Hello everyone,
I having problems with dkim signature.
After making a change of the selector when I send email I'm allways in Spam. The message is dkim=permerror (no key for signature) You can read the message header of the received message.
I've removed all selectors the private key from the /etc/pmg/dkim folder, recreated a new one and still the same.
Of course I've updated DNS records.
When using mxtoolbox, here is the result
[th]
Test
[/th][th]
Result
[/th]
Any suggestion to understand what's wrong. I don't know where to look for the public key in PMG and verify if it's the right one that's being used by PMG when sending messages.
In fact, I don't know what to look for.
I've done the same for another domain and it works fine. Really hard to understand.
Is there any cache at google for the previous selector ? Do I have to wait a few days ?
In the mean time I've received dmarc reports and here is the result and the error for DKIM but this is maybe because I've changed the DKIM in my DNS :
<record>
<row>
<source_ip>12.34.56.78</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>pass</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>mydomain.com</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>mydomain.com</domain>
<result>fail</result>
<selector>selector1</selector>
</dkim>
<spf>
<domain>mydomain.com</domain>
<result>pass</result>
</spf>
</auth_results>
##Here below is the mail header :##
Arc-Authentication-Results : i=1; mx.google.com; dkim=pass header.i=@mydomain.com header.s=selector1 header.b=TqM5tJdU; dkim=permerror (no key for signature) header.i=@mydomain.com header.s=202411 header.b=idgWGlJn; spf=pass (google.com: domain of me@mydomain.com designates 12.34.56.78 as permitted sender) smtp.mailfrom=me@mydomain.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=mydomain.com
Content-Type : text/plain; charset=us-ascii
Authentication-Results : mx.google.com; dkim=pass header.i=@mydomain.com header.s=selector1 header.b=TqM5tJdU; dkim=permerror (no key for signature) header.i=@mydomain.com header.s=202411 header.b=idgWGlJn; spf=pass (google.com: domain of me@mydomain.com designates 12.34.56.78 as permitted sender) smtp.mailfrom=me@lmydomain.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=mydomain.com
Dkim-Signature : v=1; a=rsa-sha256; c=relaxed/relaxed; d=mydomain.com; h=cc:content-transfer-encoding:content-type:content-type:date :from:from:message-id:mime-version:reply-to:subject:subject:to :to; s=selector1; bh=fdkeB/A0FkbVP2k4J4pNPoeWH6vqBm9+b0C3OY87Cw8 =; b=TqM5tJdU7YpMErHX/TyIExMLzKvrfabwdA3OV4kkHD7zIzLScNQcXdMr8xH ilMxkE+fEHQEC5Yca0IbWS3eCEmmal7g4ncQmP9gSrvBQSrAfSOQdUaXn+wUXepw JsO5lz+m2iOrlAoPGi8Cz/p3C434Tc7/ZQ9F03Iy3jk8udAlOiHI0rJoUMk6vjzg L4hJZbNOhzx3Z6hb6HPkvAu/WfRx2g7vVxVvVLz+TM97/l/dMYZ4CwowHvrCJAnq aTvFQ7PCvBfdfQKY830jqziguTztgR2/WD4gmW/IWkl+T9wSHSshrn0FvHeyF/gX GI0L/8HwrDPaakEKKTHMMYqdFxw==
Dkim-Signature : v=1; a=rsa-sha256; c=relaxed/simple; d=mydomain.com; s=202411; t=1741871571; bh=fdkeB/A0FkbVP2k4J4pNPoeWH6vqBm9+b0C3OY87Cw8=; h=From:Subject
ate:To:From; b=idgWGlJnJr3u51qrr/Mr0KHI0itRCvDYKm7500H2pTMtWJKPePVBw2ydLvYyBSgsk k7scKqJaGOFPf2R63E6NyB9kg/fFHl7m4Lz1vb1fSf2u1x7I4cuYDa1/ftzmFawv8E o29DcnwBKjXPoTl+9hmC5SCk073W4TyxAHpky3dPihYAOOTj3UxFjOkDdXtw0PG0HJ wgWEsxYFKiIPmVs5r5XJfM3ESSNuAJBfyTE0fyvBfCdM3pKN8OeizYRk9fTe0fHoMc IjOi9NGun0K3j26EihNmUDMo5z46o3VOPDuMKf+lCJY1Bioe8SGeGwkeTFLvEPGoLT 1CyhAi9+J4fBA==
Arc-Message-Signature : i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:date:message-id:subject:mime-version:content-transfer-encoding :from:dkim-signature:dkim-signature; bh=fdkeB/A0FkbVP2k4J4pNPoeWH6vqBm9+b0C3OY87Cw8=; fh=z/D3RNJgNl5aryXBkAnr1ABY1VClPtO81YC3LhOgnlU=; b=fqEqZIX1bfP7e/DM7S8/Bg73iA4cKtpInHfaqJf1EWPepvkGzlg8WMHy7zpfpZsYE4 DEuxrjLE+FJjJ7MgkvPrf+X6SI5MhnmPLEjUArFY54bq7dZ92kCqh2utu+5jIdPwkB6c NOs4di+/wCeSg1tYi1uYdKIW9J4EwFy33uZWXi6UazG7sAw+0SXcXLBhpuKbD1YqCwrz d5PoJ1/lIj1mxDqnYjOPQDXPDtpglwJRqrb7erMCAxQUXWWLazA3nVWHrAYdAwZee0IJ 5TkFDHLhdKs536vRpQ3B6eMgf4gJvA2alHsIJNT6+LAjT5xP3zVZl7NRo0KZtkMDmUMP 6niA==; dara=google.com
Arc-Seal : i=1; a=rsa-sha256; t=1741871573; cv=none; d=google.com; s=arc-20240605; b=NUcFLYKc9AQMMSnEdlw5wVvEaq4lPQf1HV/zes3GaInide4AIg0z5+1kCmnP05DDrv AqQPMeEZAS2LwecWwRj8cp7JYFDul5TDVSYNC8sMDRlHPRxtXs42pR3FCkOW7VZ4dZjc kGRGQmOLSQSBLZtXuxV2YtAGuEPQqjROG03RXHb4zHvZDOQuaHkfDHfxw3yPdIfSrTzF TrJBciH3V/uEU/pUAbTTudrJsYK2ho2u/w+e+uk/Wsm1G0iMKg4hGijNjbjo3Gk31o+n 6fdZTZYbheo8jIrXIEG3gD5f1dq/+ApyRDwwXq7HnI+FmGqyqF+i0TFEkrQYK/uUXuqb PRKQ==
Return-Path : <me@mydomain.com>
X-Received : by 2002:a05:6402:51c9:b0:5e5:bbd5:676a with SMTP id 4fb4d7f45d1cf-5e5e248efe2mr31769914a12.22.1741871573312; Thu, 13 Mar 2025 06:12:53 -0700 (PDT)
Content-Transfer-Encoding : 7bit
Received : by 2002:a17:907:d703:b0:ac1:e3e5:7d42 with SMTP id xh3csp38553ejc; Thu, 13 Mar 2025 06:12:53 -0700 (PDT)
Received : from mx1.mydomain.com (mydomain.com. [12.34.56.78) by mx.google.com with ESMTPS id 4fb4d7f45d1cf-5e8169802dcsi1232649a12.165.2025.03.13.06.12.53 for <user@gmail.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Mar 2025 06:12:53 -0700 (PDT)
Received : from mx1.mydomain.com(localhost [127.0.0.1]) by mx1.mydomain.com (Proxmox) with ESMTP id 5B70FA0EA3 for <user@gmail.com>; Thu, 13 Mar 2025 14:12:52 +0100 (CET)
Received-Spf : pass (google.com: domain of me@mydomain.com designates 12.34.56.78 as permitted sender) client-ip=12.34.56.78;
Delivered-To : user@gmail.com
<D6FB615E-2034-435F-8911-09BB7A307537@mydomain.com>
X-Google-Smtp-Source : AGHT+IEMmAgXQzfHhjMlKvyvzuH3GU4z2aTD9xI0I2CG1wZfi8R4M6fpWPjVXncdn8Vf3mnpt/la
I having problems with dkim signature.
