Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

DKIM signed domain hosted by another provider?

Discussion in 'E-mail Discussion' started by CoyoteKG, Apr 15, 2018.

Tags:
  1. CoyoteKG

    CoyoteKG Registered

    Joined:
    Apr 15, 2018
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Serbia
    cPanel Access Level:
    Root Administrator
    Hello,

    we just migrated emails via imapsync from Inmotion Hosting to HostGator.
    But for now we will leave domain at Inmotion. Both servers are with cPanel installed.
    New server is with cPanel 68

    I set A and MX record to point to new server

    Under Mail Authentication DKIM and SPF are enabled.

    I found this guide
    Using DKIM & With Third Party DNS « HostGator.com Support Portal

    And did everything. Sent mail to my gmail account, found header, edited txt record on domain which is still on Inmotion.
    But when I test with mail-tester or verifier-feedback@port25.com I'm getting that DKIM is not valid, and DKIM check: permerror
    Also mxtoolbox report more syntax errors. One of them is that "v" tag can't be 1, but DKIM1

    So, by this previous guide i set record. And there is no "p" tag.
    It is something like this (from mail-tester)
    Code:
       v=1;
       a=rsa-sha256;
       q=dns/txt;
       c=relaxed/relaxed;
       d=somesite.com;
       s=default;
       h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
       bh=jtEBTnlh/aEAkbWi4QPa6XB9Q8ixWH+EtBXeEcEWpa8=;
       b=u+psPQLtiTTL0euU6skeb9+b0/NwF0YfOuq/Jde21+HV6Fk7tCK8lZcu4RKhYt9y2x6r0IvXFilEsDlMCGoOLaKC0FJIu/J0fX6x4Nt+IRS4veQBnfEjKkNy1JJ2OYp0OIFXTT08BPNt+0G/aCWVhiu3vK2/GHqUsBdjPeuVaVFCDU7iL0sYeRltPYLge13wkyl0EuaK0lpmXJu2zeKxFuM9NkzIoaw9XymXVoa/OdSxbcjVUcTnkO2NsM+PFbtMCW2jZOmWQ8aEBHRO/sou75rnsVljO5kYPlm9qYSEYRVyQJfc94t6WG+wFi/9jLxFu16m2TNL9h/0NLKrbjdmmQ==;
    
    And "b" and "bh" tags are always different with very new sent mail.

    Also, I also via ssh I found dkim public key for domain in
    /var/cpanel/domain_keys/public
    I cat file, and took public key, and edited TXT record to
    Code:
    v=DKIM1;
    k=rsa;
    p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxr1GRgLHjRg1zuyJdkdoHX78NYvVPQ1+P9Y9RK2pE2iLo8SELDvAWHNw1fQ/9Of4yEkH+wS39mx3Y8+BI+DXs27Yd6NmVYe82SDrivqNvLPvMuG/q8XUw0ydUoHzt6UwprB6R7WqPqoFS03w31SswEZR5Cg/Serv/lK7vGNyJVaRYsM1LmHPU8hIrZMFNOen+jRgP74eUJwY5SZUQqC9JOLS4lDo41KKVqlhOsAtkFGVtrpNUG6Pf4ApzoghIrnUCgZGUyLhmoOV7/t9kFC2pr8/uQCR+P0we4l+2fsYXTYI4JSk116hz9y9Nf9osvBfO9jErhlXgG0iKHWCCpDjRQIDAQAB
    
    Now mxtoolbox.com reporting that dkim record is set, but mail-tester still report that dkim is not valid, and I have only 6.9 evaluation.

    This is from mailtester report

    Code:
    The DKIM signature of your message is:
    
       v=1;
       a=rsa-sha256;
       q=dns/txt;
       c=relaxed/relaxed;
       d=somesite.com;
       s=default;
       h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
       bh=jtEBTnlh/aEAkbWi4QPa6XB9Q8ixWH+EtBXeEcEWpa8=;
       b=u+psPQLtiTTL0euU6skeb9+b0/NwF0YfOuq/Jde21+HV6Fk7tCK8lZcu4RKhYt9y2x6r0IvXFilEsDlMCGoOLaKC0FJIu/J0fX6x4Nt+IRS4veQDnfEjKkNy1JJ2OYp0OIXTK08BPNt+0G/aCWVhiu3vK2/GHqUsBdjPeuVaVFCDU7iL0sYeRltTYLge13wkyl0EuaK0lpmXJu2zeKxFuM9NkzIoaw9XygXVoa/OdSxbcjVUcTnkO2NsM+PFbMCW2jZOmWQ8aEBHRO/sou75rnsPljO5Plm9qYSEYRVyQJfc94t6WG+wFi/9jLxFu16m2TNL9h/0NLKrbjdmmQ==;
      
    Your public key is:
    
    "v=DKIM1;
    k=rsa;
    p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxr1GRgLHjRg1zuyJoHX78NYvVPQ1+P9Y9RK2pE2iLo8SELDvAWHNw1fQ/9Of4yEkH+wS39mx3Y8+BI+DXs27Yd6NmVYe82SDrivqNvLPvMuG/q8XUw0ydUoHzt6wprB6R7WqPqoFS03w31SswEZR5Cg/Serv/lK7vGyJVaRYsM1LmHPU8hIrZMFNOen+jRgP74eUJwY5SZUQqC9JOLS4lDo41KKVqlhOsAtkFGVtrpNUG6Pf4ApzoghIrnUCgZGUyLhmoOV7/t9kFC8/uQCR+P0we4l+2fsYXTYI4JSk116hz9y9Nf9osvBfO9rhlXgG0iKHWCCpDjRQIDAQAB"
    Key length: 2048bits
    
    Your DKIM signature is not valid
    
    So my emails are still not signed with "p" tag, and it is different from dkim public key for that domain.
    How to fix this problem, and have outgoing emails properly signed?
    Thx,
    Davor
     
  2. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,838
    Likes Received:
    276
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello,


    To confirm you've added the new/correct public key where DNS for the domain is hosted? (where the nameservers are pointed to)

    When you email Gmail in the headers of the message do they indicate the DKIM passed or failed?

    Thank you,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. CoyoteKG

    CoyoteKG Registered

    Joined:
    Apr 15, 2018
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Serbia
    cPanel Access Level:
    Root Administrator
    Hello,
    like I already mentioned, domain is on old provider, Inmotion. I edited DNS Zone via cPanel installed on Inmotion hosting. Nameservers are not changed.

    Also, domain zone changes are propagated. New mail server works correcty. All changes with my lot tries to edit DKIM, every time are quickly propagated, and I was able to see changes via mxtoolbox and mail-tester

    DKIM is Failed
    SPF and DMARC are passed

    Regards
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,838
    Likes Received:
    276
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello,


    Thank you for checking, I wanted to ensure that mail-tester wasn't cached to an old entry. Because both servers are cPanel servers, what is the result you get when you allow cPanel to automatically create the DKIM entry on the inmotion cPanel server? Right now based off what you're saying you're copying the public key from the new server to the old one.

    Thank you,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. CoyoteKG

    CoyoteKG Registered

    Joined:
    Apr 15, 2018
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Serbia
    cPanel Access Level:
    Root Administrator
    Hi, thank you for quick response,

    On Inmotion panel cPanel server was already created DKIM entry. I did not used it, because I supposed that new server will have another public key.

    Maybe I was understandable, but I did not copied that DKIM value from old to new, not vice versa.

    Reading Hostgator's guide I mentioned in first post, I found that the only way if domain is hosted by 3rd DNS service, there is no way to get DKIMvalue, and the only way is read header in received mail. Like I did via gmail.
    But that value is different every time when mail is sent...

    Reading your question I figured now that somehow I need to create DKIM entry? It is not enough to enable in Email Authentication pane?
    Need to say that I'm new with cPanel, until now I used Plesk only.
     
  6. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,838
    Likes Received:
    276
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello,


    The Hostgator article assumes the server is not a cPanel server. Because in your case both servers are cPanel server's I believe the DKIM record should be created on the Inmotion server. To automatically create the DKIM record you can go to cPanel>>Email>>Mail Authentication and enable DKIM (or disable then re-enable) to create the DKIM

    Please also ensure that you don't have multiple DKIM records, you might want to remove any that are present from the DNS zone file for the domain on the InMotion cPanel server prior to beginning.

    Thank you,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. CoyoteKG

    CoyoteKG Registered

    Joined:
    Apr 15, 2018
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Serbia
    cPanel Access Level:
    Root Administrator
    Hi,

    OK, so I'm wrongly guessed that mail server which sending mails, somehow signs e-mails, and that signature need to be set in domain TXT record.

    I'll try like you suggested.

    Thank you.
     
  8. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,838
    Likes Received:
    276
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello,

    The TXT record is a DNS entry so the MX server wouldn't have anything to actually do with it if the DNS isn't hosted where MX is. Please update us with the outcome!


    Thank you,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice