• Support

  • Outgoing mail is not DKIM signed

Josdansd
Hello,
Unable to send dkim headers
Troubleshoot log /var/log/rspamd/rspamd.log
Prompt for permission issues:
2022-04-20 00:27:56 #1363(rspamd_proxy) <6795e9>; proxy; dkim_module_load_key_format: cannot load dkim key /www/server/dkim/xx.com/default.private: cannot map key file: '/www /server/dkim/xx.com/default.private' Permission denied

Set 640 to 644, then restart rspamd to send emails to view the email source code, please replace xxx.com with your domain name.

chmod 644 /www/server/dkim/xx.com/default.private
systemctl restart rspamd

    Hello, please try to reapply for SSLs at the mail server. At the same time, check the postfix configuration, which can be viewed in the server status
    "mail.135mailtest.com" is replaced with your domain name
    Put:
    smtpd_tls_chain_files=/etc/ssl/private/ssl-cert-snakeoil.key,/etc/ssl/certs/ssl-cert-snakeoil.pem
    Change to:
    smtpd_tls_chain_files = /www/server/panel/plugin/mail_sys/cert/135mailtest.com/privkey.pem,/www/server/panel/plugin/mail_sys/cert/135mailtest.com/fullchain.pem
    Note to replace 135mailtest.com with your domain name.
    Also check /www/server/panel/plugin/mail_sys/cert/135mailtest.com/ for privkey.pem and fullchain.pem files
    You can use this command to check whether the correct SSL is configured
    openssl s_client -connect mail.135mailtest.com:587 -starttls smtp
    or
    openssl s_client -connect mail.135mailtest.com:465 -starttls smtp

      aaPanel_Kern The dkim permissions solved my problem, thank you!

      About the SSL part I didn't try it since I changed the OS of my VPS from ubuntu to CentOs, seems that there is a bug in ubuntu that doesn't let the SSL to be saved on the domains listed on the mail server app. But if someone else's has that problem and can't change its OS maybe your solution might be of help.

          Josdansd
          The ubuntu22 has not been adapted yet. can use the ubuntu20 and use ssl normally

            a year later

            Your solution works.

            Set 640 to 644, then restart rspamd to send emails to view the email source code, please replace xxx.com with your domain name.

            chmod 644 /www/server/dkim/xx.com/default.private
            systemctl restart rspamd


            8 months later

            I am experiencing the same issue on one of my servers.

            All domain settings are green in Mail Server App.
            I've tried changind permission without any success:

            chmod 644 /www/server/dkim/xx.com/default.private
systemctl restart rspamd

            I've also ran:
            openssl s_client -connect mail.135mailtest.com:587 -starttls smtp
            return code is 0 (ok)

            Do you have any other suggestions? I am running CentOS 8.5, aapanel is 7.0.7 and Mail app is 5.1.1

            P.S. I've also replaced the SSL certificate on mail server.

              Hello, are there any errors when executing the command? What is the specific problem?
              Whether to add related records to the domain name

              deydod

                  aaPanel_Kern

                  I've compared like 10 times what aaPanel gives me for DKIM and the record we have in DNS server. Both are equal, even when tested with external tool default._domainkey is what is expected, however email is not signed with it.

                  Running openssl command above does not return any errors.
                  chmod and restart postfix does not help.

                      Hello, has the directory where the command is run modified? Are there any errors? If you are using the DNS manager on the panel, please use a domain name provider or third-party domain name management. It is known that some records of the DNS manager will not be disseminated.

                      deydod

                          aaPanel_Kern

                          I can't find any errors. DNS is external and not using aapanel's DNS manager.
                          Can you give me your email so I can send you access and inspect it?

                              Hi, can you give us your aapanel information? The server makes a snapshot backup first, if possible, please send it to kern@aapanel.com.
                              It is recommended to fill in the following
                              Post link:
                              SSH IP address, account password and port:
                              aapanel login link address and account password:
                              Detailed problem description:

                              No post link will not be able to know which user's information is, and the problem will not be processed

                              deydod