DKIM signed domain hosted by another provider?

Hello,

we just migrated emails via imapsync from Inmotion Hosting to HostGator.
But for now we will leave domain at Inmotion. Both servers are with cPanel installed.
New server is with cPanel 68

I set A and MX record to point to new server

Under Mail Authentication DKIM and SPF are enabled.

I found this guide
Using DKIM & With Third Party DNS « HostGator.com Support Portal

And did everything. Sent mail to my gmail account, found header, edited txt record on domain which is still on Inmotion.
But when I test with mail-tester or verifier-feedback@port25.com I'm getting that DKIM is not valid, and DKIM check: permerror
Also mxtoolbox report more syntax errors. One of them is that "v" tag can't be 1, but DKIM1

So, by this previous guide i set record. And there is no "p" tag.
It is something like this (from mail-tester)

Code:

   v=1;
   a=rsa-sha256;
   q=dns/txt;
   c=relaxed/relaxed;
   d=somesite.com;
   s=default;
   h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
   bh=jtEBTnlh/aEAkbWi4QPa6XB9Q8ixWH+EtBXeEcEWpa8=;
   b=u+psPQLtiTTL0euU6skeb9+b0/NwF0YfOuq/Jde21+HV6Fk7tCK8lZcu4RKhYt9y2x6r0IvXFilEsDlMCGoOLaKC0FJIu/J0fX6x4Nt+IRS4veQBnfEjKkNy1JJ2OYp0OIFXTT08BPNt+0G/aCWVhiu3vK2/GHqUsBdjPeuVaVFCDU7iL0sYeRltPYLge13wkyl0EuaK0lpmXJu2zeKxFuM9NkzIoaw9XymXVoa/OdSxbcjVUcTnkO2NsM+PFbtMCW2jZOmWQ8aEBHRO/sou75rnsVljO5kYPlm9qYSEYRVyQJfc94t6WG+wFi/9jLxFu16m2TNL9h/0NLKrbjdmmQ==;

And "b" and "bh" tags are always different with very new sent mail.

Also, I also via ssh I found dkim public key for domain in
/var/cpanel/domain_keys/public
I cat file, and took public key, and edited TXT record to

Code:

v=DKIM1;
k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxr1GRgLHjRg1zuyJdkdoHX78NYvVPQ1+P9Y9RK2pE2iLo8SELDvAWHNw1fQ/9Of4yEkH+wS39mx3Y8+BI+DXs27Yd6NmVYe82SDrivqNvLPvMuG/q8XUw0ydUoHzt6UwprB6R7WqPqoFS03w31SswEZR5Cg/Serv/lK7vGNyJVaRYsM1LmHPU8hIrZMFNOen+jRgP74eUJwY5SZUQqC9JOLS4lDo41KKVqlhOsAtkFGVtrpNUG6Pf4ApzoghIrnUCgZGUyLhmoOV7/t9kFC2pr8/uQCR+P0we4l+2fsYXTYI4JSk116hz9y9Nf9osvBfO9jErhlXgG0iKHWCCpDjRQIDAQAB

Now mxtoolbox.com reporting that dkim record is set, but mail-tester still report that dkim is not valid, and I have only 6.9 evaluation.

This is from mailtester report

Code:

The DKIM signature of your message is:

   v=1;
   a=rsa-sha256;
   q=dns/txt;
   c=relaxed/relaxed;
   d=somesite.com;
   s=default;
   h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
   bh=jtEBTnlh/aEAkbWi4QPa6XB9Q8ixWH+EtBXeEcEWpa8=;
   b=u+psPQLtiTTL0euU6skeb9+b0/NwF0YfOuq/Jde21+HV6Fk7tCK8lZcu4RKhYt9y2x6r0IvXFilEsDlMCGoOLaKC0FJIu/J0fX6x4Nt+IRS4veQDnfEjKkNy1JJ2OYp0OIXTK08BPNt+0G/aCWVhiu3vK2/GHqUsBdjPeuVaVFCDU7iL0sYeRltTYLge13wkyl0EuaK0lpmXJu2zeKxFuM9NkzIoaw9XygXVoa/OdSxbcjVUcTnkO2NsM+PFbMCW2jZOmWQ8aEBHRO/sou75rnsPljO5Plm9qYSEYRVyQJfc94t6WG+wFi/9jLxFu16m2TNL9h/0NLKrbjdmmQ==;
  
Your public key is:

"v=DKIM1;
k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxr1GRgLHjRg1zuyJoHX78NYvVPQ1+P9Y9RK2pE2iLo8SELDvAWHNw1fQ/9Of4yEkH+wS39mx3Y8+BI+DXs27Yd6NmVYe82SDrivqNvLPvMuG/q8XUw0ydUoHzt6wprB6R7WqPqoFS03w31SswEZR5Cg/Serv/lK7vGyJVaRYsM1LmHPU8hIrZMFNOen+jRgP74eUJwY5SZUQqC9JOLS4lDo41KKVqlhOsAtkFGVtrpNUG6Pf4ApzoghIrnUCgZGUyLhmoOV7/t9kFC8/uQCR+P0we4l+2fsYXTYI4JSk116hz9y9Nf9osvBfO9rhlXgG0iKHWCCpDjRQIDAQAB"
Key length: 2048bits

Your DKIM signature is not valid

So my emails are still not signed with "p" tag, and it is different from dkim public key for that domain.
How to fix this problem, and have outgoing emails properly signed?
Thx,
Davor

 

Hello,
like I already mentioned, domain is on old provider, Inmotion. I edited DNS Zone via cPanel installed on Inmotion hosting. Nameservers are not changed.

Also, domain zone changes are propagated. New mail server works correcty. All changes with my lot tries to edit DKIM, every time are quickly propagated, and I was able to see changes via mxtoolbox and mail-tester

DKIM is Failed
SPF and DMARC are passed

Regards

 

Hi, thank you for quick response,

On Inmotion panel cPanel server was already created DKIM entry. I did not used it, because I supposed that new server will have another public key.

Maybe I was understandable, but I did not copied that DKIM value from old to new, not vice versa.

Reading Hostgator's guide I mentioned in first post, I found that the only way if domain is hosted by 3rd DNS service, there is no way to get DKIMvalue, and the only way is read header in received mail. Like I did via gmail.
But that value is different every time when mail is sent...

Reading your question I figured now that somehow I need to create DKIM entry? It is not enough to enable in Email Authentication pane?
Need to say that I'm new with cPanel, until now I used Plesk only.

 

Hi,

OK, so I'm wrongly guessed that mail server which sending mails, somehow signs e-mails, and that signature need to be set in domain TXT record.

I'll try like you suggested.

Thank you.