DreamCompute DKIM key length issue

dreamcompute

#1

I have created a DNS TXT record for DKIM, but when I test in on email-tester.com I am told it cannot retrieve the key length. This is its response:


DNS record for default._domainkey.rstunlimited.us:

“v=DKIM1; k=rsa; p=AAAAB3NzaC1yc2EAAAADAQABAAABAQDx5GoU3XaZ61k0r6xZDmuYzJVlN8+XWnhx26Is5TpshLVsJHSJCsYvg1J0bVY3RY3kl+dylqy1CmNa2bNKK/2cR5v/XxoYme5h1l1eKWmiOvV8hEcWG4JKpWBxC03RNy69PRnxpTFW+CVz4qV3YKJxZwBO+7GADtwYFlajjcIDw7/QD1HDmyk34I759gA9G4OzLMF1dnICaoLCw7uApwe4CEhmnPOfsbWGl1FrX526ml2o+0eLOp7NmXyu7vaQVdyoObrlrozx+N0QJs+hZ87JaveBASV5afO2n05u1OQDCKV43MfT+Ekcac5pYFDgqNqiZ1uAkBFJ9QVnT3wX”

We were not able to retrieve the key length, there is maybe an issue in that key

I orginally created the private and public keys using my TTY emulator, but have since tried the method at DreamCompute > Access & Security > Key Pairs, but get the same key length issue.

As you probably know, DKIM is important for helping emails get past a mail server’s spam detection system. Hopefully, someone out there can tell me what I am missing.


#2

I’m confused when you say that you’re using DreamCompute > Access & Security > Key Pairs for the DKIM key: that part has nothing to do with DNS records. What exactly are you trying to do?


#3

Trying to add a DNS DKIM record so mail servers will know my domain/ip address is a legitimate email sender. My understanding is that I need a Public Key for the DKIM TXT code to put on the Maintain Domains page (https://panel.dreamhost.com/index.cgi?tree=domain.manage). Below is the way it looks now:

Your custom DNS records for rstunlimited.us:

Record
(rstunlimited.us zone) Type Value

                                    A   208.113.164.253   

                                   TXT v=spf1 a mx ip4:208.113.164.253 ~all

_dmarc TXT v=DMARC1; p=none

default._domainkey TXT v=DKIM1; k=rsa; p=AAAAB3NzaC1yc2EAAAADAQABAAABAQDx5GoU3XaZ61k0r6xZDmuYzJVlN8+XWn
hx26Is5TpshLVsJHSJCsYvg1J0bVY3RY3kl+dylqy1CmNa2bNKK/2cR5v/XxoYme5h1l1eKWmiOvV8hE
cWG4JKpWBxC03RNy69PRnxpTFW+CVz4qV3YKJxZwBO+7GADtwYFlajjcIDw7/QD1HDmyk34I759gA9G4
OzLMF1dnICaoLCw7uApwe4CEhmnPOfsbWGl1FrX526ml2o+0eLOp7NmXyu7vaQVdyoObrlrozx+N0QJs
+hZ87JaveBASV5afO2n05u1OQDCKV43MfT+Ekcac5pYFDgqNqiZ1uAkBFJ9QVnT3wX

mail A 208.113.164.253

email-tester.com likes my SPF and _dmarc settings, but not the DKIM. Is the Public Key totally off base, and there is a different way to get the proper key?


#4

I’m sorry but I still don’t understand what you’re trying to do. The domain key on my domains is not editable. Are you trying to setup your own smtp server? On DreamCompute? How did you setup that smtp server?


#5

I want to send newsletters to people on my list via a PHP script, using the direct mail() function without SMTP username/password authentication. Since creating an instance on DreamCompute I have been in the process of testing the deliverability of a message using email-tester.com. Are you familiar with it? This is what it returns –https://www.mail-tester.com/web-qc22u.

Notwithstanding the “SpamAssassin thinks you can improve” and “You’re listed in 2 blacklists” tabs, I am trying to get the “Your message is not signed with DKIM,” under the “You’re not fully authenticated” tab, problem resolved. Since I had to create the SPF and DMARC entries manually, which took care of those issues for email-tester.com, I assumed I need to create my own DKIM entriy as well.

Meanwhile, I notice that on a domain which I currently have hosted on another service (using cPanel/WHM), the DKIM entry has been created automaically. This leads me to believe that I am indeed barking up the wrong tree when I try to create the entry myself. The question then is, where does it come from?

The domain here in question (rstunlimited.us) is registered on a sister site of GoDadday. When I tried just now to access its DNS settings, it said “We can’t display your DNS information because your nameservers aren’t managed by us.” The nameservers of course are managed by DreamHost. So then I wonder if I am supposed to be doing something afterall on the DNS settings from DreamHost – see http://rstunlimited.com/AAA-DreamHost-DNS.pdf

No doubt I am missing something but I sure don’t know what. If it will help, let me know and I will give you my login information.

I hope the above makes sense as I explained what I am trying to do, and what I have tried thus far.


