DKIM Is not Working in Hestia

E.k · February 26, 2021, 8:56am

Hello,

I am having trouble setting up DMARC and DKIM on my email.

My Settings

DMARC TXT (Record) _dmarc.domain (Host) v=DMARC1; p=none; pct=100 (Value)

DKIM TXT (Record) mail._domainkey.doamin (Host) v=DKIM1; k=rsa; p=(public key) (Value)

I have DKIM and DMARC checked in the mail settings.

What I’ve tried so far

MX tools shows DMARC as not set up and MX tools email evaluator is showing as DKIM not working.
nslookup -type=txt mail._domainkey.domain / ERROR ** server can’t find mail._domainkey.domain: NXDOMAIN
Setup pem pub keys in exim, setup pub key information in value under DKIM field.

jlguerrero · February 26, 2021, 9:15am

Set an email to receive notifications and change the pct to 10% so you can test without having all your traffic rejected

DKIM should work out of the box

Wibol · February 26, 2021, 4:42pm

The only difference I see with my records is “p=quarantine” in “_dmarc”. In addition there is another text record called “_domainkey” and with the value “t=y; o=~;”.

E.k · February 27, 2021, 12:12am

It didn’t create any txt record in the DNS or public key, I had to manually do it myself.

Felix · February 28, 2021, 8:20pm

Completely remove Mail Domain (warning: this will remove any mailboxes that you may have) and create it again, making sure you check the checkbox DKIM This will create the relevant entries in DNS, provided of course that the Hestia server is an authoritative Name Server for your domain.

E.k · March 2, 2021, 1:50am

My DNS is hosted on a 3rd party. However, I tested what you said to do with a fresh install. I added a Mail Domain with DKIM checked and it did not create the record in the DNS. I have all the basic records including DMARC and SPF, but no DKIM.

pluto · March 2, 2021, 7:29am

Not sure if it will help you debug or not. This is a script I wrote to help me set up DKIM on external DNS.
cat dkim-format.sh

#!/bin/bash
if [ -z "$1" ]
then
      echo "Call script with USER DOMAIN arguments. Here are the mail domains on this server."
      for USER in $( v-list-users plain | awk '{print $1}' )
      do
	COUNTMAIL=$(v-list-mail-domains $USER plain | awk '{print $1}' | wc -l )
	if [[ "$COUNTMAIL" -gt "0" ]]; then
        for MDOMAIN in $( v-list-mail-domains $USER plain | awk '{print "  " $1}' )
        do
      	  DKIMSTATE=$(dig txt +short mail._domainkey.$MDOMAIN)
	  if [[ "$DKIMSTATE" == "" ]] ; then 
		STATEMESSAGE="No DKIM" 
	  else
		STATEMESSAGE="DKIM OK"
	  fi 
	echo -e "\t $USER \t\t $MDOMAIN \t\t $STATEMESSAGE"
	done
	fi
      done

# 
else

echo "Current record (dig +short txt mail._domainkey.$2)"
dig +short txt mail._domainkey.$2


echo ""
echo "Check that the TXT record for mail._domainkey.$2 is:"
v-list-mail-domain-dkim $1 $2 \
 | sed '1,/BEGIN PUBLIC KEY/d' | sed '/END PUBLIC KEY/d' \
 | tr -d '\n' | sed 's/.*/"v=DKIM1; k=rsa; p=&"\n/'

fi

No warranty. Use at your own risk. It was something I did for my own use.

E.k · March 3, 2021, 11:11pm

Thanks. It’s similar to how I manually set up DKIM on the server.

@Felix But it still doesn’t answer as to why a fresh install wouldn’t setup DKIM accordingly, no record or key (from what I can see) so its odd.