Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED Exim not adding DKIM on outgoing mail

Discussion in 'E-mail Discussion' started by chris0147, Mar 2, 2019.

Tags:
  1. chris0147

    chris0147 Well-Known Member

    Joined:
    Aug 28, 2015
    Messages:
    87
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    London
    cPanel Access Level:
    Root Administrator
    Hi all,

    I need some help with DKIM. I have setup DKIM and spf in my DNS and when I send the email, it goes to inbox but the problem I have found that there is no DKIM have been in the header as only spf.

    ==========================================================
    Summary of Results
    ==========================================================
    SPF check: pass
    "iprev" check: pass
    DKIM check: none
    SpamAssassin check: ham

    ==========================================================
    Details:
    ==========================================================

    HELO hostname: server.example.com
    Source IP: 104.128.xxx.xx
    mail-from: chris@example.com

    ----------------------------------------------------------
    SPF check details:
    ----------------------------------------------------------
    Result: pass
    ID(s) verified: smtp.mailfrom=chris@example.com



    Do you know what I need to do to fix the issue?

    Thanks in advance
     
    #1 chris0147, Mar 2, 2019
    Last edited by a moderator: Mar 2, 2019
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,325
    Likes Received:
    2,157
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @chris0147,

    Can you verify if the DNS for the affected domain is hosted on the cPanel & WHM server, or if it's hosted on a remote server? If it's hosted on a remote server, did you manually add in the DKIM TXT record? Also, what cPanel & WHM version is installed on this system?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Martin Hinrichsen

    Martin Hinrichsen Member

    Joined:
    Nov 23, 2018
    Messages:
    13
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    I had the same issue.. seems v78.0.17 turned off DKIM automatically for custom/shortened domain keys.
    In my investigation, i noticed some new and improved DKIM management. If you used to do manual keys, of shorter length "1024bit"
    For some compatibility with some DNS services, using console "openssl genrsa -out private.key 1024 or so" The key will not match c-panels auto generated key that you see in "Email Deliverability" thus disabling DKIM signing for that domain.

    Go to the respective account('s) > EmailDeliverability . There you will se that the key failed. Update your DNS DKIM records with the key provided by c-panel(remember to remove the ; at the end of the key) and run the test again(When DNS has updated). You should now get a message in the likes of something like: c-panel has found 1 domain which had DKIM disabled, even though they was valid and that it is now enabled again.(Cant remember the exact notice)

    I am not sure that shortened keys ca work with this new feature, so lets hope your provider has updated their DNS service to handle long keys. Namecheap was the one i used short keys for, and fortunately, they recently updated there max string length.

    Unfortunately, I now have to go through a ton of domains, as well as respond to angry customers who got there mail bounced, as well as wait for servers to delist our ip.

    Someone made a boo-boo ;)

    On the bright side, the new Email Deliverability manager is miles better than the old one.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,325
    Likes Received:
    2,157
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @Martin Hinrichsen,

    Could you open a support ticket so we can take a closer look at your system and review the DNS zones for any domain names that you have yet to manually fix? This will help us to determine if an internal case is needed. You can post the ticket number here and I'll link this thread to it.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Martin Hinrichsen

    Martin Hinrichsen Member

    Joined:
    Nov 23, 2018
    Messages:
    13
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    Update:
    The updated keys do not work, as the system is still using the old keys, it is just testing against a new key which is not active.
    No way to force enable DKIM regardless of status.
    System is not updating public keys in /var/cpanel/domain_keys/public/* & private/*

    possible workaround could be to manually update the keys in /var/cpanel/domain_keys/public/* with the keys in /home/"account_name"/public.key

    Support ticket opened: 11674391
     
    cPanelMichael likes this.
  6. RalphOtowo

    RalphOtowo Member

    Joined:
    Jan 14, 2019
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Nigeria
    cPanel Access Level:
    Root Administrator
    Hi,

    I have the same issue. After a cPanel/WHM update, emails no longer appear to include DKIM when being sent.

    @Martin Hinrichsen, your response was very helpful. Have you managed to fix this?
     
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,325
    Likes Received:
    2,157
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @RalphOtowo,

    Did you manually create the DKIM keys for the domains on the affected system? Or, were these all DKIM keys generated directly through cPanel & WHM? If you created them manually, can you share the specific steps you took?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Martin Hinrichsen

    Martin Hinrichsen Member

    Joined:
    Nov 23, 2018
    Messages:
    13
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    Sorry for the late reply. Did not see a notice anywhere.. But yes, I fixed it by simply deleting all my keys in the /var/cpanel/domain_keys/public/ Using the deliverability manager to generate new keys, and updating all the domains DNS manually.

    It was a bit of a pain, not to mention that I lost my mitigation with hotmail/outlook and I am now again in the painful process of getting de-listed by microsoft.

    But the new system is way easier to go about.
     
  9. Fluxan

    Fluxan Registered

    Joined:
    Apr 2, 2019
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Having the same issue after our system updated to v78.0.20. DKIM signatures missing from outgoing mail.

    DKIM signatures and DMARC verification was working perfectly before the update 2 days ago (had previously been configured using Cpanel/WHM, no custom or manual mods). Just noticed the last 2 dmarc reports showed DKIM failures. After running test messages, none of our domains or client domains are adding DKIM Signatures to outgoing messages. The Deliverability panel claimed everything valid and properly configured. Everything is controlled by WHM/Cpanel.

    I've now manually deleted the previous keys and regenerated them using the Email Deliverability manager. WHM/Cpanel manages the DNS and appears to have updated the txt records correctly, but still there are no DKIM Signatures being added to outgoing mail for any domains. Spf, ptr, and dmarc all are valid and working.

    Not sure what else to try at this point. Is there a way to manually force the headers?

    Thought I would chime in since this is a sudden and apparently non-isolated issue associated with the latest WHM 'LTS' update.
     
  10. Fluxan

    Fluxan Registered

    Joined:
    Apr 2, 2019
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    After further testing, exim.conf is not properly detecting the condition under dkim_lookuphost:

    condition = "${perl{sender_domain_can_dkim_sign}}"

    If this condition is manually commented out in exim.conf, everything gets signed and authenticated properly. The previous version did not use this condition, instead it verified that a key existed for the sender domain.

    Not an ideal fix, but it at least patches things temporarily.

    Final update for anyone having a similar issue, exim.pl.local was the culprit, patched it to include the new perl function and all is good now!
     
    #10 Fluxan, Apr 19, 2019
    Last edited: Apr 19, 2019
  11. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,325
    Likes Received:
    2,157
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @Fluxan,

    The workaround you provided should not be required in order for DKIM to function properly. Can you open a support ticket so we can take a closer look at your system to see why it's not working when that workaround is disabled? You can post the ticket number here and we'll link this thread to it.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice