DKIM check not signed

m.eid

Well-Known Member
Jun 4, 2014
54
7
83
Jordan
cPanel Access Level
Root Administrator
Twitter
Hi, I am hosting my domains at CloudFlare and VPS is on Godaddy (If that useful), I've configured the spf for the domain and checked it by mail-tester.com and it gave me an authorized mail sender, while for DKIM gave me "Your message is not signed with DKIM" despite it is installed and checked by the same tester and mxtoolbox and when use default selector it gave me correct signiture, but why email tester both mail-tester.com and appmaildev.com/en/dkim gave me the same issue that the message is not signed with DKIM!!

Hope find a solution for emails don't sign with DKIM, is there any missing configuration? .. I've searched too much at google but couldn't find any solution there, thank you.
 
Last edited by a moderator:

m.eid

Well-Known Member
Jun 4, 2014
54
7
83
Jordan
cPanel Access Level
Root Administrator
Twitter
I use the default selector, and I tested DKIM record with many tools such as mxtoolbox and others, al of them returned success, here result when I tested your command

Code:
[[email protected] ~]# dig txt default._domainkey.domain.com

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> txt default._domainkey.domain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1438
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;default._domainkey.domain.com. IN TXT

;; ANSWER SECTION:
default._domainkey.domain.com. 300 IN TXT  "v=DKIM1\; k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVWSDeGG1ClQB2/0z74KotOcndDDTO02MP96msNJVoZtOXOPctvOjAAk9e+rD020iBioZdSJabakhrX348Uey/eRLHTL01elp3WPaE1G0ViOT2Ab8ANL35nUiWMNsLG2ppOzBf1dVhYLzCsZXpXdKT4ZA7tLRqZNjqdCQYMUsPGUoiSlyhiEQr7lDaXPOKp3R" "LzhtVyG/DEE9lOw0SdjXoA57CnO7sOzMeIkPuBekviCY8YzgJJN4Xcu/2AmIszTVWxDNqBxcNVbNiSQp2x+FsriAMd1FC+DQ58DdRu5eAibo3M6IRPW80Lymg8GKpnMMoF8chzd0j773+5M+NTtnwIDAQAB"

;; Query time: 15 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue May 14 02:18:58 EEST 2019
;; MSG SIZE  rcvd: 487
 
Last edited by a moderator:

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,291
313
Houston
Hi @m.eid

And when you checked this with the services that told you it wasn't signed properly was that shortly after adding it? I see no reason why the dkim signature wouldn't be recognized.
 

m.eid

Well-Known Member
Jun 4, 2014
54
7
83
Jordan
cPanel Access Level
Root Administrator
Twitter
I've checked it manually with source of email, and didn't find DKIM signature too, it is not there.
Note: DNS is hosted by CloudFlare and txt record added there as suggested in Email Deliverability section at CPanel
 

m.eid

Well-Known Member
Jun 4, 2014
54
7
83
Jordan
cPanel Access Level
Root Administrator
Twitter
Is there any required header has to be added for exim or such that? .. or is there any log file I have to check if there is an error logged?
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,291
313
Houston
There's no log file that would record this, and nothing should need to be added as far as headers are concerned with the DKIM signature.

When I query the domain, I get the TXT record for the DKIM Signature, it should be recognized when you send mail. Because this issue will be difficult to troubleshoot through the forums can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!
 

m.eid

Well-Known Member
Jun 4, 2014
54
7
83
Jordan
cPanel Access Level
Root Administrator
Twitter
It has been solved by CPanel Technical Guy, where he found in Exim configuration
send_to_smart_host:
driver = manualroute
route_list = !+local_domains example.prod.123.secureserver.net
transport = remote_smtp

the last line has to be like that
transport = dkim_remote_smtp

Don't know if it is Godaddy's faulty or what, but what is the difference?
 
Last edited by a moderator:
  • Like
Reactions: MHD REDA

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,291
313
Houston
Ahh I wouldn't have had a way to know that you were using a smarthost, I'm really glad the analyst was able to help you get it resolved.

Don't know if it is Godaddy's faulty or what, but what is the difference?
The difference between the transports? One is just doing remote smtp the other is sending with your DKIM through remote smtp - when the smarthost was setup this should have been configured to include your dkim from the beginning.
 

m.eid

Well-Known Member
Jun 4, 2014
54
7
83
Jordan
cPanel Access Level
Root Administrator
Twitter
Ahh I wouldn't have had a way to know that you were using a smarthost, I'm really glad the analyst was able to help you get it resolved.


The difference between the transports? One is just doing remote smtp the other is sending with your DKIM through remote smtp - when the smarthost was setup this should have been configured to include your dkim from the beginning.
I think it is a Godaddy faulty where they have to either mention that in their documentation, mention that with their support team when talking with them (rather than say it is a CPanel resposibility) or to include it by default so if server admin enabled it it will be attached and if not it will not affect their system.
Anyway I appreciate your effort and your great team for helping in this case, thank you so much :D
 
  • Like
Reactions: cPanelLauren

VV00Dy

Registered
Apr 22, 2020
1
4
3
Arizona
cPanel Access Level
Root Administrator
Thanks for this thread....I was having the exact same issue and caused by the exact same problem with domains running on my Godaddy dedicated server.
I spent all day yesterday trying to figure out why DKIM wasn't working despite being near certain is was configured correctly.

Simply adding "dkim_" in the correct location in the advanced exim config as shown (I'll paste it again just for SEO purposes so others can find this).

Fix for DKIM (no signature) in WHM - go to Exim Configuration Manager / Advanced / then do a browser search for the following text: "driver = manualroute" to find:

send_to_smart_host:
driver = manualroute
route_list = !+local_domains *****.secureserver.net
transport = remote_smtp

change the last line to:
transport = dkim_remote_smtp

My server was installed about a year ago.

It's nice to see all three authentications passing now for outbound emails:
dkim=pass
spf=pass
dmarc=pass

thanks again!