The Latest: Because I am sending via the PHP mail() function I didn’t think I am using an SMTP server (shows how much I know). The story: After creating the instance using Ubuntu 14.04 I installed a host server system (sentora.org) that provides for the hosing of multiple domains, similar to cPanel/WHM. Sentora has a DNS Manager but my understanding from them is that unless I am creating my own nameservers through the Sentora system itself I don’t need to do anything with their DNS entries. I am assuming that because the nameservers are set by DreamHost any DNS settings I create on Sentora would be ignored. I just opened the Sentora DNS Manager; there is no DKIM entriy. Now what?

Thank you.


#6

thanks for explaining things in details: the picture is really quite more clear now. So, one thing I would like to immediately point out is that if you intend your readers to actually receive your messages and not have those tagged as spam, you should avoid setting up your own smtp service on DreamCompute. You’re likely going to have issues of credibility of the IP and DKIM is going to help you only up to a point.

The easiest thing to do would be to use a properly configured SMTP server for your domain, pointing your PHP mail() script at it with username and password. I assume you have your reasons for not wanting to do that :slight_smile:

The mail() function without using the smtp server credentials will use the localhost MTA, and that’s why the tests for DKIM are failing. Is 208.113.164.253 the IP of your DreamCompute instance? Basically, the emails you tested are being sent by postfix (I assume) on your DreamCompute. That’s a quick trick if you need to get notifications for failing cron jobs, for example, but I wouldn’t count on it for delivering newsletters.

You need to configure Postfix to be a full SMTP server if you don’t want to use someone else’s SMTP. This means buying from DreamHost a dedicated IP for your DreamCompute instance and assign a canonical name to it. Using DreamHost control panel create a subdomain, (like mail.rstunlimited.com) and assign to it the IP of your VM. Then you can get to the DKIM bits for Postfix. Maybe Sentora can help you out with all that, I don’t know it.

You have a lot of steps ahead. I’d start with setting up postfix or sendmail or whatever you’re familiar with on DreamCompute. Then think about php mail().


#7

Well, this should be fun!?

At least since I am running a private network 208.113.164.253 is already a dedicated IP Address (Floating IP), and I assume the following entry I had made last week –
mail A 208.113.164.253
– in the DNS Manager creates the mail.rstunlimited.us subdomain, right? Is that the canonical name your mentioned?

And I have an MX record pointing to 0 mail.rstunlimited.us., which email-tester liked.

Meanwhile, I will look into the postfix and sendmail possibilities.

Sentora did mention something about installing OpenDKIM to help the process – http://forums.sentora.org/showthread.php?tid=108&highlight=DKIM. Perhaps that is the solution.

Stay tuned everyone for the continuing saga!!


#8

Yes, this all looks correct up to this point. The VM looks alright from the DNS perspective from what I can tell.

~$ dig -t mx rstunlimited.us

; <<>> DiG 9.10.3-P4-Ubuntu <<>> -t mx rstunlimited.us
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46205
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;rstunlimited.us.		IN	MX

;; ANSWER SECTION:
rstunlimited.us.	14400	IN	MX	0 mail.rstunlimited.us.

;; ADDITIONAL SECTION:
mail.rstunlimited.us.	14400	IN	A	208.113.164.253

;; Query time: 74 msec
;; SERVER: 10.201.134.64#53(10.201.134.64)
;; WHEN: Thu May 11 21:09:31 PDT 2017
;; MSG SIZE  rcvd: 81

Now it’s postfix/smtp configuration time. Before looking at the Sentora-specific instructions, I would look at the basic needs of the smtp servers first. But that’s just me :slight_smile: YMMV
Keep us posted please!


#9

DreamCompute is pretty cool, but the waters can be quite mirky until one figures out all that needs to be done!

I used a combination of two help pages:
1.) Generic Ubuntu 14.04 – https://www.exratione.com/2014/07/setting-up-spf-and-dkim-for-an-ubuntu-1404-mail-server/

2.) Sentora – http://forums.sentora.org/showthread.php?tid=108&highlight=opendkim

Since Sentora is a unique hosting environment, I compared each source as I went through the steps.

3.) Once I got the key from all of the above work, I created a DKIM TXT record at DreamHost https://panel.dreamhost.com/index.cgi?tree=domain.manage.

4.) Finally, I verified that I finally had a winner by checking the DKIM at https://www.mail-tester.com/spf-dkim-check:

DNS record for default._domainkey.rstunlimited.us:

“v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4dWUUQoo/J8vftvoKnpTXhTPFi1XF0XhQP1mvtOdoVZwse5uTw2Q++xFSPKRAKY2krkc3Vcq/dcetUrqp0zmielgdzrEkyjFbMyubWoaK3vNy69cOtbAddX/++wDvmmc/X/BvUNJ7lKF4R9hJhliahSkFBFLbfhdEKkdvkJFhxwIDAQAB”

Key length : 1024

5.) There is more involved to be able to send email that gets through (email-tester.com), like SPF, PTR and MX records, but it was the DKIM that hung me up – for awhile. Fortunately, DreamHost Tech Support and Discussion, along with Google searches, helped tremendously!


#10

glad to read that you’re making good progress. This shows how hard it is to setup and run a mail server these days… it’s not 1992 anymore when smtp was a fairly simple protocol and spam was not a huge problem yet :slight_smile: