The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DKIM not signing

Discussion in 'E-mail Discussions' started by Ryan @WebEminence, Sep 10, 2015.

  1. Ryan @WebEminence

    Joined:
    Sep 10, 2015
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chicago
    cPanel Access Level:
    Root Administrator
    I've confirmed that emails sent from my server are NOT being DKIM signed. I've read all over these forums and some say to turn on DKIM in cPanel "Email Authentication" but that seems to be for incoming mail only. I've noticed that a record is added to the DNS zone in WHM when this option is turned on though.

    BUT - when it is turned on as described above, emails are still not signed. Can you point me in the right direction for next steps to troubleshoot? I've read the documentation here but that didn't help too much. I'm assuming the PHP info there might be how I add DKIM to emails sent via forms and such.

    Thanks
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,724
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    No, enabling DKIM via the "Email Authentication" option in cPanel enables it for outgoing email. Try using a website such as http://mxtoolbox.com/dkim.aspx to see if your domain name passes the test.

    Thank you.
     
  3. Ryan @WebEminence

    Joined:
    Sep 10, 2015
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chicago
    cPanel Access Level:
    Root Administrator
    Not sure why that setting says "incoming" 3 times if it works for outgoing mail too. I've used mxtoolbox and it tests fine. The problem is - the DKIM signature is not present on outgoing email headers.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,724
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Is the DNS for this domain name handled by the cPanel server? Could you post the message header (without real domain names and IP addresses) so we can take a closer look?

    There's a thread about the confusion on the "Email Authentication" page and a reference to a case number opened to address that here:

    https://forums.cpanel.net/threads/dkim-signing-without-filtering.466601/

    Thank you.
     
  5. Ryan @WebEminence

    Joined:
    Sep 10, 2015
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chicago
    cPanel Access Level:
    Root Administrator
    Yeah, if I was in charge I would have changed that text a long time ago to:

    DKIM allows the recipient of messages to ensure they are unmodified and are from the sender from whom they claim to be. This feature enables DKIM for outgoing messages.

    It would save you all a lot of headaches and users a lot of confusion.

    I'm hoping to figure it out with my hosting company today. I'll post the headers tomorrow if I don't get it figured out and try to post an update regardless.
     
    #5 Ryan @WebEminence, Sep 10, 2015
    Last edited by a moderator: Sep 10, 2015
  6. Ryan @WebEminence

    Joined:
    Sep 10, 2015
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chicago
    cPanel Access Level:
    Root Administrator
    Here's how the headers look on a domain on my server where DKIM is enabled.
    Code:
    Delivered-To: email1@gmail.com
    Received: by 10.64.144.193 with SMTP id so1csp688762ieb;
    Wed, 9 Sep 2015 21:13:08 -0700 (PDT)
    X-Received: by 10.140.20.214 with SMTP id 80mr51222471qgj.26.1441858388497;
    Wed, 09 Sep 2015 21:13:08 -0700 (PDT)
    Return-Path: <test1@fakedomain.com>
    Received: from cpanel.domain1.com (cpanel.domain1.com. [11.22.333.444])
    by mx.google.com with ESMTPS id 79si11680821qky.115.2015.09.09.21.13.08
    for <email1@gmail.com>
    (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
    Wed, 09 Sep 2015 21:13:08 -0700 (PDT)
    Received-SPF: pass (google.com: domain of test1@fakedomain.com designates 11.22.333.444 as permitted sender) client-ip=11.22.333.444;
    Authentication-Results: mx.google.com;
    spf=pass (google.com: domain of test1@fakedomain.com designates 11.22.333.444 as permitted sender) smtp.mailfrom=test1@fakedomain.com
    Received: from localhost.localdomain ([127.0.0.1]:60979 helo=cpanel.domain1.com)
        by cpanel.domain1.com with esmtpa (Exim 4.85)
        (envelope-from <test1@fakedomain.com>)
        id 1ZZoBM-00068M-33; Wed, 09 Sep 2015 18:49:36 -0400
    MIME-Version: 1.0
    Content-Type: text/plain; charset=US-ASCII;
    format=flowed
    Content-Transfer-Encoding: 7bit
    Date: Wed, 09 Sep 2015 18:49:35 -0400
    From: test1@fakedomain.com
    To: ryan@domain1.com
    Cc: email1@gmail.com
    Subject: test
    Message-ID: <9425f099ee2abe1de561b6bd19bffebd@fakedomain.com>
    X-Sender: test1@fakedomain.com
    User-Agent: Roundcube Webmail/1.0.5
    X-OutGoing-Spam-Status: No, score=-1.0
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - cpanel.domain1.com
    X-AntiAbuse: Original Domain - gmail.com
    X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
    X-AntiAbuse: Sender Address Domain - fakedomain.com
    X-Get-Message-Sender-Via: cpanel.domain1.com: authenticated_id: test1@fakedomain.com
    X-Source:
    X-Source-Args:
    X-Source-Dir:
    X-From-Rewrite: unmodified, already matched
    
    
     
    #6 Ryan @WebEminence, Sep 10, 2015
    Last edited by a moderator: Sep 11, 2015
  7. Ryan @WebEminence

    Joined:
    Sep 10, 2015
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chicago
    cPanel Access Level:
    Root Administrator
    I found this command and running them fixed the problem and DKIM signature is now showing. Not sure why but the command works different than clicking the button in cpanel.

    /usr/local/cpanel/bin/dkim_keys_uninstall username
    /usr/local/cpanel/bin/dkim_keys_install username
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,724
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I am happy to see the issue is now resolved. It's possible there was a cache issue with the zone. Can you reproduce the issue with any additional domain names?

    Thank you.
     
  9. Ryan @WebEminence

    Joined:
    Sep 10, 2015
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chicago
    cPanel Access Level:
    Root Administrator
    I ran a command to turn on DKIM on 100+ accounts on the server and tested a few to make sure the DKIM sig was there and it was on 3-4. So I'm assuming it worked on all of them. I'm doing this because of Yahoo Google deferred emails. Hoping it helps that issue. If I have specific problems with specific accounts, I'll check the email headers for that account.
     
Loading...

Share This Page