DKIM-Result: permerror (no key)

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
User avatar
sbondo1234
New user
New user
Posts: 29
Joined: 2018-12-19 21:09

DKIM-Result: permerror (no key)

Post by sbondo1234 » 2019-10-31 19:00

I'm trying to setup DKIM so that my emails are a bit more verifiable and more accepted by email servers, but I'm running into an issue and I'm pretty sure it is that my DNS settings/headers are set up a bit wrong.

I'm using this tool (https://appmaildev.com/en/dkim) to check if it is working, and it keeps coming up as no key, the same happens when I look at the header when I send an email to a Gmail address.

What the tool outputs:

Code: Select all

dkim-signature: v=1; a=rsa-sha256; d=site.com; s=dkim1;
	c=relaxed/relaxed; q=dns/txt; h=From:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
	bh=47DEQpj8HBSa+/TBmW+5JCeuQeBkm5NMpJWZGBhSuFU=;
	b=AG6yLgLyIonbDNYzyGsxZQPHYE/wyfmy7SE1caFBmX6L3aBmcbjxsHHQ1FrzuhwN5uueR3kVkuQ9ynViL0rqqpnhkcOKfAXZ952CoWdTt2OR75FbO60yU/+Bz0GqpcnJM4VQ2BwW+wFejGHoN8Qt3R6XBFwCO7FdsquHx6DwMokpGVMrBH1Q0LYPGRdU1cwli6iqL8Pv0LHbIh8ajRVZPZVpVngTu9Pf6BwHZI7U1z7/6aHK/foakYIArD
	nYZfHz3/b06awC9Jit5sShUDIgB+rs0jW0jH8gITaMo+wmy/xBIEeL6BBBGEIzszlfhHJh6b3cE6d2QS8vQh7wd/WiIA==
Signed-by: test@site.com
Expected-Body-Hash: 47DEQpj8HBSa+/TImW+5JCeuBeRkm5NMpJWZG3hSuFU=

DKIM-Result: permerror (no key)
hmserver.log:

Code: Select all

"DEBUG"	1744	"2019-10-31 16:44:12.521"	"Creating session 3154"
"TCPIP"	1744	"2019-10-31 16:44:12.521"	"TCP - 127.0.0.1 connected to 127.0.0.1:25."
"DEBUG"	1744	"2019-10-31 16:44:12.521"	"TCP connection started for session 3153"
"SMTPD"	1744	3153	"2019-10-31 16:44:12.521"	"127.0.0.1"	"SENT: 220 mail.site.com ESMTP"
"SMTPD"	8436	3153	"2019-10-31 16:44:12.537"	"127.0.0.1"	"RECEIVED: EHLO [127.0.0.1]"
"SMTPD"	8436	3153	"2019-10-31 16:44:12.537"	"127.0.0.1"	"SENT: 250-mail.site.com[nl]250-SIZE 20480000[nl]250-STARTTLS[nl]250 HELP"
"SMTPD"	6044	3153	"2019-10-31 16:44:12.568"	"127.0.0.1"	"RECEIVED: STARTTLS"
"SMTPD"	6044	3153	"2019-10-31 16:44:12.568"	"127.0.0.1"	"SENT: 220 Ready to start TLS"
"DEBUG"	8436	"2019-10-31 16:44:12.568"	"Performing SSL/TLS handshake for session 3153. Verify certificate: False"
"TCPIP"	8436	"2019-10-31 16:44:12.677"	"TCPConnection - TLS/SSL handshake completed. Session Id: 3153, Remote IP: 127.0.0.1, Version: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256, Bits: 128"
"SMTPD"	8436	3153	"2019-10-31 16:44:12.677"	"127.0.0.1"	"RECEIVED: EHLO [127.0.0.1]"
"SMTPD"	8436	3153	"2019-10-31 16:44:12.677"	"127.0.0.1"	"SENT: 250-mail.site.com[nl]250-SIZE 20480000[nl]250 HELP"
"SMTPD"	8436	3153	"2019-10-31 16:44:12.693"	"127.0.0.1"	"RECEIVED: MAIL FROM:<help@site.com> SIZE=399"
"DEBUG"	8436	"2019-10-31 16:44:12.708"	"Total spam score: 0"
"SMTPD"	8436	3153	"2019-10-31 16:44:12.771"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	6044	3153	"2019-10-31 16:44:12.771"	"127.0.0.1"	"RECEIVED: RCPT TO:<test-a32f4a6d@appmaildev.com>"
"SMTPD"	6044	3153	"2019-10-31 16:44:12.771"	"127.0.0.1"	"SENT: 250 OK"
"SMTPD"	1744	3153	"2019-10-31 16:44:12.771"	"127.0.0.1"	"RECEIVED: DATA"
"SMTPD"	1744	3153	"2019-10-31 16:44:12.771"	"127.0.0.1"	"SENT: 354 OK, send."
"DEBUG"	8436	"2019-10-31 16:44:12.771"	"Adding task AsynchronousTask to work queue Asynchronous task queue"
"DEBUG"	2708	"2019-10-31 16:44:12.787"	"Executing task AsynchronousTask in work queue Asynchronous task queue"
"DEBUG"	2708	"2019-10-31 16:44:12.787"	"Spam test: SpamTestDKIM, Score: 0"
"DEBUG"	2708	"2019-10-31 16:44:12.787"	"Total spam score: 0"
"DEBUG"	2708	"2019-10-31 16:44:12.787"	"Saving message: {87EB049C-E97D-432F-A4C3-7F2C6EDEBF7B}.eml"
"DEBUG"	2708	"2019-10-31 16:44:13.413"	"Requesting SMTPDeliveryManager to start message delivery"
"SMTPD"	2708	3153	"2019-10-31 16:44:13.413"	"127.0.0.1"	"SENT: 250 Queued (0.000 seconds)"
"SMTPD"	1744	3153	"2019-10-31 16:44:13.413"	"127.0.0.1"	"RECEIVED: QUIT"
"SMTPD"	1744	3153	"2019-10-31 16:44:13.413"	"127.0.0.1"	"SENT: 221 goodbye"
"DEBUG"	6044	"2019-10-31 16:44:13.413"	"Ending session 3153"
"DEBUG"	2956	"2019-10-31 16:44:13.429"	"Creating session 3155"
"TCPIP"	2956	"2019-10-31 16:44:13.429"	"TCP - 127.0.0.1 connected to 127.0.0.1:143."
"DEBUG"	2956	"2019-10-31 16:44:13.429"	"TCP connection started for session 3099"
"IMAPD"	2956	3099	"2019-10-31 16:44:13.429"	"127.0.0.1"	"SENT: * OK IMAPrev1"
"IMAPD"	6044	3099	"2019-10-31 16:44:13.429"	"127.0.0.1"	"RECEIVED: 1 capability"
"IMAPD"	6044	3099	"2019-10-31 16:44:13.429"	"127.0.0.1"	"SENT: * CAPABILITY IMAP4 IMAP4rev1 CHILDREN IDLE QUOTA SORT ACL STARTTLS NAMESPACE RIGHTS=texk[nl]1 OK CAPABILITY completed"
"IMAPD"	2956	3099	"2019-10-31 16:44:13.429"	"127.0.0.1"	"RECEIVED: 2 STARTTLS"
"IMAPD"	2956	3099	"2019-10-31 16:44:13.429"	"127.0.0.1"	"SENT: 2 OK Begin TLS negotiation now"
"DEBUG"	6044	"2019-10-31 16:44:13.429"	"Performing SSL/TLS handshake for session 3099. Verify certificate: False"
"DEBUG"	5204	"2019-10-31 16:44:13.522"	"Adding task DeliveryTask to work queue SMTP delivery queue"
"DEBUG"	8040	"2019-10-31 16:44:13.522"	"Executing task DeliveryTask in work queue SMTP delivery queue"
"DEBUG"	8040	"2019-10-31 16:44:13.538"	"Delivering message..."
"APPLICATION"	8040	"2019-10-31 16:44:13.538"	"SMTPDeliverer - Message 134: Delivering message from help@site.com to test-a32f4a6d@appmaildev.com. File: C:\Program Files (x86)\hMailServer\Data\{87EB049C-E97D-432F-A4C3-7F2C6EDEBF7B}.eml"
"DEBUG"	8040	"2019-10-31 16:44:13.538"	"Applying rules"
"DEBUG"	8040	"2019-10-31 16:44:13.538"	"Performing local delivery"
"DEBUG"	8040	"2019-10-31 16:44:13.538"	"Local delivery completed"
"DEBUG"	8040	"2019-10-31 16:44:13.538"	"Signing message using DKIM..."
"TCPIP"	6044	"2019-10-31 16:44:13.554"	"TCPConnection - TLS/SSL handshake completed. Session Id: 3099, Remote IP: 127.0.0.1, Version: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256, Bits: 128"
"IMAPD"	6044	3099	"2019-10-31 16:44:13.554"	"127.0.0.1"	"RECEIVED: 3 capability"
"IMAPD"	6044	3099	"2019-10-31 16:44:13.554"	"127.0.0.1"	"SENT: * CAPABILITY IMAP4 IMAP4rev1 CHILDREN IDLE QUOTA SORT ACL STARTTLS NAMESPACE RIGHTS=texk[nl]3 OK CAPABILITY completed"
"IMAPD"	1744	3099	"2019-10-31 16:44:13.554"	"127.0.0.1"	"RECEIVED: 5 login "help@site.com" ***"
"TCPIP"	8040	"2019-10-31 16:44:13.554"	"DNS MX lookup: appmaildev.com"
"TCPIP"	8040	"2019-10-31 16:44:13.569"	"DNS - MX Result: 1 IP addresses were found."
"DEBUG"	8040	"2019-10-31 16:44:13.569"	"Starting external delivery process. Server: mail.appmaildev.com (13.67.59.48), Port: 25, Security: 2, User name: "
"DEBUG"	8040	"2019-10-31 16:44:13.569"	"Creating session 3156"
"TCPIP"	8040	"2019-10-31 16:44:13.569"	"Connecting to 13.67.59.48:25..."
"IMAPD"	1744	3099	"2019-10-31 16:44:13.601"	"127.0.0.1"	"SENT: 5 OK LOGIN completed"
"IMAPD"	2956	3099	"2019-10-31 16:44:13.601"	"127.0.0.1"	"RECEIVED: 6 append "Sent" (\Seen) {399}"
"IMAPD"	2956	3099	"2019-10-31 16:44:13.601"	"127.0.0.1"	"SENT: + Ready for literal data"
"DEBUG"	1744	"2019-10-31 16:44:13.601"	"Saving message: {9EA6876F-06C4-45B8-950F-99F4551B8D2D}.eml"
"DEBUG"	6044	"2019-10-31 16:44:13.772"	"TCP connection started for session 3156"
"IMAPD"	1744	3099	"2019-10-31 16:44:13.788"	"127.0.0.1"	"SENT: 6 OK APPEND completed"
"IMAPD"	1744	3099	"2019-10-31 16:44:13.835"	"127.0.0.1"	"RECEIVED: 7 logout"
"IMAPD"	1744	3099	"2019-10-31 16:44:13.835"	"127.0.0.1"	"SENT: * BYE Have a nice day[nl]7 OK Logout completed"
"DEBUG"	6044	"2019-10-31 16:44:13.835"	"Ending session 3099"
"SMTPC"	6044	3156	"2019-10-31 16:44:13.991"	"13.67.59.48"	"RECEIVED: 220 appmaildev.com Microsoft ESMTP MAIL Service, Version: 8.5.9600.16384 ready at  Thu, 31 Oct 2019 16:44:14 +0000 "
"SMTPC"	6044	3156	"2019-10-31 16:44:13.991"	"13.67.59.48"	"SENT: EHLO mail.site.com"
"SMTPC"	8436	3156	"2019-10-31 16:44:14.210"	"13.67.59.48"	"RECEIVED: 250-appmaildev.com Hello [m.y.i.p][nl]250-TURN[nl]250-SIZE 4194304[nl]250-ETRN[nl]250-PIPELINING[nl]250-DSN[nl]250-ENHANCEDSTATUSCODES[nl]250-8bitmime[nl]250-BINARYMIME[nl]250-CHUNKING[nl]250-VRFY[nl]250-TLS[nl]250-STARTTLS[nl]250 OK"
"SMTPC"	8436	3156	"2019-10-31 16:44:14.210"	"13.67.59.48"	"SENT: STARTTLS"
"SMTPC"	8436	3156	"2019-10-31 16:44:14.413"	"13.67.59.48"	"RECEIVED: 220 2.0.0 SMTP server ready"
"DEBUG"	8436	"2019-10-31 16:44:14.429"	"Performing SSL/TLS handshake for session 3156. Verify certificate: False, Expected remote host name: mail.appmaildev.com"
"TCPIP"	8436	"2019-10-31 16:44:14.866"	"TCPConnection - TLS/SSL handshake completed. Session Id: 3156, Remote IP: 13.67.59.48, Version: TLSv1.2, Cipher: ECDHE-RSA-AES256-SHA384, Bits: 256"
"SMTPC"	8436	3156	"2019-10-31 16:44:14.866"	"13.67.59.48"	"SENT: EHLO mail.site.com"
"SMTPC"	7336	3156	"2019-10-31 16:44:15.085"	"13.67.59.48"	"RECEIVED: 250-appmaildev.com Hello [m.y.i.p][nl]250-TURN[nl]250-SIZE 4194304[nl]250-ETRN[nl]250-PIPELINING[nl]250-DSN[nl]250-ENHANCEDSTATUSCODES[nl]250-8bitmime[nl]250-BINARYMIME[nl]250-CHUNKING[nl]250-VRFY[nl]250 OK"
"SMTPC"	7336	3156	"2019-10-31 16:44:15.085"	"13.67.59.48"	"SENT: MAIL FROM:<help@site.com>"
"SMTPC"	7568	3156	"2019-10-31 16:44:15.288"	"13.67.59.48"	"RECEIVED: 250 2.1.0 help@site.com....Sender OK"
"SMTPC"	7568	3156	"2019-10-31 16:44:15.304"	"13.67.59.48"	"SENT: RCPT TO:<test-a32f4a6d@appmaildev.com>"
"SMTPC"	7336	3156	"2019-10-31 16:44:15.507"	"13.67.59.48"	"RECEIVED: 250 2.1.5 test-a32f4a6d@appmaildev.com "
"SMTPC"	7336	3156	"2019-10-31 16:44:15.507"	"13.67.59.48"	"SENT: DATA"
"SMTPC"	2956	3156	"2019-10-31 16:44:15.726"	"13.67.59.48"	"RECEIVED: 354 Start mail input; end with <CRLF>.<CRLF>"
"SMTPC"	2956	3156	"2019-10-31 16:44:15.726"	"13.67.59.48"	"SENT: [nl]."
"SMTPC"	7568	3156	"2019-10-31 16:44:16.241"	"13.67.59.48"	"RECEIVED: 250 2.6.0  <6c4bfe39-aaf8-105b-3c13-8166b5540c1c@site.com> Queued mail for delivery"
"SMTPC"	7568	3156	"2019-10-31 16:44:16.241"	"13.67.59.48"	"SENT: QUIT"
"SMTPC"	2956	3156	"2019-10-31 16:44:16.460"	"13.67.59.48"	"RECEIVED: 221 2.0.0 appmaildev.com Service closing transmission channel"
"DEBUG"	2956	"2019-10-31 16:44:16.460"	"Ending session 3156"
"DEBUG"	8040	"2019-10-31 16:44:16.460"	"External delivery process completed"
"DEBUG"	8040	"2019-10-31 16:44:16.460"	"Summarizing delivery result"
"DEBUG"	8040	"2019-10-31 16:44:16.460"	"AWStats::LogDeliverySuccess"
"DEBUG"	8040	"2019-10-31 16:44:17.054"	"Summarized delivery results"
"DEBUG"	8040	"2019-10-31 16:44:17.054"	"Deleting message"
"DEBUG"	8040	"2019-10-31 16:44:17.243"	"Deleting message file."
"APPLICATION"	8040	"2019-10-31 16:44:17.243"	"SMTPDeliverer - Message 134: Message delivery thread completed."
My TXT Record:

Name (I think this may be wrong, becuase I'm not sure if you just put plainly dkim._domainkey before the domain name):

Code: Select all

dkim._domainkey.site.com

Content:

Code: Select all

v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqQ6GERTiTa+tmqpiR01Djj952m5iUvx2NobYTQk9RL1sPbMT+XokQU/gHTP5VrfsfGkzLUvrOVZCStjT+dvCmYKydzkx6Tp0PFAUTTcEcHPmumgz+gcTTNl3YbhMm7BczQWzuYGbdP3+jnx/SP0EX2Aj7rlLNCAfgnX9feb9kOwIDAQAB

User avatar
jim.bus
Senior user
Senior user
Posts: 304
Joined: 2011-05-28 11:49
Location: US

Re: DKIM-Result: permerror (no key)

Post by jim.bus » 2019-11-01 03:35

Here is a link to a set of instructions by one of the Contributors on this Forum as to how to set up DKIM for hMailServer. It should answer your questions though it does cover the entire steps to getting a Key and the entries you need to make.

Here is the TXT Record I use for my DNS after I followed the instructions in the link below.

txt dkim._domainkey then the text data for the Key Information

https://www.hmailserver.com/forum/viewt ... 21&t=29402

User avatar
sbondo1234
New user
New user
Posts: 29
Joined: 2018-12-19 21:09

Re: DKIM-Result: permerror (no key)

Post by sbondo1234 » 2019-11-01 10:15

jim.bus wrote:
2019-11-01 03:35
Here is a link to a set of instructions by one of the Contributors on this Forum as to how to set up DKIM for hMailServer. It should answer your questions though it does cover the entire steps to getting a Key and the entries you need to make.

Here is the TXT Record I use for my DNS after I followed the instructions in the link below.

txt dkim._domainkey then the text data for the Key Information

https://www.hmailserver.com/forum/viewt ... 21&t=29402
Probably should have put this in my post, but I followed that tutorial and it's not helping with this problem.

Good to know that I have the right name for the record. Thanks.

I used this tool (from the tutorial): https://www.dnswatch.info/ - and it is showing the correct TXT record when I search for dkim._domainkey.site.com

User avatar
sbondo1234
New user
New user
Posts: 29
Joined: 2018-12-19 21:09

Re: DKIM-Result: permerror (no key)

Post by sbondo1234 » 2019-11-01 10:35

Ok, turned out that the Selector I was using in hmailserver was dkim1 not dkim.

Now I'm getting this error: DKIM-Result: fail (bad signature)

Full:

Code: Select all

dkim-signature: v=1; a=rsa-sha256; d=site.com; s=DKIM;
	c=relaxed/relaxed; q=dns/txt; h=From:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
	bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;
	b=MgAp0lpFtR/u4Cg8IYrxz22Py7kBQlphcBhplN6loWjrFGHLL9IkfG6M2sAEdUkoHVSmSjFAMtp90PmCnAVEnpB+5wooW0vzf0RKtQ7Y0z0YhmyZBcxs0raTjTPvApbhNmG5SvFrLaR1KzUh7vHdR7oQQzu1MgMaQ6oN8R5Qfv5XV4cM7cj9+ynclby0tv/WuxnIt0gjs0C39O97qqLCRCeb7hhhU7P/SFPWfLe/ta8errVw8LDSGShkcH
	G8Jrr8cNe6j60vkGPxWxpp4FchNT3qHo0Ud4e5kyfVIFD2Sfw7U6jCQS89snEvBYxKzJ6wsytgOD9d2F7iKMw4fmgmJw==
Signed-by: help@site.com
Expected-Body-Hash: 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
Public-Key: v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqQ6GERTiTa+tmqpiR01Djj952m5iUvx2NobYTQk9RL1sPbMT+XokQU/gHTP5VrfsfGkzLUvrOVZCStjT+dvCmYKydzkx6Tp0PFAUTTcEcHPmumgz+gcTTNl3YbhMm7BczQWzuYGbdP3+jnx/SP0EX2Aj7rlLNCAfgnX9feb9kOwIDAQAB;

DKIM-Result: fail (bad signature)
Can this be because my keys are 2048 bit?

User avatar
jimimaseye
Moderator
Moderator
Posts: 8175
Joined: 2011-09-08 17:48

Re: DKIM-Result: permerror (no key)

Post by jimimaseye » 2019-11-01 10:51

sbondo1234 wrote:
2019-11-01 10:15
jim.bus wrote:
2019-11-01 03:35
Here is a link to a set of instructions by one of the Contributors on this Forum as to how to set up DKIM for hMailServer.

https://www.hmailserver.com/forum/viewt ... 21&t=29402
Probably should have put this in my post, but I followed that tutorial and it's not helping with this problem.
That tutorial specifically advises to use 1024 bit due to potential problems.

Perhaps start again and follow carefully. (It has been used by many others without problem).

[Entered by mobile. Excuse my spelling.]
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jim.bus
Senior user
Senior user
Posts: 304
Joined: 2011-05-28 11:49
Location: US

Re: DKIM-Result: permerror (no key)

Post by jim.bus » 2019-11-01 12:56

jimimaseye wrote:
2019-11-01 10:51
sbondo1234 wrote:
2019-11-01 10:15
jim.bus wrote:
2019-11-01 03:35
Here is a link to a set of instructions by one of the Contributors on this Forum as to how to set up DKIM for hMailServer.

https://www.hmailserver.com/forum/viewt ... 21&t=29402
Probably should have put this in my post, but I followed that tutorial and it's not helping with this problem.
That tutorial specifically advises to use 1024 bit due to potential problems.

Perhaps start again and follow carefully. (It has been used by many others without problem).

[Entered by mobile. Excuse my spelling.]
I believe the tutorial advised that some DNS Servers don't take keys greater than 1024 and so advised to use a 1024 bit key as you would have probably less problems but in my particular case, I did manage to use a 2048 bit Key with my DNS Server. But if you don't want to waste time if it does fail then it is probably easier to just use the 1024 bit Key as the Tutorial advises.

One problem I did have though was my DNS Zone Editor didn't take the key in one copy and paste. I had to put it in in pieces plus by trial and error I had to determine what it wanted to allow me to append each piece of the key into the Text Data Field but I finally got it to accept my Key.

I, too, had difficulty with the Tutorial but it was because I didn't read it carefully enough. When I carefully followed the instructions in the Tutorial it worked perfectly. You should also make certain that your Public Key in the DNS TXT record doesn't include the Begin Public Key and End Public Key lines as indicated in the Tutorial. And your Private Key file should include the Begin Private Key and End Private key lines (be sure all the hyphens surrounding the words are in the Private Key file as they were originally created). The Public Key file placed into your DNS TXT Record should have the hyphens removed surrounding the Public Key Begin and End Public key lines.

User avatar
sbondo1234
New user
New user
Posts: 29
Joined: 2018-12-19 21:09

Re: DKIM-Result: permerror (no key)

Post by sbondo1234 » 2019-11-01 17:01

jimimaseye wrote:
2019-11-01 10:51
sbondo1234 wrote:
2019-11-01 10:15
jim.bus wrote:
2019-11-01 03:35
Here is a link to a set of instructions by one of the Contributors on this Forum as to how to set up DKIM for hMailServer.

https://www.hmailserver.com/forum/viewt ... 21&t=29402
Probably should have put this in my post, but I followed that tutorial and it's not helping with this problem.
That tutorial specifically advises to use 1024 bit due to potential problems.

Perhaps start again and follow carefully. (It has been used by many others without problem).

[Entered by mobile. Excuse my spelling.]
jim.bus wrote:
2019-11-01 12:56
jimimaseye wrote:
2019-11-01 10:51
sbondo1234 wrote:
2019-11-01 10:15


Probably should have put this in my post, but I followed that tutorial and it's not helping with this problem.
That tutorial specifically advises to use 1024 bit due to potential problems.

Perhaps start again and follow carefully. (It has been used by many others without problem).

[Entered by mobile. Excuse my spelling.]
I believe the tutorial advised that some DNS Servers don't take keys greater than 1024 and so advised to use a 1024 bit key as you would have probably less problems but in my particular case, I did manage to use a 2048 bit Key with my DNS Server. But if you don't want to waste time if it does fail then it is probably easier to just use the 1024 bit Key as the Tutorial advises.

One problem I did have though was my DNS Zone Editor didn't take the key in one copy and paste. I had to put it in in pieces plus by trial and error I had to determine what it wanted to allow me to append each piece of the key into the Text Data Field but I finally got it to accept my Key.

I, too, had difficulty with the Tutorial but it was because I didn't read it carefully enough. When I carefully followed the instructions in the Tutorial it worked perfectly. You should also make certain that your Public Key in the DNS TXT record doesn't include the Begin Public Key and End Public Key lines as indicated in the Tutorial. And your Private Key file should include the Begin Private Key and End Private key lines (be sure all the hyphens surrounding the words are in the Private Key file as they were originally created). The Public Key file placed into your DNS TXT Record should have the hyphens removed surrounding the Public Key Begin and End Public key lines.
Ah, I saw it was posted in 2016 and thought it would have been fine to use 2048 bit keys, but yeah, I was wrong..

Thanks for all the help, it is working now!

User avatar
jimimaseye
Moderator
Moderator
Posts: 8175
Joined: 2011-09-08 17:48

Re: DKIM-Result: permerror (no key)

Post by jimimaseye » 2019-11-02 00:56

You should also make certain that your Public Key in the DNS TXT record doesn't include the Begin Public Key and End Public Key lines as indicated in the Tutorial.
It clearly states the string to include is between the BEGIN and END lines.

Quote:
i, Copy the long string of characters that appear between -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY---- (highlighted in bold above) to your clipboard.
[Entered by mobile. Excuse my spelling.]
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jim.bus
Senior user
Senior user
Posts: 304
Joined: 2011-05-28 11:49
Location: US

Re: DKIM-Result: permerror (no key)

Post by jim.bus » 2019-11-02 01:03

jimimaseye wrote:
2019-11-02 00:56
You should also make certain that your Public Key in the DNS TXT record doesn't include the Begin Public Key and End Public Key lines as indicated in the Tutorial.
It clearly states the string to include is between the BEGIN and END lines.

Quote:
i, Copy the long string of characters that appear between -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY---- (highlighted in bold above) to your clipboard.
[Entered by mobile. Excuse my spelling.]
sbondo1234,

jimimaseye is also saying the same as what I posted to you about the Public Key string not including those Begin Public Key and End Public Key strings in the TXT Record.

Post Reply