[SOLVED] Invalid signature of DKIM


I just installed Hestia and I’m happy with it.

However, while testing my mail server configuration with different tools, I am told that the DKIM signature is invalid.

Knowing (a little) the OpenDKIM tool, I’m looking for a little (because no configuration is possible from Hestia; I realize that OpenDKIM is not installed so I don’t know how all this is configured and how to correct the thing.

Thanks for helping me

DKIM has to be set within your domains nameserver settings. if you use an external dns service (like from your provider) you need to get the correct values from hestia ( v-list-mail-domain-dkim-dns ) and put them into your dns records.

if I remember correctly Hestia does not use opendkim at all.

This is specified nowhere, nor what to indicate and where …

Do you have any advice or procedure to follow?

it’s nothing really Hestia specific, it’s just that you need the proper DNS entries for DKIM. maybe start here to get an understanding how DKIM is working in general: How to Create, Configure and Set Up DKIM in 3 Easy Steps

the good thing is, hestia is taking care of generating that record for you and if you use internal dns-servers it should work out of the box.
for external dns server you simply need to add the according DKIM entry to your domain and for that you can use the command given above to see the generated entry.

the command itself is documented here: v-acknowledge-user-notification — Hestia Control Panel documentation

If I follow the thing well, it is necessary to configure the Reverse IP, it is done! Otherwise you have to create a key, ok but where to validate it?

easiest way is to send a mail from an account of your domain to [email protected] which will respond with a full analyse of your settings including DKIM. see: Authentication Checker - SparkPost

I don’t have a problem with the verification (I already know that the DKIM signature is invalid), it’s how to change the signature so that it is good ^^

log in to your server via ssh, run the command from above against your domain.
copy the DKIM record shown and put it into your Nameserver.

The command returns this :
Error: mail domain mail.xxxxxxxx.fr doesn’t exist

My mail server is fully functional, sending and receiving!

Configuring DKIM on Hestia is a challenge …

haha, no it really isn’t.

first things first: you should have set up your domain dns records, pointing to your IP and have a mail.domain.fr record as well.

in hestia you need to have that domain set up as mail domain and activate DKIM for it…

in the command line the syntax is: v-list-mail-domain-dkim-dns username domain.fr
no mail.xxx here, just the plain domain. it should output something like:


_domainkey 3600 IN TXT “t=y; o=~;”
mail._domainkey 3600 IN TXT “k=rsa; p=MIGkjhgkjhCSqGSIbkjhkjh3DQEBAQUAA4GNADCBiQKBkjhkjhjkgQDD84UbXunHN+4CPLN2JkjAk1hSgB/xHBXwonrNZSZT36JeuPXXgAWUR+ZhHmqN8vntPkRFeYalo7pDYvR3F0Jj+eeEL85+koOHU7qTxLrZFKyuYMTzClyELAJxS2Ihc0R/P6fo1ur5kaaJptsAaTuXUbLbawIDAQAB”

from that you want to copy the “k=rsa; p=xxxx” part and add it as TXT entry to your domain dns under the record mail._domainkey as well.

Tank you for your help !

Summary of Results
SPF check:          pass
"iprev" check:      pass
DKIM check:         pass
1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.