How can I test the DKIM configuration of my server (Postfix + OpenDKIM)?
Solution 1
Apparently the test at the site I linked has a problem, so, I found two ways to test my config (SSL, SPF, DKIM and DMARC):
Using gmail. Simply send an email to some account of yours in gmail, and check the header of the message. Gmail has a section where it says if tests are passed.
You can use port25. There's an email address there. Send it an email, and it'll reply with a report indicating whether your config is OK .
Solution 2
Try this DKIM key checker. It will query the DNS zone and validate the key correspondence between the server and zone file.
Also, I would recommend not to run an email server in digital ocean as it would be pointless. I recommend running your mail server on an EC2 instance if you plan on running it In the cloud.
Related videos on Youtube
The Quantum Physicist
Updated on September 18, 2022Comments
-
The Quantum Physicist over 1 year
I configured my server (Debian Jessie) and domain with DKIM. I installed OpenDKIM on my server, and followed this tutorial. I went to my domain provider, and set a new DNS TXT record for
mail._domainkey.example.com
:"v=DKIM1; k=rsa; p=ThePublicKey"`
Where I got the key from
mail.txt
, which was generated by the command:opendkim-genkey -s mail -d example.com
I made sure that the OpenDKIM server is working, and that Postfix is signing the messages. However, I'm unable to find an unbiased way to check whether the emails sent from my server are signed properly.
By googling, I found this service, which gets me to send an email to it, and gives me a report on whether the signing is correct. However, it keeps saying that the signature is invalid in the end report:
SpamAssassin Score: 1.179 Message is NOT marked as spam Points breakdown: 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: example.com] 0.0 HTML_MESSAGE BODY: HTML included in message 0.3 HTML_IMAGE_ONLY_04 BODY: HTML: images with 0-400 bytes of words 0.7 MPART_ALT_DIFF BODY: HTML and text parts are different 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 TVD_SPACE_RATIO No description available. 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
Although it says in another part (at the DKIM Information, above that report) that it's valid. It says exacly:
Validating Signature result = pass
While in mxtoolbox, it doesn't show that I have any syntax problem in my DNS entry. It's able to parse the public key without problems.
What can I do to find the problem with my DKIM setup?
-
The Quantum Physicist about 7 yearsThis tool just checks whether the information in the domain settings is correctly placed. I need something to check that against my email signatures. Btw, I don't have a server at digital ocean. I just used their tutorial. Thanks for trying to help.
-
Michael about 7 yearsno problem, friend! sorry I couldn't help.
-
Admin almost 2 yearsJust send an email to gmail and select "Show original" in their user interface. The DKIM verification result should be readable in the headers. You can do the same thing with Hotmail et al to verify your configuration is compatible with real world. As in many cases with SMTP, there's collection of specs and then there's the real world.