[Resolved] Issue with DKIM record

Discussion in 'Installation/Configuration' started by 30uke, May 4, 2022.

  1. 30uke

    30uke Active Member HowtoForge Supporter

    Hello,
    I seem to have an issue with the generated DKIM records.
    In the example below there is text between quotes twice. Why is this? What can I do to resolve this or workaround the issue? The problem is that my service provider doesn't accept these quotes in the middle of the text string.
    Example:
    Code:
    default._domainkey.whatever.net. 3600  IN  TXT   "v=DKIM1; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8oJiztRNkgbPeNWg8lfCY1fPMFeY2QMlqbuO5Ijp7zI6x9pFbjwY6BP/wPZjEgv+D6fg6VvvpW/mliBb2ZZjcrjLEuS6wtbrIDot1gBlWfA8720z137mbyBVz/5k2CDE6e2SMxHkUJpZbBXaD""9OVMPdf3umMQ33nX/Bax0AFJfwIDAQAB"
    Note: you will find the "" characters when you look at the line from right to left.
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Just remove the quotes and whitespace between them, so the p= value is one long entry. Some providers need it formatted one way, and others need it the other way.
     
  3. 30uke

    30uke Active Member HowtoForge Supporter

    The record is accepted when I leave this part out:
    Code:
    ""9OVMPdf3umMQ33nX/Bax0AFJfwIDAQAB
    I don't understand why that last part is there? Is that part really required? I don't understand why it's there? When I look at example DKIM records, then there is one string between quotes - and there's no part at the end which is quoted separately.
     
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Strange if it works with the tail end of string removed. Are you sure about this?
    I would say, like @Jesse Norell, you need to remove the " " in the middle.
     
  5. 30uke

    30uke Active Member HowtoForge Supporter

    Thanks. I did remove the "" in the middle.
    Still don't understand why those quotes are there?
    Didn't not interpret Jesse's suggestion as explained by you. I read it like this:
    Code:
    v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8oJiztRNkgbPeNWg8lfCY1fPMFeY2QMlqbuO5Ijp7zI6x9pFbjwY6BP/wPZjEgv+D6fg6VvvpW/mliBb2ZZjcrjLEuS6wtbrIDot1gBlWfA8720z137mbyBVz/5k2CDE6e2SMxHkUJpZbBXaD""9OVMPdf3umMQ33nX/Bax0AFJfwIDAQAB
    But I think you are right and it has to be this:
    Code:
    "v=DKIM1; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoqOIZBxeZ8mLVZicWQrUqWrzxHmAMlYKU/eGclucn5QytjRnqa1jeBHFoXaAdL1ipTGtFHL9EN6KAOH4c5gKmylTkMXpCfU5w1sknf+Rtr3vINKzJ2URBPVM6LIIsZqHAIPXGE/xAn/kEsUf/ljr9LEkIVEPuUZ8LqZkh/H3KOwIDAQAB"
    The latter is being accepted by my service provider. Now I have to test it.
     
  6. 30uke

    30uke Active Member HowtoForge Supporter

    Solved: I did test DKIM by sending an e-mail to my GMail.com e-mail address. When I look into the source of the e-mail it shows a PASS for DKIM.
    Conclusion: the "" in the middle have to be removed.
    Do I have to file a bug report with regards to the quotes? Is it a problem with ISPConfig? Or is it some command that is used to generate the text string?
    Thanks all.
     
  7. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Probably file an rfe for ispconfig to be able to change the display format. You could also file a request with your DNS service to accept more formats.
     
  8. 30uke

    30uke Active Member HowtoForge Supporter

    Hello Jesse,
    I think it's the DNS service provider...

    The above situation was with regards to DNS-provider "A" (client's domain). The below is with regards to DNS-provider "B" (my own domain).

    I did test DKIM for my own domain by sending an email to my GMail account - result: not passed (surprise...). I did test it again via https://dkimvalidator.com/ and it didn't pass either...

    I did generate a new DKIM Private-Key and added the new DNS-record for my domain (removed the old one and added the new one). My own domain is registered with another provider. The form of this provider is different and it accepts the "extra" quotes. Summarising: the DNS provider for my own domain accepts the format as generated by ISPConfig.
    Next I did re-test DKIM for my own domain again and it works fine now.

    Thanks again @Jesse Norell and @Taleman for helping me.

    For others struggling with DKIM: the test service at https://dkimvalidator.com/ is very helpful (at least to me).
     
  9. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  10. 30uke

    30uke Active Member HowtoForge Supporter

  11. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Maybe even a select list for the format with the quoted and unquoted formats at the top (with better labels), then common services below that like 'dkimvalidator.com' or whatever that sets the format as needed, so people don't have to guess/trial and error.
     

Share This Page