I am pretty sure you have something miss-configured. 

I have this working but you also need to see if you have the default correct. I 
will share what I have done and I know it works since I have done it in 2 
servers now.

Remo 

> On Jan 22, 2019, at 03:36, Leonardo Porto <leonardo.po...@iw.net.br> wrote:
> 
> Bingo.
> 
> This machine was using my authoritative slave and for some reason it did not 
> update the zone yet.
> I changed the resolver then:
> 
> opendkim-testkey: checking key 'dkim1._domainkey.iwtelecom.com.br'
> opendkim-testkey: key OK
> 
> But I found something else: when I send a message the destination server is 
> not checking my sender's domain key, it is checking my server's hostname 
> instead, wich is app1.iw.net.br.
> 
> So I had to create to more records: dkim1._domainkey.iw.net.br and 
> dkim1._domainkey.app1.iw.net.br
> 
> Now Gmail says DKIM is ok: 
> 
> DKIM:    'PASS' com o domínio app1.iw.net.br
> 
> 
> 
> Em 21/01/2019 20:47, Eric Broch escreveu:
>> I figured it out at least on my host as to why one would get 'record not 
>> found'.
>> 
>> My mail host has entry in resolv.conf 'nameserver 127.0.0.1'
>> 
>> I have named config file for my domain to resolve to this mail host, 
>> 192.168.x.x
>> 
>> running 
>> 
>> # opendkim-testkey -vvv -d whitehorsetc.com  -k 
>> /var/qmail/control/dkim/whitehorsetc.com.key -s dkim1
>> 
>> yields 'record not found'
>> 
>> when I change resolv.conf to external nameserver (8.8.8.8)
>> 
>> # opendkim-testkey -vvv -d whitehorsetc.com  -k 
>> /var/qmail/control/dkim/whitehorsetc.com.key -s dkim1
>> 
>> yields 'key OK'
>> 
>> You must add a TXT record to whichever DNS server your mail host is using.
>> 
>> On 1/21/2019 10:41 AM, Eric Broch wrote:
>>> Maybe restart your named server.
>>> 
>>> On 1/21/2019 4:58 AM, Leonardo Porto wrote:
>>>> Looks like I was checking it the wrong way, the correct is:
>>>> 
>>>> # dig dkim1._domainkey.iwtelecom.com.br TXT
>>>> ;; ANSWER SECTION:
>>>> dkim1._domainkey.iwtelecom.com.br. 86400 IN TXT "v=DKIM1\; k=rsa\; 
>>>> p=blabla...blabla"
>>>> 
>>>> Checking the key at https://dkimcore.org/tools/ 
>>>> <https://dkimcore.org/tools/> looks fine also.
>>>> 
>>>> The opendkim-testkey still shows the error though.
>>>> 
>>>> 
>>>> 
>>>> Em 17/01/2019 18:30, Leonardo Porto escreveu:
>>>>> Hi everyone,
>>>>> 
>>>>> I'm doing the DKIM step for a new server and when I test my DKIM 
>>>>> signature I receive the error:
>>>>> 
>>>>> # opendkim-testkey -vvvv -d iwtelecom.com.br  -k 
>>>>> /var/qmail/control/dkim/global.key -s dkim1
>>>>> opendkim-testkey: using default configfile /etc/opendkim.conf
>>>>> opendkim-testkey: /var/qmail/control/dkim/global.key: WARNING: unsafe 
>>>>> permissions
>>>>> opendkim-testkey: key loaded from /var/qmail/control/dkim/global.key
>>>>> opendkim-testkey: checking key 'dkim1._domainkey.iwtelecom.com.br'
>>>>> opendkim-testkey: 'dkim1._domainkey.iwtelecom.com.br' record not found
>>>>> 
>>>>> I created the record in the domain zone like bellow:
>>>>> 
>>>>> dkim1._domainkey                IN      TXT     "v=DKIM1; k=rsa; 
>>>>> p=bla...bla"
>>>>> 
>>>>> But it does not work when I try to resolve it:
>>>>> 
>>>>> dig dkim1._domainkey.iwtelecom.com.br
>>>>> 
>>>>> And it is not shown when I try:
>>>>> 
>>>>> dig +noall +answer iwtelecom.com.br any
>>>>> 
>>>>> Only the SPF record... I used the named-checkzone and everything looks 
>>>>> fine, what am I doind wrong?
>>>>> 
>>>>> 
>>>>> 
>>> -- 
>>> Eric Broch
>>> White Horse Technical Consulting (WHTC)
>> -- 
>> Eric Broch
>> White Horse Technical Consulting (WHTC)

Reply via email to