6vZMd0GkFnfnJfbTytuemiJ0RcI/F19LoB8Znn3CPx7Sbkd5AoUt
hJVLjqdWCpBHKNedBl+hQvTTJfqsiPGUXQ8RbDNHSl4iparOSXmvVVV/hQu/DYyq
EKF85snrp7D9UkxPkwIDAQAB


I've configured the DNS entry like this :
mail._domainkey             IN TXT    ( "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9e77D+ZnKc2ya9+7/zbkte/tscZ4dkqGoUAyM6vZMd0GkFnfnJfbTytuemiJ0RcI/F19LoB8Znn3CPx7Sbkd5AoUthJVLjqdWCpBHKNedBl+hQvTTJfqsiPGUXQ8RbDNHSl4iparOSXmvVVV/hQu/DYyqEKF85snrp7D9UkxPkwIDAQAB" )


Should the ";" escaped ? ie : "v=DKIM1; => "v=DKIM1\; ?

dig TXT mail._domainkey.XXXX gives me:

; <<>> DiG 9.7.3 <<>> TXT mail._domainkey.XXXXX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26597
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail._domainkey.XXXX.       IN      TXT

;; ANSWER SECTION:
mail._domainkey.XXXXX. 21540  IN      TXT     "v=DKIM1\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9e77D+ZnKc2ya9+7/zbkte/tscZ4dkqGoUAyM6vZMd0GkFnfnJfbTytuemiJ0RcI/F19LoB8Znn3CPx7Sbkd5AoUthJVLjqdWCpBHKNedBl+hQvTTJfqsiPGUXQ8RbDNHSl4iparOSXmvVVV/hQu/DYyqEKF85snrp7D9UkxPkwIDAQAB"

[Updated on: Thu, 30 January 2014 11:56]

  •  
swierzbicki

Messages: 16
Karma: -1
Send a private message to this user
I've got that error because of an primary domain alias taht was not correctly configured !
Primary domain DKIM check is now working (I needed to add the same DKIM key on the domain alias).

As I've understood, the private key remains the same for all domain or domain alias.

Thanks for your help

[Updated on: Thu, 30 January 2014 14:42]

Previous Topic: Missing Paperclip in Connect Client and Webclient
Next Topic: Moving data store to external drive
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 15:22:43 CET 2017

Total time taken to generate the page: 0.00504 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.