Amazon Route 53 DKIM error

DKIM keys failed to validate on a mail server. The domain used Amazon ROute 53 DNS server.

amavisd-new showkeys command print out following public key for this domain.

root@mail:~# amavisd-new showkeys
; key#1 1024 bits, i=dkim, d=temashipyard.com.gh, /var/lib/dkim/temashipyard.com.gh.pem
dkim._domainkey.temashipyard.com.gh.	3600 TXT (
  "v=DKIM1; p="
  "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWcxPI2x5A0JtsRFfm6w8FNoWe"
  "tDPtFAQz7fbWfIQC98sth7407E7IiskMDGL1Je1OCP/0nKT3IkduNjh1yJlzN5db"
  "/phTtdIKsPmGAcqjskDBqLKRiKmPhknZVfO0EwqwCrFO0i9ZpN9"
  "vTGmquN0EdzPLK77iQIDAQAB")

root@mail:~#

When you cut and paste this in Amazon ROute 53, it get treadted as 4 seperate TXT records.

root@mail:~# nslookup -q=txt dkim._domainkey.temashipyard.com.gh
Server:		172.31.0.2
Address:	172.31.0.2#53

Non-authoritative answer:
dkim._domainkey.temashipyard.com.gh	text = "v=DKIM1; p="
dkim._domainkey.temashipyard.com.gh	text = "vTGmquN0EdzPLK77iQIDAQAB"
dkim._domainkey.temashipyard.com.gh	text = "/phTtdIKsPmGAcqjskDBqLKRiKmPhknZVfO0EwqwCrFO0i9ZpN9MFBoY91Bzt9o4"
dkim._domainkey.temashipyard.com.gh	text = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWcxPI2x5A0JtsRFfm6w8FNoWe"
dkim._domainkey.temashipyard.com.gh	text = "tDPtFAQz7fbWfIQC98sth7407E7IiskMDGL1Je1OCP/0nKT3IkduNjh1yJlzN5db"

Authoritative answers can be found from:

root@mail:~#

When i test with

root@mail:~# amavisd-new testkeys
TESTING#1 temashipyard.com.gh: dkim._domainkey.temashipyard.com.gh => invalid (public key: syntax error)
root@mail:~#

It shows syntax error.

To fix this, make the DKIM key into 1 line and paste into Amazon Route 53.

Now the nslookup response look like

root@mail:~# nslookup -q=txt dkim._domainkey.temashipyard.com.gh ns-1568.awsdns-04.co.uk
Server:		ns-1568.awsdns-04.co.uk
Address:	205.251.198.32#53

dkim._domainkey.temashipyard.com.gh	text = "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWcxPI2x5A0JtsRFfm6w8FNoWetDPtFAQz7fbWfIQC98sth7407E7IiskMDGL1Je1OCP/0nKT3IkduNjh1yJlzN5db/phTtdIKsPmGAcqjskDBqLKRiKmPhknZVfO0EwqwCrFO0i9ZpN9MFBoY91Bzt9o4vTGmquN0EdzPLK77iQIDAQAB"

root@mail:~#

Once DNS record updated, testkeys command passed.

root@mail:~# amavisd-new testkeys
TESTING#1 temashipyard.com.gh: dkim._domainkey.temashipyard.com.gh => pass
root@mail:~# 

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *