• Support
  • Outgoing mail is not DKIM signed

I'm getting this error too.

Although all seems to be working for the mail server app on aapanel, when I send a mail to a test service like mailgenius, it says that the mail is not DKIM signed

Also this might be related

Since I have two domains in the mail server app, the "from" header of the emails is always the same (VPS hostname) although the email is being sent from one of those domains
!<

As a side problem, whenever I add a valid SSL as mentioned in the official guide (making a SSL with a pan domain activated via DNS verification and then applying the same for the mail server app) for each domain on my mail server, I get the "add SSL" button as if I didn't added a valid SSL record, instead the expiry date as in others screenshots. How can I get over this?

    Josdansd
    Hello,
    Unable to send dkim headers
    Troubleshoot log /var/log/rspamd/rspamd.log
    Prompt for permission issues:
    2022-04-20 00:27:56 #1363(rspamd_proxy) <6795e9>; proxy; dkim_module_load_key_format: cannot load dkim key /www/server/dkim/xx.com/default.private: cannot map key file: '/www /server/dkim/xx.com/default.private' Permission denied

    Set 640 to 644, then restart rspamd to send emails to view the email source code, please replace xxx.com with your domain name.

    chmod 644 /www/server/dkim/xx.com/default.private
    systemctl restart rspamd

    Hello, please try to reapply for SSLs at the mail server. At the same time, check the postfix configuration, which can be viewed in the server status
    "mail.135mailtest.com" is replaced with your domain name
    Put:
    smtpd_tls_chain_files=/etc/ssl/private/ssl-cert-snakeoil.key,/etc/ssl/certs/ssl-cert-snakeoil.pem
    Change to:
    smtpd_tls_chain_files = /www/server/panel/plugin/mail_sys/cert/135mailtest.com/privkey.pem,/www/server/panel/plugin/mail_sys/cert/135mailtest.com/fullchain.pem
    Note to replace 135mailtest.com with your domain name.
    Also check /www/server/panel/plugin/mail_sys/cert/135mailtest.com/ for privkey.pem and fullchain.pem files
    You can use this command to check whether the correct SSL is configured
    openssl s_client -connect mail.135mailtest.com:587 -starttls smtp
    or
    openssl s_client -connect mail.135mailtest.com:465 -starttls smtp

      aaPanel_Kern The dkim permissions solved my problem, thank you!

      About the SSL part I didn't try it since I changed the OS of my VPS from ubuntu to CentOs, seems that there is a bug in ubuntu that doesn't let the SSL to be saved on the domains listed on the mail server app. But if someone else's has that problem and can't change its OS maybe your solution might be of help.

        Josdansd
        The ubuntu22 has not been adapted yet. can use the ubuntu20 and use ssl normally

        a year later

        Your solution works.

        Set 640 to 644, then restart rspamd to send emails to view the email source code, please replace xxx.com with your domain name.

        chmod 644 /www/server/dkim/xx.com/default.private
        systemctl restart rspamd


        8 months later

        I am experiencing the same issue on one of my servers.

        All domain settings are green in Mail Server App.
        I've tried changind permission without any success:

        chmod 644 /www/server/dkim/xx.com/default.private
        systemctl restart rspamd

        I've also ran:
        openssl s_client -connect mail.135mailtest.com:587 -starttls smtp
        return code is 0 (ok)

        Do you have any other suggestions? I am running CentOS 8.5, aapanel is 7.0.7 and Mail app is 5.1.1

        P.S. I've also replaced the SSL certificate on mail server.

          Hello, are there any errors when executing the command? What is the specific problem?
          Whether to add related records to the domain name

          deydod

            aaPanel_Kern

            I've compared like 10 times what aaPanel gives me for DKIM and the record we have in DNS server. Both are equal, even when tested with external tool default._domainkey is what is expected, however email is not signed with it.

            Running openssl command above does not return any errors.
            chmod and restart postfix does not help.

              Hello, has the directory where the command is run modified? Are there any errors? If you are using the DNS manager on the panel, please use a domain name provider or third-party domain name management. It is known that some records of the DNS manager will not be disseminated.

              deydod

                aaPanel_Kern

                I can't find any errors. DNS is external and not using aapanel's DNS manager.
                Can you give me your email so I can send you access and inspect it?

                  Hi, can you give us your aapanel information? The server makes a snapshot backup first, if possible, please send it to kern@aapanel.com.
                  It is recommended to fill in the following
                  Post link:
                  SSH IP address, account password and port:
                  aapanel login link address and account password:
                  Detailed problem description:

                  No post link will not be able to know which user's information is, and the problem will not be processed

                  deydod