Amazon Route 53 DKIM error
DKIM keys failed to validate on a mail server. The domain used Amazon ROute 53 DNS server.
amavisd-new showkeys command print out following public key for this domain.
root@mail:~# amavisd-new showkeys ; key#1 1024 bits, i=dkim, d=temashipyard.com.gh, /var/lib/dkim/temashipyard.com.gh.pem dkim._domainkey.temashipyard.com.gh. 3600 TXT ( "v=DKIM1; p=" "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWcxPI2x5A0JtsRFfm6w8FNoWe" "tDPtFAQz7fbWfIQC98sth7407E7IiskMDGL1Je1OCP/0nKT3IkduNjh1yJlzN5db" "/phTtdIKsPmGAcqjskDBqLKRiKmPhknZVfO0EwqwCrFO0i9ZpN9" "vTGmquN0EdzPLK77iQIDAQAB") root@mail:~#
When you cut and paste this in Amazon ROute 53, it get treadted as 4 seperate TXT records.
root@mail:~# nslookup -q=txt dkim._domainkey.temashipyard.com.gh Server: 172.31.0.2 Address: 172.31.0.2#53 Non-authoritative answer: dkim._domainkey.temashipyard.com.gh text = "v=DKIM1; p=" dkim._domainkey.temashipyard.com.gh text = "vTGmquN0EdzPLK77iQIDAQAB" dkim._domainkey.temashipyard.com.gh text = "/phTtdIKsPmGAcqjskDBqLKRiKmPhknZVfO0EwqwCrFO0i9ZpN9MFBoY91Bzt9o4" dkim._domainkey.temashipyard.com.gh text = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWcxPI2x5A0JtsRFfm6w8FNoWe" dkim._domainkey.temashipyard.com.gh text = "tDPtFAQz7fbWfIQC98sth7407E7IiskMDGL1Je1OCP/0nKT3IkduNjh1yJlzN5db" Authoritative answers can be found from: root@mail:~#
When i test with
root@mail:~# amavisd-new testkeys TESTING#1 temashipyard.com.gh: dkim._domainkey.temashipyard.com.gh => invalid (public key: syntax error) root@mail:~#
It shows syntax error.
To fix this, make the DKIM key into 1 line and paste into Amazon Route 53.
Now the nslookup response look like
root@mail:~# nslookup -q=txt dkim._domainkey.temashipyard.com.gh ns-1568.awsdns-04.co.uk Server: ns-1568.awsdns-04.co.uk Address: 205.251.198.32#53 dkim._domainkey.temashipyard.com.gh text = "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWcxPI2x5A0JtsRFfm6w8FNoWetDPtFAQz7fbWfIQC98sth7407E7IiskMDGL1Je1OCP/0nKT3IkduNjh1yJlzN5db/phTtdIKsPmGAcqjskDBqLKRiKmPhknZVfO0EwqwCrFO0i9ZpN9MFBoY91Bzt9o4vTGmquN0EdzPLK77iQIDAQAB" root@mail:~#
Once DNS record updated, testkeys command passed.
root@mail:~# amavisd-new testkeys TESTING#1 temashipyard.com.gh: dkim._domainkey.temashipyard.com.gh => pass root@mail:~#