DKIM Signature header exists but is not valid

I have been using MIAB for year, few days ago I moved from another location.

Everything is green in my MIAB setup. But dkimvalidator showing this. How can I fix this?

1 Like

Haven’t found a solution to this so temproarily relocated my important emails to mailcow.

what I feel like is this is not being validated because of a weaker encryption algorithm.
via MIAB
d1
via MAILCOW
d2

I have been using MIAB for a year. 2 days ago I changed my datacenter from US to Manchester because of downtime from my SP.

I don’t actually remember, if I had that problem since day 1, but after changing my datacenter I tried to send an email to Gmail and it goes right into SPAM, then I started digging into it & find these.

I have not tried MailCow yet. But will try them tonight.

Possibly because of blacklisted IP? tried digging that? also, tried postmaster tools ?

I’ve tried at least 8 ip, then choose this one. I checked it against 300+ databases. It’s squeaky clean.

1 Like

My emails (despite that DKIM invalid warning) deliver to gmail 80% of the time. So I’m not really sure if that’s to blame! what does the message source/headers say? any issues there?

Everything is clean. Except this one.

As per your screenshot, MailCow also reproduce the same issue.

I don’t quite understand their responses but to my best understanding, One clearly says DKIM invalid other says at least one Valid DKIM record is present.

I think the problem appears after i migrated MIAB.

I’m getting exact same thing and have no clue about what it is supposed to be returning :frowning:

I am looking into it… :slight_smile:

1 Like

I think I’ve figured it out somewhat!

Following this: https://serverfault.com/questions/861642/opendkim-not-signing-mail
I removed refile:for the following record:
KeyTable /etc/opendkim/KeyTable
in the opendkim.conf

and after running opendkim-testkeys it all returned successfully.

@JoshData can you please once look into it if refile: is required for keytable (in which case I should revert) or is it being set like that because of some config error?

That’s good to hear, but can you run test from an external domain?

Any reference?
I’m very much clueless about it.

What I meant was test an spam score email from external domain which uses your current MIAB.

I’m getting this response when run with -vvvv parameter! is it okay?
opendkim-testkey: record 0 for ‘box.rctngl.xyz’ retrieved
opendkim-testkey: checking key ‘box.rctngl.xyz’
opendkim-testkey: key box.rctngl.xyz: OK
opendkim-testkey: key box.rctngl.xyz not secure

I want clarity on what classifies as an “external domain”
a domain for which, records are configured with external DNS
or a Domain that is configured with MIAB nameservers but is not box.rctngl.xyz | rctngl.xyz ?

Yes. This one. :stuck_out_tongue:

1 Like

Where it is located?

/etc/opendkim.conf