Help with DKIM setup on multiple domains

Mike Keller

Registered
Apr 3, 2019
4
0
1
Castro Valley, CA
cPanel Access Level
Root Administrator
Hi there,

Sorry this is long,


I am having trouble setting up DKIM and having it work correctly for one of my clients example.com

Here is the scenario:

I have example.com hosted at a2 on a shared hosting account.
Their dns is hosted at EasyDns
I have a managed VPS hosted with A2 as well.

On the managed VPS, I have an email application called example.net hosted which sends monthly newsletters to the example.com members.

I have DKIM setup for the domain example.net and emails that go out from it do indeed pass SPF and DKIM however when they arrive to a gmail or outlook address, they will have “via example.net” next to the Sender name. I am sure this is because the “From” domain does not match the sender’s domain address. (in this case [email protected]).

What I tried doing:

I added the domain example.com in cpanel on the VPS where emailapplication resides. I then went into email deliverability and generated the DKIM key.
I then went to EasyDNS and entered the DKIM record as per the instructions. You can see it setup here: Network Tools: DNS,IP,Email
I verified in cpanel that the DKIM was valid and sent a test email to my gmail address ([email protected]), and to an example.com ([email protected])address to check results. This email has the sender setup as [email protected].

The gmail address came through with passing both SPF and DKIM however it is still using the emailapplication DKIM key instead of the new one therefor still shows “via example.net” next to the Sender name.

Here are the Auth results in gmail headers:

Code:
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass [email protected] header.s=default header.b=BPovsQzJ;
spf=pass (google.com: domain of [email protected] designates xx.xx.xxx.xxx as permitted sender) [email protected]
Return-Path: <[email protected]>
Received: from example.net (example.net. [xx.xx.xxx.xxx])
by mx.google.com with ESMTPS id s187si2062947pfb.255.2019.06.12.22.54.02
for <[email protected]>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Wed, 12 Jun 2019 22:54:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates xx.xx.xxx.xxx as permitted sender) client-ip=xx.xx.xxx.xxx;
Authentication-Results: mx.google.com;
dkim=pass [email protected] header.s=default header.b=BPovsQzJ;
spf=pass (google.com: domain of [email protected] designates xx.xx.xxx.xxx as permitted sender) [email protected]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=example.net; s=default; h=Message-Id:From:Subject:Date:Reply-To:To:
The outlook email address (someu[email protected]) bounced with the following message in exim logs:

Code:
2019-06-12 22:54:02 1hbIgU-00063x-4t <= [email protected] H=(localhost) [127.0.0.1]:36734 P=esmtp S=109390 T="April Newsletter" for [email protected]
2019-06-12 22:54:02 1hbIgU-00063x-4t ** [email protected] <[email protected]> R=fail_remote_domains: The mail server could not deliver mail to [email protected]. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.
For the time being I have removed the example.com domain form the VPS because with this setup, the members that have that domain address will all bounce upon sending.

Am I doing this correctly, or is there an additional step I am missing?

Please help and let me know if you need any further details.

Thank you.

Mike Keller
 
Last edited by a moderator:

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,266
1,304
363
Houston
I don't think DKIM is the issue with this based on a couple of things:


1. This shows the DKIM passes validation:
Code:
dkim=pass [email protected] header.s=default header.b=BPovsQzJ;
2. This shows the delivery is going to a mailbox that may not exist: [email protected] - is that a valid email address?

Code:
R=fail_remote_domains: The mail server could not deliver mail to [email protected]. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.
 
Last edited by a moderator:

Mike Keller

Registered
Apr 3, 2019
4
0
1
Castro Valley, CA
cPanel Access Level
Root Administrator
I don't think DKIM is the issue with this based on a couple of things:


1. This shows the DKIM passes validation:
Code:
dkim=pass [email protected] header.s=default header.b=BPovsQzJ;
2. This shows the delivery is going to a mailbox that may not exist: [email protected] - is that a valid email address?
Code:
R=fail_remote_domains: The mail server could not deliver mail to [email protected]. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.


Thanks for replying. Fixed the bounce issue by having to set themail routing for the example.com domain on the VPS to remote.

However yes the dkim auth passes but it still is using the emailapplication dkim signature vs the example.com one. Is there any help you can give to get it to use the mycompany dkim signature when the from address is example.com?

Basically, I need to somehow tell EXIM to dynamically sign the messages depending on the From address.

Like;

If domain exists on VPS for the from domain, use that domain's DKIM sig, else use the default example.net DKIM sig.

I have been everywhere on the web looking for a solution. I believe SendGrid does this somehow but I have no idea who to contact for help.

Thank you for any help you can give.

Mike
 
Last edited by a moderator: