Here is an example of how I do DKIM using the qmailtoaster and Bind
(signconf.xml snip, key file - 1024 length, bind record). All my keys pass.
---------------------------------------------------------------------------
signconf.xml (I have many domains plus a wildcard)
<dkimsign>
<xyz.com domain="xyz.com"
keyfile="/var/qmail/control/dkim/key.xyz.com" selector="dkim2">
<types id="dkim" />
</xyz.com>
</dkimsign>
---------------------------------------------------------------------------
key.xyz.com...
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDGSsMhdEd1OQ5X3HNS4DIox7NmKhNsexYdIcHa8qiV8+sAYVs0
LOl55hCbPz3QH/C0Rfn9+CeuxfUgz0xd0bBPVmHztMxgBIlMoNI9BCaQRO3Fg+1P
NurMdLoVnafoFtHZQLVN87srfsgU+wZfKLbjBlnY9aTPklp6EKvRFKi2UQIDAQAB
AoGAdSKQ5mBEHhEYUfqd/WUG/GQLq9xLIRgM1iSs2WPjBsHSHqVkNQwa17F6Ods/
7oQPss5rgQVom6vAxCLw37MQzKLutDgxpunjDSquyrachrbqkzkYncJ1M6vxDzRo
TvwXyaTo0L1vf38Bj7kLJPRAYNvu5OrCVeVPjP+23abCyAECQQDi0WVPGuCyqJ8T
/Zwdsyr5XFs0QeH5ChMBFd2coAFWk1DYYbQ+UdTlOjGhKY5/G5KPg0mBSVD2kiDt
pBhHk9sRAkEA383SKDybFSJz+41ZRsm/VgHlBEYduYpMBNlnJGKQZqo6MGuvkXa+
EgP4ks3zMo7V6uQLYHi+jf4Nu05PFNanQQJAEEe3XdYwCqLPyD+L1RXnH77hTP7t
mVJ/yrQnE/boIa6xPtbEeTSmc02aAldZQwZXnrVtsTnx9cDHXEdK9thGAQJBAJl0
3loanFfUhOSCWinQofKOYAMbNLyJGHDmxPNM5iiPJlEXNY4vdkqSEHpQ3yXWjNV/
wlFG2ZoxDidVnaHzQUECQQDOUWkGlJyf9MtWbcOJfptkD6PJAyurRwoR+yx47pOf
/D54/kdu560427whMoscGoRudG3jY4idOOy5eh5kViTv
-----END RSA PRIVATE KEY-----
---------------------------------------------------------------------------
bind record...
$ttl 38400
@ IN SOA ns2.xyz.com. postmaster.xyz.com. (
1086384033
10800
3600
604800
38400
)
@ NS ns2.xyz.com.
@ NS ns1.xyz.com.
@ A 10.10.10.10
@ MX 10 mailsvr.xyz.com.
mailsvr A 10.10.10.11
ns1 A 10.10.10.1
ns2 A 10.10.10.2
www CNAME xyz.com.
@ TXT "v=spf1 mx mx:mailsvr.abc.net ~all"
@ SPF "v=spf1 mx mx:mailsvr.abc.net ~all"
dkim2 TXT (
"v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGSsMhdEd1OQ5X3HNS4DIox7Nm"
"KhNsexYdIcHa8qiV8+sAYVs0LOl55hCbPz3QH/C0Rfn9+CeuxfUgz0xd0bBPVmHz"
"tMxgBIlMoNI9BCaQRO3Fg+1PNurMdLoVnafoFtHZQLVN87srfsgU+wZfKLbjBlnY"
"9aTPklp6EKvRFKi2UQIDAQAB")
dkim2._domainkey TXT (
"v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGSsMhdEd1OQ5X3HNS4DIox7Nm"
"KhNsexYdIcHa8qiV8+sAYVs0LOl55hCbPz3QH/C0Rfn9+CeuxfUgz0xd0bBPVmHz"
"tMxgBIlMoNI9BCaQRO3Fg+1PNurMdLoVnafoFtHZQLVN87srfsgU+wZfKLbjBlnY"
"9aTPklp6EKvRFKi2UQIDAQAB")
---------------------------------------------------------------------------
On 7/19/2013 10:41 AM, Fabian Santiago wrote:
Thank you Gilbert. I had already tried that but I still get the same
result. I believe it's in the structure of my dns record, like I'm
missing quotes or something but I'm unsure. Also, power admin won't
let me add quotes to records on either end of the total string. So I'm
unsure....
Fabian s.
Sent from my Verizon Wireless 4G LTE Smartphone
-------- Original message --------
From: "Gilbert T. Gutierrez, Jr." <mailing-li...@phoenixinternet.net>
Date: 07/18/2013 1:55 PM (GMT-05:00)
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] DKIM records reported as neutral/bad
format by GMAIL
I just saw your message and I do not know if you solved it or not.
I recently had an issue with my keys and Gmail. They increased the key
length requirement and mine were being rejected because of that. Below
is an article of this.
http://blog.returnpath.com/blog/ken-takahashi/google-doubles-down-on-weak-dkim-keys-what-you-need-to-do-now-to-be-compliant
After updating my keys to a longer length, I had to wait for google to
update their cache servers so that they saw the new key. I always make
sure the key can be seen by google's servers by querying 8.8.8.8 and
8.8.4.4 for the text record. Also, I had to verify that I was using the
correct selector in my signconf.xml (I created a new selector with the
new key so that I could use the shorter key until I saw that the new key
had propagated).
Gilbert
On 7/15/2013 7:49 AM, fsanti...@garden-life.org wrote:
> Hello,
>
> I have setup DKIM signing on my qmail system using these instructions:
>
>
http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster
>
>
> It seems to be working fine (all msgs are signed in the header). Yet,
> every time I send email to a gmail address, Google reports:
>
> "dkim=neutral (bad format)"
>
> I run my own DNS using powerdns, so i have total control over my dns
> records. What should I be looking at? My DNS records look like this
> for DKIM:
>
> dkim1._domainkey.<my domain>.com
>
> k=rsa;
>
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG0GQHEGbLG0yEQvPamMxaC4uIBCC3LvMkI7JNXn7u6G4AnP2/8oCpCh1BP8JL0x4E1PGo0+3uVMahAAr1YYqVPFZSyAlS5cvfJBJv0NiZbAceLFF16Em3qP1T+Rfx/u5huqwLNMT1FEeA5w10A2K7Tl0A8zOnihH7Zx8ooWI0ewIDAQAB
>
> Thanks everyone on the list for your continued support.
>
> Fabian S.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