After making a change of the selector when I send email I'm allways in Spam. The message is dkim=permerror (no key for signature) You can read the message header of the received message.
I've removed all selectors the private key from the /etc/pmg/dkim folder, recreated a new one and still the same.
Of course I've updated DNS records.
When using mxtoolbox, here is the result
 | DKIM Record Published | DKIM Record found |
| DKIM Syntax Check | The record is valid |
| DKIM Public Key Check | Public key is present |
Test
[/th][th]
Result
[/th]
Any suggestion to understand what's wrong. I don't know where to look for the public key in PMG and verify if it's the right one that's being used by PMG when sending messages.
In fact, I don't know what to look for.
I've done the same for another domain and it works fine. Really hard to understand.
Is there any cache at google for the previous selector ? Do I have to wait a few days ?
In the mean time I've received dmarc reports and here is the result and the error for DKIM but this is maybe because I've changed the DKIM in my DNS :
<record>
<row>
<source_ip>12.34.56.78</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>pass</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>mydomain.com</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>mydomain.com</domain>
<result>fail</result>
<selector>selector1</selector>
</dkim>
<spf>
<domain>mydomain.com</domain>
<result>pass</result>
</spf>
</auth_results>
##Here below is the mail header :##
Arc-Authentication-Results : i=1; mx.google.com; dkim=pass header.i=@mydomain.com header.s=selector1 header.b=TqM5tJdU; dkim=permerror (no key for signature) header.i=@mydomain.com header.s=202411 header.b=idgWGlJn; spf=pass (google.com: domain of me@mydomain.com designates 12.34.56.78 as permitted sender) smtp.mailfrom=me@mydomain.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=mydomain.com
Content-Type : text/plain; charset=us-ascii
Authentication-Results : mx.google.com; dkim=pass header.i=@mydomain.com header.s=selector1 header.b=TqM5tJdU; dkim=permerror (no key for signature) header.i=@mydomain.com header.s=202411 header.b=idgWGlJn; spf=pass (google.com: domain of me@mydomain.com designates 12.34.56.78 as permitted sender) smtp.mailfrom=me@lmydomain.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=mydomain.com
Dkim-Signature : v=1; a=rsa-sha256; c=relaxed/relaxed; d=mydomain.com; h=cc:content-transfer-encoding:content-type:content-type:date :from:from:message-id:mime-version:reply-to:subject:subject:to :to; s=selector1; bh=fdkeB/A0FkbVP2k4J4pNPoeWH6vqBm9+b0C3OY87Cw8 =; b=TqM5tJdU7YpMErHX/TyIExMLzKvrfabwdA3OV4kkHD7zIzLScNQcXdMr8xH ilMxkE+fEHQEC5Yca0IbWS3eCEmmal7g4ncQmP9gSrvBQSrAfSOQdUaXn+wUXepw JsO5lz+m2iOrlAoPGi8Cz/p3C434Tc7/ZQ9F03Iy3jk8udAlOiHI0rJoUMk6vjzg L4hJZbNOhzx3Z6hb6HPkvAu/WfRx2g7vVxVvVLz+TM97/l/dMYZ4CwowHvrCJAnq aTvFQ7PCvBfdfQKY830jqziguTztgR2/WD4gmW/IWkl+T9wSHSshrn0FvHeyF/gX GI0L/8HwrDPaakEKKTHMMYqdFxw==
Dkim-Signature : v=1; a=rsa-sha256; c=relaxed/simple; d=mydomain.com; s=202411; t=1741871571; bh=fdkeB/A0FkbVP2k4J4pNPoeWH6vqBm9+b0C3OY87Cw8=; h=From:Subject
ate:To:From; b=idgWGlJnJr3u51qrr/Mr0KHI0itRCvDYKm7500H2pTMtWJKPePVBw2ydLvYyBSgsk k7scKqJaGOFPf2R63E6NyB9kg/fFHl7m4Lz1vb1fSf2u1x7I4cuYDa1/ftzmFawv8E o29DcnwBKjXPoTl+9hmC5SCk073W4TyxAHpky3dPihYAOOTj3UxFjOkDdXtw0PG0HJ wgWEsxYFKiIPmVs5r5XJfM3ESSNuAJBfyTE0fyvBfCdM3pKN8OeizYRk9fTe0fHoMc IjOi9NGun0K3j26EihNmUDMo5z46o3VOPDuMKf+lCJY1Bioe8SGeGwkeTFLvEPGoLT 1CyhAi9+J4fBA==Arc-Message-Signature : i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:date:message-id:subject:mime-version:content-transfer-encoding :from:dkim-signature:dkim-signature; bh=fdkeB/A0FkbVP2k4J4pNPoeWH6vqBm9+b0C3OY87Cw8=; fh=z/D3RNJgNl5aryXBkAnr1ABY1VClPtO81YC3LhOgnlU=; b=fqEqZIX1bfP7e/DM7S8/Bg73iA4cKtpInHfaqJf1EWPepvkGzlg8WMHy7zpfpZsYE4 DEuxrjLE+FJjJ7MgkvPrf+X6SI5MhnmPLEjUArFY54bq7dZ92kCqh2utu+5jIdPwkB6c NOs4di+/wCeSg1tYi1uYdKIW9J4EwFy33uZWXi6UazG7sAw+0SXcXLBhpuKbD1YqCwrz d5PoJ1/lIj1mxDqnYjOPQDXPDtpglwJRqrb7erMCAxQUXWWLazA3nVWHrAYdAwZee0IJ 5TkFDHLhdKs536vRpQ3B6eMgf4gJvA2alHsIJNT6+LAjT5xP3zVZl7NRo0KZtkMDmUMP 6niA==; dara=google.com
Arc-Seal : i=1; a=rsa-sha256; t=1741871573; cv=none; d=google.com; s=arc-20240605; b=NUcFLYKc9AQMMSnEdlw5wVvEaq4lPQf1HV/zes3GaInide4AIg0z5+1kCmnP05DDrv AqQPMeEZAS2LwecWwRj8cp7JYFDul5TDVSYNC8sMDRlHPRxtXs42pR3FCkOW7VZ4dZjc kGRGQmOLSQSBLZtXuxV2YtAGuEPQqjROG03RXHb4zHvZDOQuaHkfDHfxw3yPdIfSrTzF TrJBciH3V/uEU/pUAbTTudrJsYK2ho2u/w+e+uk/Wsm1G0iMKg4hGijNjbjo3Gk31o+n 6fdZTZYbheo8jIrXIEG3gD5f1dq/+ApyRDwwXq7HnI+FmGqyqF+i0TFEkrQYK/uUXuqb PRKQ==
Return-Path : <me@mydomain.com>
X-Received : by 2002:a05:6402:51c9:b0:5e5:bbd5:676a with SMTP id 4fb4d7f45d1cf-5e5e248efe2mr31769914a12.22.1741871573312; Thu, 13 Mar 2025 06:12:53 -0700 (PDT)
Content-Transfer-Encoding : 7bit
Received : by 2002:a17:907:d703:b0:ac1:e3e5:7d42 with SMTP id xh3csp38553ejc; Thu, 13 Mar 2025 06:12:53 -0700 (PDT)
Received : from mx1.mydomain.com (mydomain.com. [12.34.56.78) by mx.google.com with ESMTPS id 4fb4d7f45d1cf-5e8169802dcsi1232649a12.165.2025.03.13.06.12.53 for <user@gmail.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Mar 2025 06:12:53 -0700 (PDT)
Received : from mx1.mydomain.com(localhost [127.0.0.1]) by mx1.mydomain.com (Proxmox) with ESMTP id 5B70FA0EA3 for <user@gmail.com>; Thu, 13 Mar 2025 14:12:52 +0100 (CET)
Received-Spf : pass (google.com: domain of me@mydomain.com designates 12.34.56.78 as permitted sender) client-ip=12.34.56.78;
Delivered-To : user@gmail.com
<D6FB615E-2034-435F-8911-09BB7A307537@mydomain.com>
X-Google-Smtp-Source : AGHT+IEMmAgXQzfHhjMlKvyvzuH3GU4z2aTD9xI0I2CG1wZfi8R4M6fpWPjVXncdn8Vf3mnpt/la
