Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED Error in DKIM core record

Discussion in 'E-mail Discussion' started by meeven, Jun 2, 2018.

Tags:
  1. meeven

    meeven Well-Known Member

    Joined:
    May 8, 2007
    Messages:
    132
    Likes Received:
    1
    Trophy Points:
    168
    I was checking email delivery for a new account I had set up on a cPanel VPS and found that the outgoing email sent from an email account on the VPS and received at my Gmail GSuite account showed a DKIM fail in the headers - the email landed in my GSuite spam folder as the SPF record was in place.

    Checking the DKIM core at dkimcore.org, I get the following message:

    The parsing error highlights the first quote of the record before the letter v. Also, it seems to me the record contain the public-key (p=), so it's not clear why the checker says it's not there.

    Finally, I have never understood why the DKIM keys generated in cPanel have a long string after the end quote - part in the above record that starts with 072 after the end quote and ends in QAB\;. Should I add this in the DNS record, or not?

    Any help would be appreciated very much.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,740
    Likes Received:
    1,796
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @meeven,

    Is email sent from your cPanel server relayed through another server?

    That appears to be a false positive. There's a thread on this topic, with a user-submitted workaround if you want to pass the test on that website, at:

    Example DKIM record that does not fail

    We split the DKIM record into 255-byte chunks by design. RFC 1035 specifies that character strings must be split up into chunks of 255 or fewer octets. This can lead to issues when manually pasting the DKIM record into a remote DNS server's interface. Here are a couple of threads you may find helpful to get the record added properly on a remote DNS server:

    SOLVED - Is DKIM possible if I'm not running DNS locally?
    DKIM Core Key valid when checked but not when added to DNS

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. meeven

    meeven Well-Known Member

    Joined:
    May 8, 2007
    Messages:
    132
    Likes Received:
    1
    Trophy Points:
    168
    @cPanelMichael, thank you for suggestions.

    To answer your question, the email is sent from the cPanel server, not relayed through another server.

    About the DKIM record generated by cPanel, after checking the two links you mentioned, here's what's not clear to me, yet. Sorry if I sound dense, but I hope you can clear these up for me:
    • Should I remove the second double quote from the middle of the key and add it to the end, after the \;?
    • Should I remove the space after the second double quote from the middle of the key?
    • Should I remove the trailing \ and semicolon at the end of the key?
    Here's the key I shared originally:

     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,740
    Likes Received:
    1,796
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @meeven,

    You shouldn't have to alter the DKIM record at all if the DNS for the domain is hosted by the cPanel server. The instructions on how to alter the record are only applicable if the domain name's DNS records are hosted externally and the remote DNS server does not accept the record as-is. Can you confirm if that's the case, and if so, let us know where the domain's DNS is hosted?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. meeven

    meeven Well-Known Member

    Joined:
    May 8, 2007
    Messages:
    132
    Likes Received:
    1
    Trophy Points:
    168
    Hello @cPanelMichael, the domain's DNS is hosted at Linode; some other domains have their DNS at Route53 and EasyDNS. Thanks to your links, I did a bit of testing and was able to have the DKIM keys authenticate successfully.

    To anyone else who may come across this thread, here's a summary of DKIM config on cPanel:
    • If your domain's DNS is hosted by the cPanel server, there's pretty much nothing to do. You are set if you see the DKIM check pass.
    • If your domain's DNS is hosted externally, here's what should be modified in the DKIM key generated by cPanel:
      • Remove the trailing back slash and semi-colon at the end of the key such that your key always ends with the letters QAB
      • Remove the end quote in the DKIM key generated by cPanel (occurs somewhere in the middle of the key)
      • Remove the the empty space between the end quote and the next letter
      • Copy the entire string, starting from v=DKIM and ending with QAB into the 'Value' field of the DNS TXT record. The 'Name' field of the DNS record should have 'default._domainkey' in it (without the single quotes, of course)
      • Depending upon your external DNS provider, you may need to wrap the DKIM key string within double quotes, just like cPanel or exclude the double quotes - Linode DNS manager, for example, doesn't need the double quotes and adds it behind the scene.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,740
    Likes Received:
    1,796
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @meeven,

    I'm glad to see you were able to get it sorted out. Thank you for sharing the outcome and workaround instructions.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice