Dkim problems - key not valid, except it actually is

Help with Setup/Upgrade
1

Hi,
I received a report from Google that said that my dkim was not valid. I tested with mail-tester.com and it indeed says the same:
#############################################################
The DKIM signature of your message is:

v=1;
a=rsa-sha256;
c=simple/simple;
d=meatlover.dk;
s=mail;
t=1521458146;
bh=X0XivVxGr/W1rr+4Jv9xcHMzXuI2vg3vU0wxNd/WLDQ=;
h=Date:From:To:Subject:From;
b=sjSEJL5liX0ZgDigsGcMI71Lxl2LkHHQ2iIv6BrRefP2bhRpPFhgv6jKwLUIJhd3e1KogwvcojZvVUqVh9KGDhcaAs2FUoCQw8Y1JWxfAXkuiZMLGow7APoTKj3rvBzjsyO4fzFRnk20Poz9P0rFESiWmVvIcFXyEdOySzJ78Rl84KoT4FnpwTz9sZwC5VHe6MX6ercmUI5NvIJkuzuXY628B0w3LODWJ7ifE3jriumdb8bmd+1HRbzKjAIYxoTmnvhERQ19u1ioHohjuKCrArJXemu0xJiP13pzYp0UxHjl+9D4BzyerLw38XEYRNL7GAwpOp/4kvzXbLrmdNCFIA==

Your public key is:

“v=DKIM1;
k=rsa;
s=email;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+X9gMeD8CEfivBojzMDVA/qZfBJdCzoqaous7gLOcPHBlkRyUFMvCLBabvG6fmHbym1EZbs7cq0ZvfgEs95UrONRfW3dAu7ozwt52icQwzEMfGlepj6QNbRQxVnjG8hgOhniXneeGQqA97LJUrTVP766TV/3lig843MeU2eLWXOUFAVBbmrQm4w0YZD9bGDNzCvJHS+tLcnxvXODiESeM3LcWcuwgPD263HHObEKU0XS6sJ1ka6B0CvEthw8vhnoVn8fx+MK3cIo3FmfpnQ2KOLxujd9MqQieh5yD9UyG8JdsNvPtub5FmHdn2L6oIT+Dez1OsOvxF5pYL9t3c8QQIDAQAB”
Key length: 2048bits

Your DKIM signature is not valid
################################################

The dkim shown in system -> external dns for my domain is this :
mail._domainkey.meatlover.dk TXT v=DKIM1; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+X9gMeD8CEfivBojzMDVA/qZfBJdCzoqaous7gLOcPHBlkRyUFMvCLBabvG6fmHbym1EZbs7cq0ZvfgEs95UrONRfW3dAu7ozwt52icQwzEMfGlepj6QNbRQxVnjG8hgOhniXneeGQqA97LJUrTVP766TV/3lig843MeU2eLWXOUFAVBbmrQm4w0YZD9bGDNzCvJHS+tLcnxvXODiESeM3LcWcuwgPD263HHObEKU0XS6sJ1ka6B0CvEthw8vhnoVn8fx+MK3cIo3FmfpnQ2KOLxujd9MqQieh5yD9UyG8JdsNvPtub5FmHdn2L6oIT+Dez1OsOvxF5pYL9t3c8QQIDAQAB

I have cloudflare DNS in front of my miab right now but it shows matching DKIM value (it basically mirrors what I had on my miab dns).

Does anyone have an idea as to what can be wrong?
I use the webmail in miab to send the test mail in the first place so I am sure it uses the right mail server etc.

2

dkimvalidator.com gives me a “pass” which is even more strange:

DKIM Information:
DKIM Signature

Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=meatlover.dk; s=mail;
t=1521459000; bh=Lkfyz/W7l3FgNteLteuVYOEtUGVxOG5cnUj9A7EVw5U=;
h=Date:From:To:Subject:From;
b=dKKdbKXXMr5/Q7HhKKrAjZRNuWEioj/mlHOzVIx3BicZwJ6K37/fqz5Hl6STRRQgl
AWwIzOYUbfc42kdk86p0HozRNtzauoJDmzsU2Kva2xiR3Bc29m9FEA669SHlGMVgIi
3NyL9J45pYUMpxVy8Hi7zWi5c+rVox3IwG6YVUo2PnHiu9vmG9tYFChS1SMT+Ar4Dh
mz2I8sSTNgfcDjNjSRHuRaT/vcPUWQwbTDfyW/spstZ3cMilUih/l22/MQf9cyEhdm
xaZf5iO7wbIuN0P840+SnguYxVR5joK+rJA6XiNj3Uni5G0RE8+Mtpm+hWgsnvUHcJ
6Eqt7tlBQrCaw==

Signature Information:
v= Version: 1
a= Algorithm: rsa-sha256
c= Method: simple/simple
d= Domain: meatlover.dk
s= Selector: mail
q= Protocol:
bh= Lkfyz/W7l3FgNteLteuVYOEtUGVxOG5cnUj9A7EVw5U=
h= Signed Headers: Date:From:To:Subject:From
b= Data: dKKdbKXXMr5/Q7HhKKrAjZRNuWEioj/mlHOzVIx3BicZwJ6K37/fqz5Hl6STRRQgl
AWwIzOYUbfc42kdk86p0HozRNtzauoJDmzsU2Kva2xiR3Bc29m9FEA669SHlGMVgIi
3NyL9J45pYUMpxVy8Hi7zWi5c+rVox3IwG6YVUo2PnHiu9vmG9tYFChS1SMT+Ar4Dh
mz2I8sSTNgfcDjNjSRHuRaT/vcPUWQwbTDfyW/spstZ3cMilUih/l22/MQf9cyEhdm
xaZf5iO7wbIuN0P840+SnguYxVR5joK+rJA6XiNj3Uni5G0RE8+Mtpm+hWgsnvUHcJ
6Eqt7tlBQrCaw==
Public Key DNS Lookup

Building DNS Query for mail._domainkey.meatlover.dk
Retrieved this publickey from DNS: v=DKIM1; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+X9gMeD8CEfivBojzMDVA/qZfBJdCzoqaous7gLOcPHBlkRyUFMvCLBabvG6fmHbym1EZbs7cq0ZvfgEs95UrONRfW3dAu7ozwt52icQwzEMfGlepj6QNbRQxVnjG8hgOhniXneeGQqA97LJUrTVP766TV/3lig843MeU2eLWXOUFAVBbmrQm4w" "0YZD9bGDNzCvJHS+tLcnxvXODiESeM3LcWcuwgPD263HHObEKU0XS6sJ1ka6B0CvEthw8vhnoVn8fx+MK3cIo3FmfpnQ2KOLxujd9MqQieh5yD9UyG8JdsNvPtub5FmHdn2L6oIT+Dez1OsOvxF5pYL9t3c8QQIDAQAB
Validating Signature

result = pass
Details:

3

So replying to myself here. Turned out that cloudflare had for some reason added the domainkey twice and that caused the problems for some checks (including gmail). Removed one and then it seems to pass perfectly

4

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.