DKIM Not Working for all Domains

Discussion in 'ISPConfig 3 Priority Support' started by LinuxPete, Nov 1, 2017.

  1. LinuxPete

    LinuxPete Member

    I'm trying to get DKIM working for 3 of the domains on my server.
    Two of the domains added at the Email Dialog has a "DKIM Private-Key" generated, a DNS-Record created, I can find the DKIM record automatically created in the DNS area. I've also tried the resync tool to make sure the dns and email domain records where up to date.
    When I looked in the ISPConfig log, I found numerous warnings:
    31.10.2017-11:30 - WARNING - Falsche Anfrage / Wrong QuerySQL-Query = SELECT count(syslog_id) as number FROM sys_log WHERE datalog_id = '356' AND loglevel = 2 -> 2006 (MySQL server has gone away)
    With this at the very end of the log:
    31.10.2017-12:13 - WARNING - DNSSEC ERROR: We are low on entropy. Not generating new Keys for Please consider installing package haveged.
    However, cat /proc/sys/kernel/random/entropy_avail returns 3279 (not sure if that is enough)

    I checked the mariadb.log and it appears be going down and restarting for some reason:
    71030 13:55:29 [Note] Event Scheduler: Purging the queue. 0 events
    171030 13:55:29 InnoDB: Starting shutdown...
    171030 13:55:33 InnoDB: Shutdown completed; log sequence number 2616683
    171030 13:55:33 [Note] /usr/libexec/mysqld: Shutdown complete

    171030 13:55:33 mysqld_safe mysqld from pid file /var/run/mariadb/ ended
    171030 13:56:47 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
    171030 13:56:51 [Note] /usr/libexec/mysqld (mysqld 5.5.56-MariaDB) starting as process 1772 ...
    171030 13:56:52 InnoDB: The InnoDB memory heap is disabled
    171030 13:56:52 InnoDB: Mutexes and rw_locks use GCC atomic builtins
    171030 13:56:52 InnoDB: Compressed tables use zlib 1.2.7
    171030 13:56:52 InnoDB: Using Linux native AIO
    171030 13:56:52 InnoDB: Initializing buffer pool, size = 128.0M
    171030 13:56:52 InnoDB: Completed initialization of buffer pool
    171030 13:56:52 InnoDB: highest supported file format is Barracuda.
    171030 13:56:54 InnoDB: Waiting for the background threads to start
    Can I change the server name from one of the domains that do have correct DNS and do a copy and paste?
    If not, can you give me some insight as to how to approach this problem?

    My system is a Centos 7, with ISPConfig 3.1.7p1, created from perfect-server-centos-7-x86_64-nginx-dovecot-ispconfig-3" tutorial.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Your server ahs net enough entropy to create Dkim keys. Install the 'haveged' softeare daemon and start it.
  3. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    Neither DKIM uses haveged nor needs "more" enthropy. You problem is dnssec for your dns-zone. Disabel dnssec or install haveged
    till likes this.
  4. LinuxPete

    LinuxPete Member

    Sorry for the length of time returning to this. Sometimes seems like I'm fighting one fire to another. I checked all my sites and none are use DNSSEC. But I did install haveged.
    This did not solve the problem. But thanks.
  5. LinuxPete

    LinuxPete Member

    I do believe my problems may be in that when I try to set my DNS records up in Godaddy for DKIM some of the information for the key is cut off.
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    You can set the encryption parameters under System > Server config, try to use 'DKIM strength' = weak to get a smaller key.
  7. LinuxPete

    LinuxPete Member

    Hi Till, let's close this one.
    Thanks for your help.

Share This Page